4-page generic information security policy concerning working at home, on the road, from hotels and so forth - anywhere other than on corporate premises.
The information risks associated with working off-site should be managed in the normal way, where appropriate mitigated using information security controls such as those noted in this policy.
The policy gives typical examples of controls in three groups:
- Physical controls e.g. security cables
- Technical (cybersecurity) controls e.g. VPNs
- Manual (procedural and administrative) controls e.g. management authorization
This policy only concerns the information risk and security aspects. Various other aspects relevant to working off-site (such as employment terms and conditions, contractual arrangements and compensation) are out of scope.
Delivered as an editable MS Word document, easily customized for your organization's specific needs.
Working off-site security policy
Policy on the information security aspects of working off-site.
See also the security policies on:
- Backups and archives
- Business Continuity Management
- BYOD
- Compliance and enforcement
- Identification and authentication
- Information classification
- Information governance
- Information ownership
- Information risk management
- Intellectual Property Rights
- Internet security
- Insider threats
- Malware
- Monitoring and surveillance
- Network security
- Oversight
- Outsider threats
- Physical information security
- Wireless networking
- Workplace security [= on-site working!]
- ... and others: in fact, it's hard to think of any infosec policies that only apply to working on-site!
