~3-page information security policy template concerning working "off-site".
The information risks associated with off-site working (e.g. from home, on the road, in hotels, at conferences and so forth - essentially anywhere other than on-site, on corporate premises) should be managed in the normal way and where necessary mitigated using appropriate information security controls.
The policy gives typical examples of controls in three groups:
- Physical controls e.g. security cables for laptops;
- Technical (cybersecurity) controls e.g. VPNs (Virtual Private Networks);
- Manual (procedural and administrative) controls e.g. management authorisation, classification.
This policy only covers the information risk and security aspects. Various other aspects relevant to working off-site (such as employment terms and conditions, contractual arrangements and compensation) are out of scope. None of this is legal advice.
Naturally complements the security policy on on-site working.
Supplied as an MS Word document, readily customised for your organisation's specific situation.
Off-site working policy
Information security policy template about working off-site
See also the policies on:
- On-site information security
- Backups and archives
- Business Continuity Management
- Bring Your Own Device
- Identification and authentication
- Information classification
- Information governance
- Information ownership
- Information risk management
- Intellectual Property Rights
- Internet security
- Insider threats
- Malware
- Monitoring and surveillance
- Network security
- Oversight
- Outsider threats
- Physical information security
- Portable IT security
- Wireless network security
- ... and others