Hybrid Work FAQs

Gain clarity on how we support your growth and efficiency

FAQs

Prior to your growth journey with us, check out answers to questions we get asked the most. If you don't see an answer to your questions, you can send us an email through our contact details below.

General FAQs ISMS FAQs Hybrid Work FAQs

What has VBP Implemented for Team Members’ Hybrid Work Setup?

Since 2021, VBP has launched its Flexible Work Policy to cater to the Hybrid Work Arrangement that is compliant with our Information Security Management System (ISMS).

Flexible Work is a philosophy that any Team Member who wishes to modify where they work are able to do so. With this setup, the ISMS framework requires that all team members, regardless if they're working from home or in the office, should continue to adhere to Information Security policies and procedures.

Hybrid Work

Embracing the future of work, VBP believes that a hybrid workplace can bring together the best of both worlds- the flexibility of working from home and the engagement and collaboration of the office.

After years of instilling it into the system and testing it out, VBP has learned the best ways to manage the setup.

Adapting to new flexible work capabilities will ensure that VBP continues to deliver the very best value to Clients while ensuring clarity, security, and certainty for our Team Members.

What is VBP’s Hybrid Work Policy?

Flexible work is not synonymous with only working from home and never seeing colleagues. In VBP, we adopted the Hybrid Work approach where Team Members benefit from the added flexibility of working from home while maintaining connections and boosting team collaboration during scheduled onsite work.

This approach seeks to balance the changing expectations with the needs of our Clients and the successful career development of our teams.

What is Hybrid Work?

Hybrid Work is a philosophy that any Team Member who wishes to modify where they work can do so.

  • Work from Office (WFO) - is when you work on-site at a VBP office most of the time.
  • Work from Home (WFH) - is when you work from home, generally a commuter distance from the VBP office. This is hybrid work, and, in this setup, Team Members are expected to spend some time in the office regularly. 

What if I don’t want my VBP Team Member to work from home?

At present, VBP offices are open to accommodate the hybrid work setup. Team Members are given the opportunity to work at the office and from home. 

For Clients who prefer their teams to work onsite, this is arranged and communicated to them so as to set proper expectations.

As a people-first company, we see to it that our Team Members do not excel only at work or in their careers but also with their personal lives. The Hybrid Work setup has greatly helped both VBP and its people as it drives team member engagement and productivity, and allows the company to operate more efficiently on the other hand.

To ensure that Team Members remain connected with each other despite the distance and varying schedules, all Team Members are requested to work onsite following a fortnightly schedule.

VBP follows best practices that leverage team engagement and promote work-life integration.

What happens if my VBP team member resigns?

At VBP, we seek to invest in careers, not people. We seek to invest in continuous career development and we work with team members to align their ambitions and goals with the company. From time to time, though, a team member will resign.

We seek to have an engaged and transparent relationship with you so that we can manage through these moments with as few disruptions as possible. A key element is that we document all processes that your VBP team member is performing for you. This allows us to pivot to a new team member quickly as we have the documented training, process maps, and guides available.

There is no additional cost when a new team member needs to be recruited and we will ensure that we address all the recruitment, training, and transitioning (from the incumbent team member).

What work schedule does my VBP team in the Philippines follow?

Our team works from 7am to 4pm in the Philippines. The team members have a 1-hour lunch break that is generally taken from 12-1pm.

The Philippines is in the same timezone as Perth so the hours of work in Australia’s EST is 9AM-6PM, while during daylight savings the times are 10am-7pm AEST.

We also work on Australian public holidays in the state where your office is based. VBP ensures the management of all leave entitlements and the payment of premium pay for Philippine public holidays.

Information Security Management System Framework

An ISMS is a structured approach to securely managing sensitive information through people, processes, and IT systems, underpinned by a risk management framework.

Our Commitment to Security

At VBP, we’ve always prioritised information security. Our systems are constantly refined through audits, training, and collaboration with stakeholders to ensure your data remains protected.

ISO 27001 Certification Journey

  • 2019: Achieved ISO 27001:2013 certification after a successful audit.
  • 2021 & 2022: Continued compliance with ISO 27001, maintaining certification.

Why SO 27001 Matters

ISO 27001 ensures we meet global standards for data protection and security, affirming our commitment to safeguarding your information.

Hybrid Work and Team Members

What internet access do Team Members have when working from home?

