Before you can protect your people, information, and assets in working away from the office scenarios, you need to understand the likely risks and their impacts.
Your organisation has a responsibility under the Health and Safety at Work Act 2015 (and any associated regulations and codes of practice that apply) to take all reasonably practicable steps to:
- address any risks to your people
- prevent injury to people in and near your facilities (including the public).
The safety and security of your people should take precedence over the security of your information and assets. Your people should not unreasonably put themselves at risk of injury or harm to protect information or assets.
You need to:
- identify potential hazards, threats, and risks (including personal risks when carrying or protecting valuable information and assets)
- assess the likelihood of hazards or risks occurring.
Assessing the risks of mobile working
Consider the risks to your people, information, and assets from mobile working. Your people might carry out mobile working using portable devices such as laptops, notebook computers, tablets, and smartphones.
Assessing the risks of remote working
Consider the risks to your people, information, and assets from remote working. When people work remotely, they might use hard copies of information or technology, such as mobile devices, personal computing devices, and wireless networks.
Assessing physical security for official information and assets
Before your people use any workspace outside the traditional office, work out how you will protect official information and assets that might be stored or used there.