Embracing the future of work, VBP believes that a hybrid workplace can bring together the best of both worlds– the flexibility of working from home and the engagement and collaboration of the office.
After years of instilling it into the system and testing it out, VBP has learned the best ways to manage the setup.
Adapting to new flexible work capabilities will ensure that VBP continues to deliver the very best value to Clients while ensuring clarity, security, and certainty for our Team Members.
What is VBP’s Hybrid Work Policy?
Flexible work is not synonymous with only working from home and never seeing colleagues. In VBP, we adopted the Hybrid Work approach where Team Members benefit from the added flexibility of working from home while maintaining connections and boosting team collaboration during scheduled onsite work.
This approach seeks to balance the changing expectations with the needs of our Clients and the successful career development of our teams.
What is Hybrid Work?
Hybrid Work is a philosophy that any Team Member who wishes to modify where they work can do so.
- Work from Office (WFO) - is when you work on-site at a VBP office most of the time.
- Work from Home (WFH) - is when you work from home, generally a commuter distance from the VBP office. This is hybrid work and in this set-up, Team Members are expected to spend some time in the office regularly.
- Work from Province (WFP) - is when you have moved to a location that is outside what might be a usual commuter distance from the VBP office. These Team Members will be accommodated on-site every quarter
What if I don’t want my VBP Team Member to work from home?
At present, VBP offices are open to accommodate the hybrid work setup. Team Members are given the opportunity to work at the office and from home.
For Clients who prefer their teams to work onsite, this is arranged and communicated to them so as to set proper expectations.
As a people-first company, we see to it that our Team Members do not excel only at work or in their careers but also with their personal lives. The Hybrid Work setup has greatly helped both VBP and its people as it drives team member engagement and productivity, and allows the company to operate more efficiently on the other hand.
To ensure that Team Members remain connected with each other despite the distance and varying schedules, all Team Members are requested to work onsite following a fortnightly schedule.
VBP follows best practices that leverage team engagement and promote work-life integration.
What happens if my VBP team member resigns?
At VBP, we seek to invest in careers, not people. We seek to invest in continuous career development and we work with team members to align their ambitions and goals with the company. From time to time, though, a team member will resign.
We seek to have an engaged and transparent relationship with you so that we can manage through these moments with as few disruptions as possible. A key element is that we document all processes that your VBP team member is performing for you. This allows us to pivot to a new team member quickly as we have the documented training, process maps, and guides available.
There is no additional cost when a new team member needs to be recruited and we will ensure that we address all the recruitment, training, and transitioning (from the incumbent team member).
What work schedule does my VBP team in the Philippines follow?
Our team works from 7am to 4pm in the Philippines. The team members have a 1-hour lunch break that is generally taken from 12-1pm.
The Philippines is in the same timezone as Perth so the hours of work in Australia’s EST is 9AM-6PM, while during daylight savings the times are 10am-7pm AEST.
We also work on Australian public holidays in the state where your office is based. VBP ensures the management of all leave entitlements and the payment of premium pay for Philippine public holidays.
What is an Information Security Management System?
An Information Security Management System (ISMS) is a systematic approach to managing sensitive company information so that it remains secure.
It includes people, processes and IT systems, and requires the application of a risk management framework and processes.
Since the beginning of VBP, we made a commitment to Information Security being an integral part of our business. Over the past years, we have stood by this commitment and have gone through the numerous due diligence processed with various stakeholders, Information Security audits as well as continuous development and expansion in our systems.
In 2018, we commenced the process of preparing the business for ISO 27001:2013 certification. ISO 27001 is a globally recognised international standard for information security management. The following year, VBP successfully went through the certification audit process and the information security management system is now ISO:27001:2013 certified.
And in 2021 and 2022 respectively, we successfully maintained our ISO 27001:2013 ISMS Certification as our processes and systems were deemed comprehensive and acceptable to the globally recognised standards.
What internet access do Team Members have when working from home?
Internet access serves as the backbone of hybrid work. When working from home, VBP Team Members in the Philippines utilise devices that rely on carrier networks, and Fiber. Those located within or near urban locations have access to reliable internet connection so it is expected that there will be less connectivity disruptions thus encouraging hybrid setup where they stay in commuter distance.
For those in rural areas, they are required to have backup connections in case they experience issues with their main line, ensuring less to no business impact.
There can be significant discrepancies between the performances of the networks used by Team Members while working from home. The main constraint is often the 4G network and its inherent lags. There are sometimes black spots and also areas where services become very congested at certain times of the day.
