Governance
Adopt a consistent and structured approach to protecting your people, information, and assets when people are working away from the office.
GOV040
Working away from the office
More organisations are adopting flexible working arrangements for their people (staff and contractors) and equipping their people to work anywhere, at anytime. As a result, working outside of traditional offices is becoming commonplace. Your people may use mobile devices such as laptops, notebook computers, tablets, and smartphones to do their work. They may also carry hard copy documents, though this is becoming rare.
Your people may work from home, hotels, or conference venues. They may work while visiting client offices, on public transport, or during fieldwork. These ways of working all carry risks. Use the guidance in this section to help you identify and reduce risks to your people, information, and assets. Remember that legislative requirements may take precedence over this guidance.
Planning for people to work overseas? Check the following sources for guidance:
- Security advice for New Zealand Government officials travelling overseas
- www.safetravel.govt.nz
- New Zealand Information Security Manual - Working Off-Site
- Travelling Overseas with Electronic Devices
See the following sections for guidance on working away from the office.
Before working away from the office
Understand the different ways of working away from the office, the risks your organisation could be exposed to, and how to approach planning to reduce those risks. Ways of working away from the officeThe two main ways that people work away from the office are through mobile or remote working.
Understanding and assessing the risks
Before you can protect your people, information, and assets in working away from the office scenarios, you need to understand the likely risks and their impacts. Your organisation has a responsibility under the Health and Safety at Work Act 2015 (and any associated regulations and codes of practice that apply) to take all reasonably practicable steps to: address any risks to your people prevent injury to people in and near your facilities (including the public).
Designing and implementing your security measures
Put a range of physical and information security measures in place to keep your people, information, and assets safe when working away from the office. When your people are working away from the office, your organisation must: ensure your people are appropriately briefed and trained to comply with your security and safety requirements and procedures mitigate the risks to your people, information, and assets to an acceptable level before you approve any arrangements for working away from the office apply security measures that give assurance in information and asset-sharing arrangements.
