GeneralBots/botbook
2
2
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
botbook/docs/chapter-02-Communication.md
Rodrigo Rodriguez (Pragmatismo) bc127816df
Some checks failed
GBCI / build (push) Failing after 1m16s
Details
fix: update titles and labels for consistency; adjust deployment paths in workflow
2025-05-11 20:12:38 -03:00

330 lines
No EOL
21 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: 2. Communication
sidebar_label: 2. Communication
sidebar_position: 2
---
1. Name files, items, documents, and elements with complete and capitalized names;
2. Choose expository texts over first-person texts to facilitate content collaboration;
3. Begin sentences with capital letters and write words in full;
4. Read about the communication in the code of conduct: https://github.com/GeneralBots/BotServer/blob/master/CODE_OF_CONDUCT.md;
5. "OK" in uppercase is easier to visualize as acceptance;
6. When pasting content, check if a corporate tool can be used to store it in the correct location and send only the address in the conversation;
7. When writing a list of items, end each item with a semicolon. End with a period on the last item. Example:
- Tuesday (07/06) at 11:00 AM;
- Wednesday (07/07) at 11:00 AM;
- Thursday (07/08) at 4:00 PM.
8. Number the list if it facilitates indexing or evidence of order;
9. Choose to input information directly into associated systems (e.g., XRM, HR, ALM, etc.) rather than note-taking applications (OneNote, Joplin, etc.);
10. Maintain a professional tone in all communications, avoiding slang, excessive informality, or emotional language;
11. Use inclusive language that respects diversity and avoids gender, cultural, or other biases;
12. When creating technical documentation, include version numbers and last update dates;
13. When referencing sensitive information, use appropriate data classification markings (e.g., CONFIDENTIAL, INTERNAL USE ONLY);
14. Document review processes should follow a consistent method with clearly defined approvers and timelines.
### 2.1.2. Visual Identity and Corporate Branding
1. Use the company's official templates for all formal communications;
2. Apply the correct logo version (full color, monochrome, or inverted) according to the background;
3. Maintain the corporate color palette in all visual communications;
4. Do not modify, stretch, or recolor the company logo;
5. Include appropriate legal notices and disclaimers in external communications;
6. Apply standard footer information on all formal documents including confidentiality statements.
## 2.2. Emails
------------
### 2.2.1 General
1. Keep the client's point of contact (e.g., Project Manager) in copy on messages sent to collaborators at the client or to third parties about ongoing or finishing projects;
2. When pasting from other sources, ensure that the text formatting is consistent with the rest of the message and signature;
3. Avoid long emails and try to include a final sentence where the person reading has the conditions to make decisions with the message quickly. Perform automatic spelling correction and verify the appropriate use of pauses and punctuation, promoting a formal level of writing that leads to immediate understanding, without the need for re-readings;
4. Choose to draft information directly in the associated tools such as Team Services, transmitting only the hyperlink of the item in question already created in the tool;
5. The To and Cc fields should be used with discretion, with only those people who need to take some action with the email being primarily included in the To field. Recipients who are only following the email thread should be inserted in the Cc field;
6. Do not forward internal emails directly to clients, choose to restart the corresponding email thread to respond, or start a new conversation;
7. Choose to thank the person in advance or when meeting them in person rather than sending a "thank you" email only. Within an *empty inbox philosophy*, emails are documents processed in sequence, and items of this nature can considerably increase the amount of work;
8. Only set the email with High Priority (Exclamation Icon) if it is really an urgent case;
9. When asking questions, choose to use only one question mark, which already shows questioning;
10. When commenting on the execution of an ongoing activity, send an estimated completion deadline, minimizing the chance of the question needing to be formulated;
11. The use of attachments by email should be avoided, opting for the use of the Portal, ALM, or associated tool;
12. Choose to update the documentation and respond with the link of the latest edition showing the questioner the answer to the doubt in the form of text insertion(s) in the target documentation;
13. When finalizing a request by email to which the person is notified by another means, for example, when meeting a scheduling request that the person will receive the invitation automatically, it is not necessary to respond to the original email, since the person will already be aware by the invitation received;
14. Keep the email thread unchanged when responding, choosing to duplicate the content and make insertions in the message being composed;
15. Only deal with the subject specified in the subject field in the email. Other issues should be addressed in a new email;
16. When mentioning virtual or physical locations, provide the corresponding URL or address;
17. Apply appropriate data classification markings in the subject line when discussing sensitive information (e.g., [CONFIDENTIAL], [INTERNAL]);