To maintain quality service to Clients, we ensure that Team Members, regardless of location, meet the minimum speed requirements needed.
Other challenges include power outages, localised and regional, that can be the result of system maintenance, breakdown or natural disasters. In many locations, there is generator backup and the power consumption of our hardware is relatively low compared to other devices (such as air conditioners and the like) so is readily able to be used on generator power.
Can Team Members use personal internet infrastructure?
VBP provides them with a Flexible Work allowance to cover Data and Electricity expenses for Team Members who are utilising their work set-up.
How do the Team Members get support from their Client Service Manager or Team Lead?
At VBP, the level of support that Team Members get from their Managers is not dependent on location and work setup. Each team member is given equal opportunity to seek help and assistance whenever they need so.
Managers check in with their teams at least thrice daily: morning, middle of the day and afternoon, to check on any support they may need.
Due to the hybrid work setup, managers optimise the feeling of connectedness with their respective Team Members while physically away through main communication channels such as Zoom.
The performances of Team Members are also monitored through available productivity, task management, and coaching platforms which VBP has invested on.
How do WFH Team Members access files we need them to work on?
All Team Members access files in the same way they do when operating from the VBP office.
The access control procedure is still in place for all files and data where access rights determine the level needed and type of restrictions required. These are managed via assessment of roles and responsibilities, client requirements and the necessities of specific tasks.
What computers are Team Members using in the hybrid work setup?
All Team Members, whether working from home, in the office or from the province, use VBP-issued work computers. In the case of client Team Members, this is a mini PC device, monitor, keyboard, headset, camera and mouse.
Some Team Members, depending on work scope and requirement, have work-issued laptops.
This ensures that the equipment remains protected by the same security controls that they do at the office, including encryption and endpoint protection.
Are Team Members’ activities still being monitored?
Yes, VBP has monitoring software for performance monitoring purposes, which captures details of all websites visited, screenshots and login, logout times and so on.
This monitoring software cannot be stopped or logged out without the administrator’s access.
What if the internet access is too slow?
There are several avenues that VBP has been exploring when the WFH set-up is unable to secure sufficient operating speeds.
First, we are speed testing to determine where we need to enhance the pocket WiFi, tethered smartphone or at-home WiFi device.
In some instances, the issue is the inherent latency on the cellular 4G network and the solution is to amend the time of day when the employee uses the network or where possible reallocate tasks amongst Team Members. For example to lower bandwidth activities, i.e. not using VOIP.
The office is open and if a suitable internet connection is not available to work from home, then the Team Members can still report to the office.
Secondly, the VBP office remains operational and open to Team Members for whom WFH is not possible due to client policy constraints or where connectivity is insufficient. We are equipped with 2 ISP connections for each site to ensure onsite BCP is in place.
How do we provide IT support to Team Members working from home?
Our Team Members can submit a support request via email to our dedicated IT support Team Members. The support team can still remotely access the team member’s computer to address diagnosis and fixes.
We sometimes use remote access for support Team Members in the VBP office as our premises are in the same building but over two separate floors and this is an efficient way to resolve problems.
What internet access do Team Members have when working from home?
Internet access serves as the backbone of hybrid work. When working from home, VBP Team Members in the Philippines utilise devices that rely on carrier networks, and Fiber. Those located within or near urban locations have access to reliable internet connection so it is expected that there will be less connectivity disruptions thus encouraging hybrid setup where they stay in commuter distance.
For those in rural areas, they are required to have backup connections in case they experience issues with their main line, ensuring less to no business impact.
There can be significant discrepancies between the performances of the networks used by Team Members while working from home. The main constraint is often the 4G network and its inherent lags. There are sometimes black spots and also areas where services become very congested at certain times of the day.
To maintain quality service to Clients, we ensure that Team Members, regardless of location, meet the minimum speed requirements needed.
Other challenges include power outages, localised and regional, that can be the result of system maintenance, breakdown or natural disasters. In many locations, there is generator backup and the power consumption of our hardware is relatively low compared to other devices (such as air conditioners and the like) so is readily able to be used on generator power.
Can Team Members use personal internet infrastructure?
VBP provides them with a Flexible Work allowance to cover Data and Electricity expenses for Team Members who are utilising their work set-up.
How do the Team Members get support from their Client Service Manager or Team Lead?
