psjenkins/ISMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5eade2d99bef262cef5be6d01dc0bbbc9119b82e
ISMS/01-policies/remote-working-policy.md
Paul Jenkins 5eade2d99b Initial commit
2026-03-26 09:35:22 +00:00

65 lines
2.3 KiB
Markdown
Raw Blame History

Title: Remote Working Policy
Document ID: [POL-REMOTE-001]
Version: 0.1 Draft
Status: Draft
Owner: CISO (Paul Jenkins)
Approver: CEO (Paul Hague)
Classification: Internal
Effective date: [DD Month YYYY]
Review date: [DD Month YYYY]
# Remote Working Policy
## Purpose
This policy defines BlackDice's high-level requirements for secure remote and hybrid working.
## Scope
This policy applies to personnel and contractors working remotely or outside controlled office locations while accessing in-scope systems, information, or services.
## Objectives
- reduce the risk of compromise associated with remote access and off-site working
- support secure access to cloud platforms, code repositories, and business systems
- protect information handled outside controlled premises
## Principles / Policy Statements
Remote working arrangements must use approved access methods and appropriate endpoint security controls.
Personnel working remotely must take reasonable steps to protect devices, credentials, and information from unauthorised access, observation, theft, or loss.
Use of public or shared environments must be managed carefully, particularly where sensitive information, privileged access, or customer-related work is involved.
Remote administration of production systems, cloud environments, and CI/CD platforms must be subject to stronger control and monitoring.
Local printing, storage, or transfer of sensitive information should be minimised and controlled.
## Roles and Responsibilities
- [Role] must define remote working security expectations.
- Managers must ensure remote workers understand their obligations.
- Remote workers must follow approved security practices and report issues promptly.
## Compliance / Exceptions
Exceptions to remote working requirements must be documented and approved based on risk and business need.
## Monitoring and Review
This policy should be reviewed through endpoint assurance, access review, incident handling, and audit.
## Related Documents
- Information Security Policy
- Endpoint Security Policy
- Access Control Policy
- Asset Management and Acceptable Use Policy
## Version Control
| Version | Date | Description of Change | Author |
| --- | --- | --- | --- |
| 0.1 Draft | [DD Month YYYY] | Initial draft. | [Name or Role] |
Reference in New Issue View Git Blame Copy Permalink