Remote Work Policy Template
Remote Work Policy Template
©2020 by LMG Security. www.LMGsecurity.com All rights reserved. Used under license.
Remote Work Policy Internal Use
Version Control
002 Approved {Insert}
Policy Code:
By:
{Insert} Effective {Insert}
Owner:
Date:
Revision History
Date Version Created by Description of change
©2020 by LMG Security. www.LMGsecurity.com All rights reserved. Used under license.
Remote Work Policy Internal Use
Table of Contents
1. PURPOSE AND SCOPE.......................................................................................................4
2. INTRODUCTION................................................................................................................4
3. ROLES AND RESPONSIBILITIES..........................................................................................4
4. AUTHORIZATION FOR REMOTE WORK..............................................................................5
4.1 REMOTE WORK AGREEMENT.................................................................................................5
4.2 TRAINING...........................................................................................................................5
5. SECURITY FOR REMOTE WORKING ARRANGEMENTS........................................................5
5.1 USE OF PERSONALLY OWNED DEVICES....................................................................................6
6. MANAGEMENT CONSIDERATIONS WITH REMOTE WORK.................................................7
7. POLICY MAINTENANCE AND MANAGEMENT....................................................................7
8. REFERENCES.....................................................................................................................7
APPENDIX: REMOTE WORK AGREEMENT................................................................................8
1. PURPOSE & SCOPE...........................................................................................................8
2. WHO MUST COMPLY WITH THIS POLICY...........................................................................8
2.1 EXISTING POLICIES...............................................................................................................8
2.2 SECURITY...........................................................................................................................9
2.3 SCHEDULING.......................................................................................................................9
2.4 AVAILABILITY....................................................................................................................10
3. STATEMENT OF ACCEPTANCE.........................................................................................10
©2020 by LMG Security. www.LMGsecurity.com All rights reserved. Used under license.
Remote Work Policy Internal Use
2. Introduction
Remote work may be offered by [ORGANIZATION_NAME] for various reasons,
such as to support life balance, allow flexibility, promote productivity,
control facility space / costs, or help employees manage personal
obligations. Remote work may also be required in some situations due to
pandemic, natural disaster, or disruption at one of the organization’s
facilities.
©2020 by LMG Security. www.LMGsecurity.com All rights reserved. Used under license.
Remote Work Policy Internal Use
All users authorized to work remotely are required to read and acknowledge
[ORGANIZATION_NAME]’s Remote Work User Agreement, which is
included as an Appendix to this policy.
4.2 Training
©2020 by LMG Security. www.LMGsecurity.com All rights reserved. Used under license.
Remote Work Policy Internal Use
have any questions about remote work security or the controls in place to
reduce risk.
©2020 by LMG Security. www.LMGsecurity.com All rights reserved. Used under license.
Remote Work Policy Internal Use
The use of personally owned devices may be needed for remote work,
especially when it is in response to an event such as pandemic or natural
disaster. If personally owned devices will be used for remote work,
[ORGANIZATION_NAME] will implement a process to inform those users
who are permitted to use such devices, along with rules and guidelines they
must follow. In considering the use of personally owned devices for work
purposes, [ORGANIZATION_NAME] will consider appropriate security
controls that should be in place as well as issue user guidance on secure
remote work. Examples of security controls for personally owned devices
include, but are not necessarily limited to the following:
Full-disk encryption
Long, strong passwords
Current OS version and patching, with automatic updates enabled
Anti-virus, with automatic updates enabled
Physical security of devices
Automatic screensaver / locking devices when unattended
Requiring work-related files and applications to be closed if the
device will be used by another person (i.e., family members)
Restricting or prohibiting the storage of sensitive data on personal
devices
Mobile device management
©2020 by LMG Security. www.LMGsecurity.com All rights reserved. Used under license.
Remote Work Policy Internal Use
The owner of this document must review and perform any necessary updates
to this document at least annually, or may delegate tasks related to this
policy as appropriate. Revisions must be communicated to relevant roles and
users throughout the organization.