18. Never send passwords, access credentials, or personally identifiable information (PII) through unencrypted email;
19. Use encryption when discussing sensitive client data or transmitting protected information;
20. For emails containing sensitive information, include a confidentiality notice in the footer;
21. Report suspicious emails to the information security team without opening attachments or clicking links.
### 2.2.2. Work Location Reservation
1. Anyone can reserve their workplace with a Do Not Disturb sign;
2. When working remotely, update your status in the corporate communication tool to reflect your availability;
3. For shared workspaces, utilize the company's reservation system to book spaces in advance.
### 2.2.3. Email Farewell and Signature
Maintain the farewell and signature as concise as possible and copy the CEO's, which is the standard example.
Note: Remove all standard offers from your device such as 'Get Program for Service'.
**Standard Signature Format:**
```
Full Name
Position | Department
Pragmatismo
+XX (XX) XXXX-XXXX
email@pragmatismo.com.br
www.pragmatismo.com.br
```
**Confidentiality Notice:**
```
This message and any attached documents contain confidential information and are intended solely for the named recipient. If you have received this message in error, please notify the sender immediately and delete this message from your system. Any unauthorized use, disclosure, copying, or distribution is strictly prohibited.
```
### 2.2.4. Meetings
1. Add ProjectOffice@Pragmatismo as an optional recipient in all invitations sent to clients;
2. Offer date and time suggestions in the invited person's time zone within the first sentence of the invitation, keeping the day suggestions without exceeding more than one week ahead in duration, for example: Tue, Thu, and Mon (extending over the weekend) or Mon, Thu, and Fri (in the same week);
3. List additional dates to facilitate scheduling for those reading the invitation email so they can decide more easily;
4. If it is a physical meeting, make sure to fill in the address correctly so that the GPS feature helps those who are traveling;
5. In case of Conference, send the invitation using Microsoft Teams integration (Web, Windows Calendar, or Outlook Desktop);
6. If there is recurrence, describe in the body of the meeting the topics that should be reviewed in each occurrence of the meeting. Remember that the body of the invitation will be valid until the end of the last occurrence with the same text;
7. Send the invitation with the same email model, including signature;
8. In meetings, prioritize entry through the Standard Communicator, always log in with the corporate account;
9. Choose to join 05 minutes before meetings. Globally establish a tolerance for your own delay of 5 minutes to be in the meeting, warning in advance in case of unforeseen events. Tolerate delays no more than the usable time of the meeting without impairing its quality, or according to your availability - suggesting rescheduling in case of compromise;
10. Do not use Optional in invitations, consult people beforehand before sending only to those who will actually participate in the meeting;
11. Describe the subject of the meeting objectively and add macro topics to be discussed. During the meeting, discuss the planned topics and keep the discussion in the context of the established subject;
12. For team meetings, simply schedule the meeting without the need to ask about availability, which is published in each person's schedule;
13. Even for team meetings, plan the schedules in advance, making sure not to send invitations for meetings on the same day or with less than at least 48 hours in advance;
14. If the client is late, call by phone to find out if they are having any difficulty entering virtual rooms or at the establishment's reception;
15. All meetings discussing sensitive data must be conducted in secure, private spaces;
16. Begin meetings with a reminder of confidentiality obligations when sensitive information will be discussed;
17. Record meetings only with explicit consent from all participants and in compliance with applicable privacy laws;
18. Document all decisions related to data handling or security measures in the meeting minutes;
19. End meetings with clear action items, responsible parties, and deadlines.
Notes:
Subscribe to: https://calendar.help
Meeting Invitation Model:
```
<greeting>
<sentence>
How is your availability next Thursday (12/02) at 10:00 AM?
Other suggestions:
- tomorrow, 12/03 10:00 AM;
- Monday, 12/07 08:00 AM.
<farewell>
```
### 2.2.5. Creating Issues and Updating Requirements Based on Email
If any email is sent with relevant information to the project, the lifecycle tool must be updated before the information is passed on through the tool itself, in a structured manner.
### 2.2.6. Scheduled Email Sending
1. Emails should be sent to clients respecting the destination time zone and business hours through a feature in the collaborative tool;
2. Scheduling allows messages to reside in the outbox for some more time before they depart, thus it is possible to have another chance of editing before the final sending;
3. If the client contacts proactively on a date prior to the message, be sure to review the sense of sending the message still in the Outbox, see [Article](https://support.office.com/pt-br/article/Delay-or-schedule-sending-email-messages-026af69f-c287-490a-a72f-6c65793744ba).