Internet access serves as the backbone of hybrid work. When working from home, VBP Team Members in the Philippines utilise devices that rely on carrier networks, and Fiber. Those located within or near urban locations have access to reliable internet connection so it is expected that there will be less connectivity disruptions thus encouraging hybrid setup where they stay in commuter distance. 

For those in rural areas, they are required to have backup connections in case they experience issues with their main line, ensuring less to no business impact.

There can be significant discrepancies between the performances of the networks used by Team Members while working from home. The main constraint is often the 4G network and its inherent lags. There are sometimes black spots and also areas where services become very congested at certain times of the day. 

To maintain quality service to Clients, we ensure that Team Members, regardless of location, meet the minimum speed requirements needed. 

Other challenges include power outages, localised and regional, that can be the result of system maintenance, breakdown or natural disasters. In many locations, there is generator backup and the power consumption of our hardware is relatively low compared to other devices (such as air conditioners and the like) so is readily able to be used on generator power.

Can Team Members use personal internet infrastructure?

VBP provides them with a Flexible Work allowance to cover Data and Electricity expenses for Team Members who are utilising their work set-up.

How do the Team Members get support from their Client Service Manager or Team Lead?

At VBP, the level of support that Team Members get from their Managers is not dependent on location and work setup. Each team member is given equal opportunity to seek help and assistance whenever they need so. 

Managers check in with their teams at least thrice daily: morning, middle of the day and afternoon, to check on any support they may need. 

Due to the hybrid work setup, managers optimise the feeling of connectedness with their respective Team Members while physically away through main communication channels such as Zoom. 

The performances of Team Members are also monitored through available productivity, task management, and coaching platforms which VBP has invested on. 

How do WFH Team Members access files we need them to work on?

All Team Members access files in the same way they do when operating from the VBP office.

The access control procedure is still in place for all files and data where access rights determine the level needed and type of restrictions required. These are managed via assessment of roles and responsibilities, client requirements and the necessities of specific tasks.

What computers are Team Members using in the hybrid work setup?

All Team Members, whether working from home, in the office or from the province, use VBP-issued work computers. In the case of client Team Members, this is a mini PC device, monitor, keyboard, headset, camera and mouse.

Some Team Members, depending on work scope and requirement, have work-issued laptops.

This ensures that the equipment remains protected by the same security controls that they do at the office, including encryption and endpoint protection.

Are Team Members’ activities still being monitored?

Yes, VBP has monitoring software for activity monitoring purposes, which captures details of all websites visited, login, logout times and so on.

This monitoring software cannot be stopped or logged out without the administrator’s access.

What if the internet access is too slow?

There are several avenues that VBP has been exploring when the WFH set-up is unable to secure sufficient operating speeds.

First, we are speed testing to determine where we need to enhance the at-home Wi-Fi device.

In some instances, the issue is the inherent latency on the cellular 4G network, and the solution is to amend the time of day when the employee uses the network or where possible reallocate tasks amongst Team Members. For example, to lower bandwidth activities, i.e. not using VOIP.

The office is open and if a suitable internet connection is not available to work from home, then the Team Members can still report to the office.

Secondly, the VBP office remains operational and open to Team Members for whom WFH is not possible due to client policy constraints or where connectivity is insufficient. We are equipped with 2 ISP connections for each site to ensure onsite BCP is in place.

How do we provide IT support to Team Members working from home?

Our Team Members can submit a support request via email to our dedicated IT support Team Members. The support team can still remotely access the team member’s computer to address diagnosis and fixes.

We sometimes use remote access for support Team Members in the VBP office as our premises are in the same building but over two separate floors and this is an efficient way to resolve problems.

Security and Data Protection

How do you ensure Team Members remain alert and attentive to Information Security as there may be more spam emails (e.g. phishing attempts) at this time?

All team members are required to complete mandatory ISMS onboarding training to ensure they understand VBP’s key information security policies and practices. This training covers the proper handling of client information and the appropriate response during a cyber incident. 

In addition, all tenured team members receive an annual ISMS refresher to reinforce their knowledge of VBP’s policies and practices. This includes updates on industry best practices, particularly in data handling, preventing cyber incidents, and responding effectively to potential cyber-attacks. 

What happens if a team member’s computer is stolen?

If a desktop (mini-PCC) or laptop is stolen, the equipment is protected by hard drive encryption so that neither the drive nor any data on it can be accessed.

The only thing that the thief could do is reformat the hard drive and in so doing erase anything that was on it. The data would be gone other than the backups on VBP servers.

Is the team member’s computer still protected against viruses, malware, or other attacks?

