A 4-page generic information security policy concerning working at home, on the road, from hotels, at conferences and so forth - anywhere other than on corporate premises.
The information risks associated with working off-site should be managed in the normal way, where appropriate mitigated using information security controls such as those noted in this policy.
The policy gives typical examples of controls in three groups:
- Physical controls e.g. security cables
- Technical (cybersecurity) controls e.g. VPNs
- Manual (procedural and administrative) controls e.g. management authorization
This policy only concerns the information risk and security aspects. Various other aspects relevant to working off-site (such as employment terms and conditions, contractual arrangements and compensation) are out of scope.
Delivered as an editable MS Word document, easily customized for your organization's specific needs.
Off-site information security policy
Template policy on off-site information security.
See also the security policies on:
- Backups and archives
- Business Continuity Management
- Bring Your Own Device
- Identification and authentication
- Information classification
- Information governance
- Information ownership
- Information risk management
- Intellectual Property Rights
- Internet security
- Insider threats
- Malware
- Monitoring and surveillance
- Network security
- Oversight
- Outsider threats
- Physical information security
- Wireless network security
- On-site information security
- ... and others