### 2.2.7. Formatting
1. Emails should be sent to the client with minimal formatting to facilitate reading on devices such as smart watches;
2. If the client sends an email without formatting, choose to use the text version of the email from then on;
3. Use structured format (headings, bullet points) for complex information to improve readability;
4. For sensitive data, consider using document links instead of embedding information directly in the email body.
### 2.2.8. Copies
Add ProjectOffice@Pragmatismo as optional in all emails sent to the client. If the email is being exchanged within another corporation, copy the Project Office representative in the client's account in question, so that the information does not leave the perimeter agreed upon in the project in question.
### 2.2.9 Forwarding
1. When forwarding messages internally with strategic commercial comments, add 'INTERNAL:' as the subject prefix;
2. Exchange messages marked as 'INTERNAL:' only within the Pragmatismo domain (do not externalize);
3. Never forward emails containing client data to external parties without explicit authorization;
4. When forwarding emails, review the entire thread to ensure no sensitive information is inadvertently disclosed.
## 2.3. Meeting Minutes with Client
--------------------------------
The minutes should be published on the project Wiki at the end of each meeting to be sent to the participants with the name of Minutes_dd_mm_yyyy (ex.: Minutes_25_01_2023).
### 2.3.1 Minutes Format
#### Information
Alignment of requirements and general discussion on usability and architecture.
| Item | Value |
|----------|-------------------------------------------------------------------------------|
| Date: | January 25, 2023 |
| Time: | 3:00 PM |
| Location:| Av. Pres. Castelo Branco, Portão 3 - Maracanã, Rio de Janeiro - RJ, 20271-130 |
| Video: | [Watch](http://pragmatismo/video) |
| Security Classification: | INTERNAL USE ONLY |
#### Participants
- Name Surname \<client @domain\>
- Name Surname \<someone-from-company @pragmatismo.com.br\>
#### Topics
| Item | Responsible | Date |
|---------------------------------------|------------------------|------------|
| Discussion of Robot requirements | All | \- |
| Presentation of Car requirements | Client | \- |
| Kick-off can be held on 02/29. | Someone from Company | 02/01/2023 |
#### Pending Issues ([Link]))
| ID | Title |
|-----|------------------------------------------------|
| 001 | Access to SharePoint |
| 002 | Obtain list of SharePoint groups and lists |
| 003 | Obtain field suggestions for forms |
| 004 | Send Manual for publication on the Intranet |
#### Data Protection Notes
| Item | Description |
|------|-------------|
| Data Categories Discussed | [List types of data discussed: personal data, financial data, etc.] |
| Processing Purpose | [Document the purpose for data processing discussed in meeting] |
| Data Security Measures | [List any security measures agreed upon for handling this data] |
#### Validity
Participants will have one week (from receipt of this document) to review or even contest the content of these Minutes. After this period, it will be considered as accepted by all.
## 2.4. Document Publication
-----------------------------
1. Whenever possible, send protected and reduced PDF versions to clients and partners for practicality;
2. Remove personal data before sending files that have metadata, consult: https://support.office.com/pt-br/article/Remover-dados-ocultos-e-informa%C3%A7%C3%B5es-pessoais-de-documentos-do-Office-c2499d69-413c-469b-ace3-cf7e31a85953;
3. Follow the company's document classification system for all published materials;
4. Include appropriate data protection notices on documents containing personal or sensitive information;
5. Maintain a document inventory for all published materials with retention schedules;
6. Use digital rights management (DRM) features for highly sensitive documents;
7. Implement version control for all published documents;
8. Include a document history section showing all revisions and approvals;
9. For documents containing personal data, include a reference to the legal basis for processing;
10. Apply watermarks to draft documents or those containing sensitive information.
## 2.5. Secure File Exchange
-----------------------------
1. 1GB available in SFTP to receive database dumps and other files, consult ProjectOffice@pragmatismo.com.br;
