psjenkins/ISMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
draft
ISMS/01-policies/remote-working-policy.md
Paul Jenkins 5eade2d99b Initial commit
2026-03-26 09:35:22 +00:00

2.3 KiB
Raw Permalink Blame History

Title: Remote Working Policy Document ID: [POL-REMOTE-001] Version: 0.1 Draft Status: Draft Owner: CISO (Paul Jenkins) Approver: CEO (Paul Hague) Classification: Internal Effective date: [DD Month YYYY] Review date: [DD Month YYYY]

Remote Working Policy

Purpose

This policy defines BlackDice's high-level requirements for secure remote and hybrid working.

Scope

This policy applies to personnel and contractors working remotely or outside controlled office locations while accessing in-scope systems, information, or services.

Objectives

  • reduce the risk of compromise associated with remote access and off-site working
  • support secure access to cloud platforms, code repositories, and business systems
  • protect information handled outside controlled premises

Principles / Policy Statements

Remote working arrangements must use approved access methods and appropriate endpoint security controls.

Personnel working remotely must take reasonable steps to protect devices, credentials, and information from unauthorised access, observation, theft, or loss.

Use of public or shared environments must be managed carefully, particularly where sensitive information, privileged access, or customer-related work is involved.

Remote administration of production systems, cloud environments, and CI/CD platforms must be subject to stronger control and monitoring.

Local printing, storage, or transfer of sensitive information should be minimised and controlled.

Roles and Responsibilities

  • [Role] must define remote working security expectations.
  • Managers must ensure remote workers understand their obligations.
  • Remote workers must follow approved security practices and report issues promptly.

Compliance / Exceptions

Exceptions to remote working requirements must be documented and approved based on risk and business need.

Monitoring and Review

This policy should be reviewed through endpoint assurance, access review, incident handling, and audit.

Related Documents

  • Information Security Policy
  • Endpoint Security Policy
  • Access Control Policy
  • Asset Management and Acceptable Use Policy

Version Control

Version Date Description of Change Author
0.1 Draft [DD Month YYYY] Initial draft. [Name or Role]
Reference in New Issue View Git Blame Copy Permalink