At VBP, the level of support that Team Members get from their Managers is not dependent on location and work setup. Each team member is given equal opportunity to seek help and assistance whenever they need so.
Managers check in with their teams at least thrice daily: morning, middle of the day and afternoon, to check on any support they may need.
Due to the hybrid work setup, managers optimise the feeling of connectedness with their respective Team Members while physically away through main communication channels such as Zoom.
The performances of Team Members are also monitored through available productivity, task management, and coaching platforms which VBP has invested on.
How do WFH Team Members access files we need them to work on?
All Team Members access files in the same way they do when operating from the VBP office.
The access control procedure is still in place for all files and data where access rights determine the level needed and type of restrictions required. These are managed via assessment of roles and responsibilities, client requirements and the necessities of specific tasks.
What computers are Team Members using in the hybrid work setup?
All Team Members, whether working from home, in the office or from the province, use VBP-issued work computers. In the case of client Team Members, this is a mini PC device, monitor, keyboard, headset, camera and mouse.
Some Team Members, depending on work scope and requirement, have work-issued laptops.
This ensures that the equipment remains protected by the same security controls that they do at the office, including encryption and endpoint protection.
Are Team Members’ activities still being monitored?
Yes, VBP has monitoring software for performance monitoring purposes, which captures details of all websites visited, screenshots and login, logout times and so on.
This monitoring software cannot be stopped or logged out without the administrator’s access.
What if the internet access is too slow?
There are several avenues that VBP has been exploring when the WFH set-up is unable to secure sufficient operating speeds.
First, we are speed testing to determine where we need to enhance the pocket WiFi, tethered smartphone or at-home WiFi device.
In some instances, the issue is the inherent latency on the cellular 4G network and the solution is to amend the time of day when the employee uses the network or where possible reallocate tasks amongst Team Members. For example to lower bandwidth activities, i.e. not using VOIP.
The office is open and if a suitable internet connection is not available to work from home, then the Team Members can still report to the office.
Secondly, the VBP office remains operational and open to Team Members for whom WFH is not possible due to client policy constraints or where connectivity is insufficient. We are equipped with 2 ISP connections for each site to ensure onsite BCP is in place.
How do we provide IT support to Team Members working from home?
Our Team Members can submit a support request via email to our dedicated IT support Team Members. The support team can still remotely access the team member’s computer to address diagnosis and fixes.
We sometimes use remote access for support Team Members in the VBP office as our premises are in the same building but over two separate floors and this is an efficient way to resolve problems.
How do you ensure Team Members remain alert and attentive to Information Security as there may be more spam emails (e.g. phishing attempts) at this time?
As part of our Information Security Management System, we provide ongoing security training and awareness courses. We are rolling out a refresher to all Team Members at least annually to ensure that they remain alert and attentive to information security policies and procedures.
What if a Team Member’s computer was stolen?
If a desktop (mini PC) or laptop is stolen, the equipment is protected by hard drive encryption so that neither the drive nor any data on it can be accessed.
The only thing that the thief could do is reformat the hard drive and in so doing erase anything that was on it. The client data would be gone other than the backups on VBP servers.
Is the team member’s computer still protected against viruses, malware, or other attacks?
Yes, all VBP-issued equipment, including desktops (mini PCs) and laptops, are equipped with the same antivirus/endpoint/firewall protection software as when the team is in the office.
Are there procedures governing the printing of documents containing personal information?
To print Team Members’ personal information would require drivers to be installed and administration access. So unless authorised, printing or production of such information is not possible.
Can Team Members use unauthorised web-based applications via their computer while working from home?
No, use of any unauthorised web-based application that has yet to be formally requested, tested and approved is prohibited. URL tracking and screenshots alert any variances.
Is there a Work from Home Security Matrix available that illustrates the extension of Policy and Security measures to the Work from Home setup?
Yes, the Work From Home Security Matrix is available upon request to VBP.
How is data encrypted on the Team Member’s computer?
VBP uses a security feature to encrypt hard drives and any files on it can not be accessed without the encryption. This ensures the integrity of the system and in securing data on desktop (mini PC) and laptop computers.
The encryption requires the Team Members to input two passwords when they log in to their computers.
How do you manage passwords working from home?
VBP uses the same password management software when Team Members are WFH, as we do when the Team Members are in the office.
Further, there is a personal dashboard for the deployment and management of passwords. All sensitive information stored in the password manager is encrypted to ensure complete security and strong password generation for web and software applications.
