Answer yes if your organisation has a documented Remote Working Policy that has been reviewed in the last year. Please provide the Remote Working Policy (as a PDF file) as evidence or reference a section of a previously provided Information Security Policy in the notes.
What is it?
A remote working policy covers rules and expected behaviours around remote working.
Remote working introduces a number of risks not present with traditional on-premise working. A solid policy around how remote work should be carried out helps mitigate these additional risks.
Why should I have it?
A remote working policy that considers security allows you to define security rules that specifically address risks associated with remote working. Having such a policy ensures you are protected from the risks while also reassuring clients that you have considered the risks that could affect their data.
Such a policy could mandate certain behaviours but also certain standards or rules requiring the implementation of technical controls. These could include remote endpoint management to allow for updates and configuration changes off the company network, system policies dictating what 3rd party networks can be connected to, what data can be shared with whom, etc.
The first step is typically to implement a policy, something an organisation’s internal Information Security function can assist with. Alternatively, there are a number of consultancies available to help create such a policy. Both may be able to advise or even provision the needed technical controls to support parts of that policy. Please message us if you'd like a recommendation.
If you would like to contribute to this article or provide feedback, please email knowledge@riskledger.com. Contributors will be recognised on our contributors page.