ISO27001 states that “Security measures shall be implemented when personnel are working remotely to protect information accessed, processed, or stored outside the organisation's premises.” (A6.7 – Remote Working).
With the increase in people working remotely, we need to ensure we establish clear rules and controls which protect people and devices while they are outside our strict control. In the past, computers were largely confined to the office, and therefore it was relatively easy to protect information processed by the business.
But remember that 'remote working' also includes trains, planes and other locations like coffee shops, and client sites.
This policy sets out your expectations in a clear and consise way, so that your team know what is expected of them.
About our policies
This policy is written with the end-user in mind. It is not complicated, and it is written in 'plain english'. It's important to note that ISO27001 mandates key policies (where a control has been selected), but it does NOT mandate that the policies are BORING!
Keep the audience in mind. Don't reveal too much in your policies (i.e. don't mention specific technologies, as these may change over time.
Keep. It. Simple.
Remote Working Policy
Hey, we're not going to go all 'legal' on you here... that's not our style. But this is our Intellectual Property, and we'd prefer it if you didn't go sharing this with other people who haven't spent the money and bought a copy.
Of course, we can't really stop you... But are you that kind of person? We don't think you are. So if you want to tell people about your new found super power of ISO27001-Awesomeness, great... just don't give it away for free!