Remote Work Policy Template
Remote Work Policy Template
Download your free copy now
Adopting a full set of information security policies is a critical step in ensuring that every department and employee understands their role in helping protect company, customer, and employee data.
Please use these policy templates as a way to get your organization on the right track when it comes to full policy creation and adoption.
Now more than ever, employers are allowing their staff to work from all over. This requires an added level of trust in your employees, and it requires extra diligence regarding information security. Help guide remote work decisions with this remote work policy template.
The purpose of this policy is to establish the rules and conditions under which short and long-term telecommuting may occur in order to maintain acceptable practices regarding the use and protection of (Company) Information Resources.
The (Company) Remote Work Policy applies to any individual connecting remotely to (Company) information resources.
Table of Contents
- Personnel must be approved by their manager and IT prior to remote access or teleworking. Under no circumstance is a person permitted to work remotely without prior permission.
- Personnel are responsible for complying with (Company) policies when working using (Company) Information Resources and/or on (Company) time. If requirements or responsibilities are unclear, please seek assistance from the Security Committee. (duplicate from AUP)
- All inventions, intellectual property, and proprietary information, including reports, drawings, blueprints, software codes, computer programs, data, writings, and technical information, developed on (Company) time and/or using (Company) Information Resources are the property of (Company). (duplicate from AUP)
- The teleworker is responsible to ensure that non-employees do not access (Company) data, including in print or electronic form.
- The team member will be required to maintain a regular schedule. All hours of work must be recorded according to regular (Company) policies. Overtime and time off must have advance approval according to the regular policies of (Company).
- Equipment and information must be protected according to their classification and in alignment with the Information Classification and Management policy. Teleworkers are responsible for protecting (Company) equipment and information from theft, damage, or other loss while in transit or at the remote work location. At no time should documents or company equipment be left unattended in a public area.
- Personnel are expected to follow (Company)’s Incidental Use policy when using (Company) devices remotely.
- Personnel must not connect to an unsecured Wi-Fi network with (Company) equipment or to perform (Company)
- Wi-Fi connections must be secured with strong encryption (WPA2). The use of WPA or WAP is not allowed.
- When connecting to a Wi-Fi network, personnel must use only the pre-approved VPN solution.
- Users must not connect to another wireless network and the (Company) wireless network simultaneously.
- The use of split-tunnel VPN is prohibited.
- For long-term or home office networks:
- A high-speed Internet connection is required. Personnel will provide the Internet service at their own expense. The internet connection must be of sufficient bandwidth to allow the team member to efficiently perform their regular job functions.
- IT will determine if the person’s network is secure or whether a company issued wireless router will be needed OR teleworkers will comply with [Teleworking Procedures] for implementing wireless networks securely.
- Wireless networks must be secured with a strong password, consisting of 16 or more characters.
- When possible, the home network used with (Company) Information Resources should be isolated from other devices and computers in the home.
- Only (Company) provided computing devices, such as desktops and laptops, may be used for working remotely.
- Computing devices must be secured with (Company) provided or approved:
- Active and up-to-date antivirus software
- Active local firewall
- Full-disk encryption
- Automatic screen lock
- Personnel are responsible for regularly rebooting their device in order to allow software patches and updates to be installed.
- Personally owned devices, including but not limited to USB memory, portable hard drives, mobile phones, MP3 players, iPods/iPads, and smart gadgets, are not allowed to be connected to (Company) equipment, including wireless connections.
- Maintenance of (Company) provided equipment must be provided or preapproved by IT.
- The printing of any non-public (Company) information must be preapproved by the Information Owner.
- The printing of any non-public (Company) information to a public printer is prohibited.
- Personnel must be preapproved by IT Technology and their manager for printing at a remote location. Personnel approved to print must have (or be supplied with) a shredder.
- IT will determine if the person’s network is secure or whether a company issued wireless router will be needed.
- The device used to print must be directly connected to the printer used. Wireless printing must be pre-approved by Information Technology and requires the use of strong encryption.
- All non-public (Company) information must be secured when not in use and shredded when no longer needed in accordance with (Company)’s Information Classification and Management policy.
- The printing of Confidential information at a remote location is not permitted.
- Remote personnel must use the (Company) provided phone or headset for all (Company) related calls.
- When other people are present in the remote work location, a headset must be used to safeguard the conversation.
- Workspaces must be secured to protect all (Company) equipment and maintain the confidentiality of all information related to the organization and/or its customers.
- Personnel must allow IT to inspect and/or retrieve the equipment provided to them at any time.
- The (Company) may inspect and/or retrieve any (Company) information maintained at home by personnel.
- The use of personal video surveillance on home entrances and exits is encouraged.
See Appendix A: Definitions
Waivers from certain policy provisions may be sought following the (Company) Waiver Process.
Personnel found to have violated this policy may be subject to disciplinary action, up to and including termination of employment, and related civil or criminal penalties.
Any vendor, consultant, or contractor found to have violated this policy may be subject to sanctions up to and including removal of access rights, termination of contract(s), and related civil or criminal penalties.