Governance

GOV044

Assessing the risks of remote working

Consider the risks to your people, information, and assets from remote working.

When people work remotely, they might use hard copies of information or technology, such as mobile devices, personal computing devices, and wireless networks. 

Arrangements for working from home regularly might be:

  • part of a normal work arrangement, either full-time or part-time
  • for hours outside of normal work hours (known as ‘day extenders’)
  • part of a regular casual remote-working arrangement (for example, for a primary caregiver).

 Ongoing arrangements for people to work from an alternative location might be at:

  • a client premises, where your organisation has some ability to provide protective security
  • another location (for example, business continuity sites or regional sites)
  • another organisation's facilities.

 Consider supplying day extenders and part-time remote workers with dedicated portable devices to avoid synchronisation problems and to reduce costs.

Day extenders may expect ICT support at any time, day or night.

Work from an alternative office space could be in a business continuity site or regional site, in another organisation's facilities, or at a client's workplace where your organisation has some ability to provide protective security.

Specific risks to consider

Additional security risks may be associated with remote working. Remote work locations are often fixed and their locations known to many, including:

  • people working remotely and their associates
  • other members of your organisation and their associates.

Your organisation must assess the security requirements of all potential locations for remote work, including:

  • security clearance management
  • personal security and safety
  • information and ICT security
  • physical security.

Use the following checklist to help you assess the risks.

Remember that people working away from your office without ICT support may still have access to hard copies, information in electronic formats, and equipment that must be protected. 

Assessing physical security for remote work locations

The right level of physical security for a remote work location depends on the Business Impact Level (BIL) of the potential harm to your people, information, and assets.

Applying the BIL helps you to get the level of security right.

When the BIL is assessed as high or above, you must ensure the security measures for any proposed locations are suitable before you implement any arrangements for remote work.

For lower BILs, you should assess the suitability of security measures in potential locations and improve them when necessary.

Security zone requirements might apply to some locations. Security zones help to protect official or valuable information and resources. Most locations will meet zone 2 requirements without needing significant modifications to the site. 

Security alarm system options for remote working

Consider the need for security alarm systems in remote-working arrangements during your risk assessment.

If a security alarm system is required, use a system that meets AS/NZ 2201.1:2007 Class 2 or above.

 

Page last modified: 4/05/2022