Yes, all VBP-issued equipment, including desktops (mini PCs) and laptops, are equipped with the same antivirus/endpoint/firewall protection software as when the team is in the office.

Are there procedures governing the printing of documents containing personal information?

To print, Team Members would require drivers to be installed and an administration access. So, unless authorised, printing or production of any information is not possible. 

Can Team Members use unauthorised web-based applications via their computer while working from home?

No, use of any unauthorised web-based application that has yet to be formally requested, tested and approved is prohibited. URL tracking and screenshots alert any variances.

Is there a Work from Home Security Matrix available that illustrates the extension of Policy and Security measures to the Work from Home setup?

Yes, the Work From Home Security Matrix is available upon request to VBP.

How is data encrypted on the Team Member’s computer?

VBP uses a security feature to encrypt hard drives and any files on it can not be accessed without the encryption. This ensures the integrity of the system and in securing data on desktop (mini PC) and laptop computers.

The encryption requires the Team Members to input two passwords when they log in to their computers.

How do you manage passwords working from home?

VBP uses the same password management software when Team Members are WFH, as we do when the Team Members are in the office.

Further, there is a personal dashboard for the deployment and management of passwords. All sensitive information stored in the password manager is encrypted to ensure complete security and strong password generation for web and software applications.

For all accounts, a password shall need to meet the IT security requirements stated under VBP’s password management policy.

Do you have a documented procedure for backing up data while Team Members are working from home?

VBP has an established backup and restoration procedure. This is to minimise the risks associated with data loss by defining a backup regime for all centralised VBP data services. This will ensure the safety and security of IT system resources and supporting assets.

There are different backup methods used for different data depending on the source of data and the information’s importance. An established schedule of backup is done by the IT outlined in the procedure.

We test backups to ensure they are recoverable, not to review all information contained in the backup, they are recoverable for the past 7 days.

VBP’s backup and restoration are completed by a commissioned technology supplier and stored in a different location from VBP’s office.

Can Team Members access the USB ports when they are WFH?

No, these are still disabled, just the same as they are when the Team Members are working from the office.

Can Team Members install any software they want into their computer while working from home?

No, software installation requires an administrator password, just the same as while at the office.

Software installation still follows the existing procedure and should undergo an approval and testing process.

Are there any Physical Security controls in place?

The physical security for WFH and WFP Team Members is, as can be expected, different to the VBP office.

While we do not have physical security controls in the homes of Team Members, as we have in the office (biometrics, CCTV, etc), we nonetheless have protections in terms of:

  • Theft – If a computer were to, for example, be stolen, this is a financial risk that is borne by VBP.
  • Data – If a device was stolen or a third party sought to access it, we have encryption in place so the data is protected and cannot be accessed.

In addition, we are directing Team Members to follow Standard Operating Procedures (SOPs) on how to protect data at work while they are working from home. This is stated in our Work from Home Policy.

Managing Change

How are changes being handled by the organisation?

Changes in the organisation shall be identified based on the needs of the business. Whenever there is a need for a change, a change owner shall be appointed. Those affected by the change shall be identified, recorded and notified of the proposed change by the change owner. Any changes within the organisation shall undergo a review and approval process.

Is education/training given to provide Team Members with an awareness of information security? How often is this education given? Is the training targeted to specific audiences?

VBP provides ongoing education about information security to all Team Members. New Team Members are required to finish information security training upon starting. They need to complete and pass our online learning management systems courses on privacy and information security. During new hire induction, their immediate head walks them through and explains the company policies relating to privacy and information security.

Tenured Team Members are enrolled in an online course at least annually. In addition, frequent information security reminders are cascaded via email monthly.

Do you conduct a risk assessment before conducting a change within the organisation?

Yes, the change owner shall ensure that a risk assessment is conducted considering the nature, timescale, and scope of the change.

The risk assessment shall consider the impact of the change before, during and after the change and include consideration of the potential for:

  • Effects/Stop in operation
  • Damage to equipment
  • Loss of data information
  • Adverse effects to the process being changed, any upstream and downstream processes and any supporting processes.

Consideration is given to the technical merits of undertaking the change. Where appropriate, the change owner shall ensure the proposed change is reviewed and approved by IT from a technical perspective.

What if I need more specific details about our ISMS Framework?

We do not publish vendor details or all of the processes involved in our ISMS framework for security reasons. To discuss specifics, please reach out to our Strategic Relationships Management (SRM) Team to arrange discussions with our RC&RA (Compliance) and IMG (Technology) teams.

VBP
BSI Logo