For all accounts, a password shall need to meet the IT security requirements stated under VBP’s password management policy.
Do you have a documented procedure for backing up data while Team Members are working from home?
VBP has an established backup and restoration procedure. This is to minimise the risks associated with data loss by defining a backup regime for all centralised VBP data services. This will ensure the safety and security of IT system resources and supporting assets.
There are different backup methods used for different data depending on the source of data and the information’s importance. An established schedule of backup is done by the IT outlined in the procedure.
We test backups to ensure they are recoverable, not to review all information contained in the backup, they are recoverable for the past 7 days.
VBP’s backup and restoration are completed by a commissioned technology supplier and stored in a different location from VBP’s office.
Can Team Members access the USB ports when they are WFH?
No, these are still disabled, just the same as they are when the Team Members are working from the office.
Can Team Members install any software they want into their computer while working from home?
No, software installation requires an administrator password, just the same as while at the office.
Software installation still follows the existing procedure and should undergo an approval and testing process.
Are there any Physical Security controls in place?
The physical security for WFH and WFP Team Members is, as can be expected, different to the VBP office.
While we do not have physical security controls in the homes of Team Members, as we have in the office (biometrics, CCTV, etc), we nonetheless have protections in terms of:
- Theft – If a computer were to, for example, be stolen, this is a financial risk that is borne by VBP.
- Data – If a device was stolen or a third party sought to access it, we have encryption in place so the data is protected and cannot be accessed.
In addition, we are directing Team Members to follow Standard Operating Procedures (SOPs) on how to protect data at work while they are working from home. This is stated in our Work from Home Policy.
How do you ensure Team Members remain alert and attentive to Information Security as there may be more spam emails (e.g. phishing attempts) at this time?
As part of our Information Security Management System, we provide ongoing security training and awareness courses. We are rolling out a refresher to all Team Members at least annually to ensure that they remain alert and attentive to information security policies and procedures.
What if a Team Member’s computer was stolen?
If a desktop (mini PC) or laptop is stolen, the equipment is protected by hard drive encryption so that neither the drive nor any data on it can be accessed.
The only thing that the thief could do is reformat the hard drive and in so doing erase anything that was on it. The client data would be gone other than the backups on VBP servers.
Is the team member’s computer still protected against viruses, malware, or other attacks?
Yes, all VBP-issued equipment, including desktops (mini PCs) and laptops, are equipped with the same antivirus/endpoint/firewall protection software as when the team is in the office.
Are there procedures governing the printing of documents containing personal information?
To print Team Members’ personal information would require drivers to be installed and administration access. So unless authorised, printing or production of such information is not possible.
Can Team Members use unauthorised web-based applications via their computer while working from home?
No, use of any unauthorised web-based application that has yet to be formally requested, tested and approved is prohibited. URL tracking and screenshots alert any variances.
Is there a Work from Home Security Matrix available that illustrates the extension of Policy and Security measures to the Work from Home setup?
Yes, the Work From Home Security Matrix is available upon request to VBP.
How is data encrypted on the Team Member’s computer?
VBP uses a security feature to encrypt hard drives and any files on it can not be accessed without the encryption. This ensures the integrity of the system and in securing data on desktop (mini PC) and laptop computers.
The encryption requires the Team Members to input two passwords when they log in to their computers.
How do you manage passwords working from home?
VBP uses the same password management software when Team Members are WFH, as we do when the Team Members are in the office.
Further, there is a personal dashboard for the deployment and management of passwords. All sensitive information stored in the password manager is encrypted to ensure complete security and strong password generation for web and software applications.
For all accounts, a password shall need to meet the IT security requirements stated under VBP’s password management policy.
Do you have a documented procedure for backing up data while Team Members are working from home?
VBP has an established backup and restoration procedure. This is to minimise the risks associated with data loss by defining a backup regime for all centralised VBP data services. This will ensure the safety and security of IT system resources and supporting assets.
There are different backup methods used for different data depending on the source of data and the information’s importance. An established schedule of backup is done by the IT outlined in the procedure.
We test backups to ensure they are recoverable, not to review all information contained in the backup, they are recoverable for the past 7 days.
VBP’s backup and restoration are completed by a commissioned technology supplier and stored in a different location from VBP’s office.
Can Team Members access the USB ports when they are WFH?
No, these are still disabled, just the same as they are when the Team Members are working from the office.
Can Team Members install any software they want into their computer while working from home?
No, software installation requires an administrator password, just the same as while at the office.
