Network Trace
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

05) Does your organisation have a formal policy for remote working that includes security?

August 30, 2022
Security Governance
Remote Working

Answer yes if your organisation has a documented Remote Working Policy that has been reviewed in the last year. Please provide the Remote Working Policy (as a PDF file) as evidence or reference a section of a previously provided Information Security Policy in the notes.

What is it?

A remote working policy covers rules and expected behaviours around remote working.

Remote working introduces a number of risks not present with traditional on-premise working. A solid policy around how remote work should be carried out helps mitigate these additional risks.

Why should I have it?

A remote working policy that considers security allows you to define security rules that specifically address risks associated with remote working. Having such a policy ensures you are protected from the risks while also reassuring clients that you have considered the risks that could affect their data.

How to implement the control

Such a policy could mandate certain behaviours but also certain standards or rules requiring the implementation of technical controls. These could include remote endpoint management to allow for updates and configuration changes off the company network, system policies dictating what 3rd party networks can be connected to, what data can be shared with whom, etc.

The first step is typically to implement a policy, something an organisation’s internal Information Security function can assist with. Alternatively, there are a number of consultancies available to help create such a policy. Both may be able to advise or even provision the needed technical controls to support parts of that policy. Please message us if you'd like a recommendation.

If you would like to contribute to this article or provide feedback, please email Contributors will be recognised on our contributors page.

Pattern Trapezoid Mesh

Defend against supply chain attacks with Defend-As-One.

No organisation is an island.