2. You can use a program like WinSCP to access FTPS and upload the files via SFTP;
3. For files containing personal data or sensitive information, use end-to-end encrypted transfer methods;
4. Implement secure sharing with expiration dates and access logging for sensitive documents;
5. When sharing credentials for secure file transfers, use separate communication channels for the URL and credentials;
6. Maintain an audit log of all file transfers containing sensitive or regulated data;
7. Scan all files for malware before uploading to company systems;
8. Use secure electronic signature services for documents requiring formal approval.
### 2.5.1 Secure File Transfer Protocols
| Protocol | Use Case | Security Features |
|----------|----------|-------------------|
| SFTP | Standard file transfers | SSH encryption, authentication |
| FTPS | Legacy system compatibility | SSL/TLS encryption |
| HTTPS | Browser-based transfers | TLS encryption, authentication |
| PGP | Additional encryption layer | End-to-end encryption, digital signatures |
## 2.6 Tasks and Self-Management
------------------------
1. Give full credit to what was written in the task and the corporation gains in the culture of self-confidence. Except for the incomplete text of what to do. But, with the minimum of information, if possible, build a first version of what was understood. It is worth more to deliver a preliminary and discuss with this delivery, than to ask before starting;
2. Document all stages of task progression in the designated project management system;
3. Update task status in real-time to maintain transparency across teams;
4. Include time tracking for regulatory compliance purposes when required;
5. For tasks involving personal data processing, document the purpose and legal basis;
6. Maintain clear documentation of security measures implemented during task execution.
## 2.7 Data Protection Communication
-------------------------------
### 2.7.1 Communicating with Data Subjects
1. All communications with data subjects (customers, employees, etc.) regarding their personal data must follow approved templates;
2. Responses to data subject requests (access, deletion, rectification) must be tracked and completed within regulatory timeframes;
3. Verification procedures must be followed before disclosing personal information to individuals claiming to be data subjects;
4. Communications regarding data breaches must follow the Incident Response Plan and comply with notification requirements;
5. When collecting personal data, ensure appropriate privacy notices are provided.
### 2.7.2 Internal Data Protection Communication
1. Changes to data protection policies must be communicated to all employees through official channels;
2. Regular awareness communications should be sent regarding data protection best practices;
3. Department-specific guidance should be provided for teams handling different categories of personal data;
4. Create a clear escalation path for reporting potential data protection issues;
5. Maintain documentation of all data protection communications for compliance purposes.
## 2.8 Communication Security
-----------------------
### 2.8.1 Secure Communications Channels
1. Use encrypted communications channels for all sensitive or confidential information;
2. For highly sensitive discussions, consider in-person meetings in secure locations;
3. Avoid discussing confidential matters in public spaces or on unsecured communication channels;
4. Implement end-to-end encryption for messaging when discussing sensitive topics;
5. Use secure video conferencing solutions that offer encryption and access controls.
### 2.8.2 Digital Communications Security
1. Enable two-factor authentication for all corporate communication accounts;
2. Use strong, unique passwords for all communication platforms;
3. Regularly update communication software and applications;
4. Be vigilant against phishing attempts targeting corporate communications;
5. Apply appropriate access controls to communication channels based on the sensitivity of information;
6. Regularly audit access to communication systems containing sensitive information.
## 2.9 Compliance Documentation Communications
----------------------------------------
### 2.9.1 Regulatory Communications
1. Maintain a register of all communications with regulatory authorities;
2. Route all regulatory inquiries to the designated compliance officer;
3. Document all formal responses to regulatory bodies;
4. Keep records of all compliance-related communications for the period required by applicable regulations;
5. Review regulatory communications for accuracy and consistency before sending.
### 2.9.2 Compliance Reporting
1. Establish clear reporting channels for compliance concerns;
2. Provide regular compliance updates to management through standardized reporting formats;
3. Document all compliance training communications and attendance;
4. Maintain evidence of communication of policy updates to relevant personnel;
5. Create and distribute compliance newsletters highlighting important regulatory changes.
## 2.10 Crisis Communications
-----------------------
### 2.10.1 Emergency Communication Protocol
1. Establish designated spokespersons for different types of crisis situations;
2. Create pre-approved message templates for common crisis scenarios;
3. Implement a notification cascade for emergency communications;
4. Maintain up-to-date emergency contact information for all key personnel;
5. Test emergency communication channels regularly.
### 2.10.2 Data Breach Communications
1. Follow the established Data Breach Response Plan for all communications;
2. Prepare templates for internal and external breach notifications that comply with GDPR, LGPD, and other applicable regulations;
3. Establish timeframes for breach notifications aligned with regulatory requirements;
4. Document all communications during a breach incident;
5. Conduct post-incident reviews of communication effectiveness.
Reference in a new issue View git blame Copy permalink