Software installation still follows the existing procedure and should undergo an approval and testing process.
Are there any Physical Security controls in place?
The physical security for WFH and WFP Team Members is, as can be expected, different to the VBP office.
While we do not have physical security controls in the homes of Team Members, as we have in the office (biometrics, CCTV, etc), we nonetheless have protections in terms of:
- Theft – If a computer were to, for example, be stolen, this is a financial risk that is borne by VBP.
- Data – If a device was stolen or a third party sought to access it, we have encryption in place so the data is protected and cannot be accessed.
In addition, we are directing Team Members to follow Standard Operating Procedures (SOPs) on how to protect data at work while they are working from home. This is stated in our Work from Home Policy.
How are changes being handled by the organisation?
Is education/training given to provide Team Members with an awareness of information security? How often is this education given? Is the training targeted to specific audiences?
VBP provides ongoing education about information security to all Team Members. New Team Members are required to finish information security training upon starting. They need to complete and pass our online learning management systems courses on privacy and information security. During new hire induction, their immediate head walks them through and explains the company policies relating to privacy and information security.
Tenured Team Members are enrolled in an online course at least annually. In addition, frequent information security reminders are cascaded via email monthly.
Do you conduct a risk assessment before conducting a change within the organisation?
Yes, the change owner shall ensure that a risk assessment is conducted considering the nature, timescale, and scope of the change.
The risk assessment shall consider the impact of the change before, during and after the change and include consideration of the potential for:
- Effects/Stop in operation
- Damage to equipment
- Loss of data information
- Adverse effects to the process being changed, any upstream and downstream processes and any supporting processes.
Consideration is given to the technical merits of undertaking the change. Where appropriate, the change owner shall ensure the proposed change is reviewed and approved by IT from a technical perspective.
What is an Information Security Management System?
An Information Security Management System (ISMS) is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems, and requires the application of a risk management framework and processes.
Since the beginning of VBP, we have made a commitment to Information Security being an integral part of our business. Over the past years, we have stood by this commitment and have gone through numerous due diligence processes with various stakeholders, Information Security audits as well as continuous development and expansion of our systems.
In 2018, we commenced preparing the business for ISO 27001:2013 certification. ISO 27001 is a globally recognised international standard for information security management. The following year, VBP successfully went through the certification audit process and the information security management system is now ISO:27001:2013 certified.
And in 2021 and 2022 respectively, we successfully maintained our ISO 27001:2013 ISMS Certification as our processes and systems were deemed comprehensive and acceptable to the globally recognised standards.
What if I need more specific details about our ISMS Framework?
How are changes being handled by the organisation?
Is education/training given to provide Team Members with an awareness of information security? How often is this education given? Is the training targeted to specific audiences?
VBP provides ongoing education about information security to all Team Members. New Team Members are required to finish information security training upon starting. They need to complete and pass our online learning management systems courses on privacy and information security. During new hire induction, their immediate head walks them through and explains the company policies relating to privacy and information security.
Tenured Team Members are enrolled in an online course at least annually. In addition, frequent information security reminders are cascaded via email monthly.
Do you conduct a risk assessment before conducting a change within the organisation?
Yes, the change owner shall ensure that a risk assessment is conducted considering the nature, timescale, and scope of the change.
The risk assessment shall consider the impact of the change before, during and after the change and include consideration of the potential for:
- Effects/Stop in operation
- Damage to equipment
- Loss of data information
- Adverse effects to the process being changed, any upstream and downstream processes and any supporting processes.
Consideration is given to the technical merits of undertaking the change. Where appropriate, the change owner shall ensure the proposed change is reviewed and approved by IT from a technical perspective.
What is an Information Security Management System?
An Information Security Management System (ISMS) is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems, and requires the application of a risk management framework and processes.
Since the beginning of VBP, we have made a commitment to Information Security being an integral part of our business. Over the past years, we have stood by this commitment and have gone through numerous due diligence processes with various stakeholders, Information Security audits as well as continuous development and expansion of our systems.
In 2018, we commenced preparing the business for ISO 27001:2013 certification. ISO 27001 is a globally recognised international standard for information security management. The following year, VBP successfully went through the certification audit process and the information security management system is now ISO:27001:2013 certified.
And in 2021 and 2022 respectively, we successfully maintained our ISO 27001:2013 ISMS Certification as our processes and systems were deemed comprehensive and acceptable to the globally recognised standards.