8. References
NIST Cybersecurity Framework References
ID.AM – Asset Management
PR.AC – Identity Management and Access Control
PR.AT – Awareness and Training
PR.DS – Data Security
PR.IP – Information Protection Processes and Procedures
PR.PT – Protective Technology
Policy References
Access and Authorization Policy
Acceptable Use Policy
Mobile Device Policy
Information Classification, Handling, and Transfer Policy
Asset Management
©2020 by LMG Security. www.LMGsecurity.com All rights reserved. Used under license.
Remote Work Policy Internal Use
With the goal of making remote work a successful arrangement for both
users and the organization, [ORGANIZATION_NAME] has set the following
requirements and expectations for remote work. This Remote Work
Agreement must be reviewed and signed by all users who have been
authorized by [ORGANIZATION_NAME] for remote work.
Here is a summary of policies that users should keep in mind while working
remotely.
Do not attempt to bypass any security measures implemented by
[ORGANIZATION_NAME], (i.e., antivirus, password requirements,
multifactor authentication, screensaver, restricted file access).
Do not use organizational assets or network for prohibited activities,
such as gambling, illegal activity, accessing adult content, operating
your own business, or other activities generally considered
inappropriate for work purposes.
Use only approved methods for sending and receiving information.
Only use approved software and applications, including cloud
applications.
©2020 by LMG Security. www.LMGsecurity.com All rights reserved. Used under license.
Remote Work Policy Internal Use
2.2 Security
Primary considerations for users performing remote work include securing
sensitive documents, physical protection of mobile devices, locking screens
when unattended, preventing “shoulder surfing”, and taking care when
conducting phone calls to ensure that company or client information is not
overheard.
Physical Security
o Physically safeguard all devices to prevent theft or damage. Do not
leave devices unattended in vehicles, checked luggage, or publicly
accessible areas.
o Prevent unauthorized viewing of your computer screen
o Lock computer screens when left unattended
o Secure documents when not in use
o Ensure work-related phone conversations and meetings cannot be
overheard by others
o Establish a safe space dedicated to work free from potential
hazards and conducive to a safe and healthy work environment
o Immediately report lost or stolen devices.
IT Security
o Follow security requirements issued by the [IT Department or
Security Officer], such as the use of VPN, long passwords, and
multifactor authentication
o Do not connect directly to untrusted public networks, such as free
wireless at coffee shops. Connect to a trusted network or VPN
whenever possible.
o Watch for phishing emails, and be wary of phone calls asking you
for information
o Keep passwords secure. Do not keep them on post-it notes or
where others can access them. Never disclose passwords by email
or phone
o Keep work and personal accounts separate, and do not reuse
passwords between work and personal accounts
o Do not use applications or cloud services that have not been
explicitly approved. If you have a specific work need (i.e., file
sharing with clients), contact the [IT Team or Help Desk] for
guidance
o Only use a personal device for work if you have been authorized to
do so. If so, follow all security guidance from the [IT Director or
[FULL_ORGANIZATION_NAME] Confidential Page 10 of 12
©2020 by LMG Security. www.LMGsecurity.com All rights reserved. Used under license.
Remote Work Policy Internal Use
your Manager], and be sure to close all work files and applications
if the device will be used by someone else (i.e., family members).
Periodically delete work files from the device when no longer
needed.
o Immediately report anything suspicious to your [IT Team or Help
Desk]
2.3 Scheduling
If your remote work hours will vary from your usual office schedule, be sure
to communicate your plan.
Clearly communicate planned work hours and changes to plans to your
supervisor and any coworkers who are likely to need to be in contact with
you
Work during the agreed upon work hours
Notify your supervisor if your plans change due to illness, family needs,
or any other circumstance that will require you to use time off rather
than work as planned
Accurately record work hours versus time off if your plans change
Request remote work at least 24 hours in advance for planned
occurrences, and as soon as possible for unplanned situations
2.4 Availability
3. Statement of Acceptance
©2020 by LMG Security. www.LMGsecurity.com All rights reserved. Used under license.
Remote Work Policy Internal Use
Date: ________________________________________
©2020 by LMG Security. www.LMGsecurity.com All rights reserved. Used under license.