Guest Post by Marie Murphy, Fort Privacy

These days we are all talking about the “New Normal”. Whether we apply that to how we shop, or what’s happening in schools and creches or how the GAA is adapting to get people back playing games, there seems to be a general acceptance that for now at least things are going to move in a new direction and we need to adapt.

For a lot of us, the new normal of work will mean a lot more time spend accessing our office from a distance. What we used to call “remote working” and reserve for the special few is becoming just simply working and applied to many.

In March, a lot of companies pulled together remote working procedures in a hurry. Managers and IT staff were immediately concerned with keeping the lights on by making a very fast transition of the workforce from office to home working environments.

As the Covid-19 situation evolves, our organisations need to revisit these hastily assembled procedures and really think through the implications of remote working at scale and over the long term.

We always find putting a policy in place is an excellent exercise to bring clarity to these situations. It forces the company to consider the whats, whys and wherefores and take control of the situation rather than allowing the situation to take control of them.

So as a follow-up to the webinar delivered by Fort Privacy and CalQRisk [link to recording] this week we have compiled the 10 Things You Must Consider When Drafting Your Remote Working Policy.

1. Who is eligible to work remotely? This could be a list of the roles that are suited to home working or event a decision that someone must be with the company for 12 months before it is considered possible to have them working outside the office.
2. What is the approval process? Can the manager approve? Must it get a second line approval? Do you need to involve HR or IT to assess the remote work environment and infrastructure for suitability?
3. What should the home working environment look like? Do you need to assess the space for suitability? Do you require the employee to have a dedicated workspace and what type of space qualifies and what does not? Will you require the employee to implement a clear desk policy in the home office? If the employee cannot provide a suitable space will you arrange for access to a suitable remote office facility?
4. What about an assessment of the equipment Is there a desk, lighting, chair, storage? Who is responsible for providing equipment and what standards do you expect?
5. What are the working conditions? Are remote workers expected to be at their desks for fixed hours or do you allow for more flexibility in the working arrangements?
6. How will you measure employee performance and assess if the remote working arrangement is working for the employee and company? How will job performance be monitored? If the employee performance suffers, what action will be taken? Will the remote working arrangement be terminated?
7. How will remote work accounts be managed to ensure secure remote access? How are the accounts granted, authenticated, and revoked?
8. How will devices be configured and managed? What level of password protection, encryption, screen timeouts needs to be implemented? How will patch updates be pushed out and what anti-virus configuration will be implemented?
9. What apps are authorised? What software applications are authorised to remote use, are these apps all configured with multi-factor authentication? Will remote workers be permitted to download applications to their devices and if so, how will this be monitored?
10. If there is a security incident at home what should the remote worker report? How quickly do you expect an incident to be reported to you?

Remote working is part of the new normal for a very significant portion of the workforce. In many cases it a new normal we want to hang onto because it eliminates terrible commutes and wasted hours in the car or on packed public transport. We work smarter and as an added bonus we get to spend more quality time with our families and friends. And the past few months have thrown a lot of us in the deep end and proven that it works.

If it is to continue to work, it's time to start formalising the arrangements protecting your company and your employees and creating a healthy environment that everyone will benefit from.

Marie Murphy (marie.murphy@fortprivacy.ie) is co-founder and COO of Fort Privacy, an innovative data protection services company based in Cork offering clients outsourced Data Protection Officer Services, tailored compliance programmes and audits all based on the Fort Privacy Maturity Model Framework.

____________________

If you are interested in learning more about how CalQRisk can help with Control Registers, Control Testing and more, click here to contact us.

We would love to hear your opinion on what works and doesn’t work in your organisation in terms of the management of controls? Feel free to send your feedback to us at enquiries@calqrisk.com.