Title: Remote Working Policy
Document ID: [POL-REMOTE-001]
Version: 0.1 Draft
Status: Draft
Owner: CISO (Paul Jenkins)
Approver: CEO (Paul Hague)
Classification: Internal
Effective date: [DD Month YYYY]
Review date: [DD Month YYYY]

# Remote Working Policy

## Purpose

This policy defines BlackDice's high-level requirements for secure remote and hybrid working.

## Scope

This policy applies to personnel and contractors working remotely or outside controlled office locations while accessing in-scope systems, information, or services.

## Objectives

- reduce the risk of compromise associated with remote access and off-site working
- support secure access to cloud platforms, code repositories, and business systems
- protect information handled outside controlled premises

## Principles / Policy Statements

Remote working arrangements must use approved access methods and appropriate endpoint security controls.

Personnel working remotely must take reasonable steps to protect devices, credentials, and information from unauthorised access, observation, theft, or loss.

Use of public or shared environments must be managed carefully, particularly where sensitive information, privileged access, or customer-related work is involved.

Remote administration of production systems, cloud environments, and CI/CD platforms must be subject to stronger control and monitoring.

Local printing, storage, or transfer of sensitive information should be minimised and controlled.

## Roles and Responsibilities

- [Role] must define remote working security expectations.
- Managers must ensure remote workers understand their obligations.
- Remote workers must follow approved security practices and report issues promptly.

## Compliance / Exceptions

Exceptions to remote working requirements must be documented and approved based on risk and business need.

## Monitoring and Review

This policy should be reviewed through endpoint assurance, access review, incident handling, and audit.

## Related Documents

- Information Security Policy
- Endpoint Security Policy
- Access Control Policy
- Asset Management and Acceptable Use Policy

## Version Control

| Version | Date | Description of Change | Author |
| --- | --- | --- | --- |
| 0.1 Draft | [DD Month YYYY] | Initial draft. | [Name or Role] |