SecAware materials

SecAware logo 150 animated ezgif.gif

A 4-page generic information security policy concerning working at home, on the road, from hotels, at conferences and so forth - anywhere other than on corporate premises.


The information risks associated with working off-site should be managed in the normal way, where appropriate mitigated using information security controls such as those noted in this policy. 


The policy gives typical examples of controls in three groups:

  • Physical controls e.g. security cables
  • Technical (cybersecurity) controls e.g. VPNs
  • Manual (procedural and administrative) controls e.g. management authorization 


This policy only concerns the information risk and security aspects.  Various other aspects relevant to working off-site (such as employment terms and conditions, contractual arrangements and compensation) are out of scope.


Delivered as an editable MS Word document, easily customized for your organization's specific needs.

Off-site information security policy