Adopt a consistent and structured approach to protecting your people, information, and assets when people are working away from the office.
Working away from the office
More organisations are adopting flexible working arrangements for their people (staff and contractors) and equipping their people to work anywhere, at anytime. As a result, working outside of traditional offices is becoming commonplace. Your people may use mobile devices such as laptops, notebook computers, tablets, and smartphones to do their work. They may also carry hard copy documents, though this is becoming rare.
Your people may work from home, hotels, or conference venues. They may work while visiting client offices, on public transport, or during fieldwork. These ways of working all carry risks. Use the guidance in this section to help you identify and reduce risks to your people, information, and assets. Remember that legislative requirements may take precedence over this guidance.
Planning for people to work overseas? Check the following sources for guidance:
- Officials travelling overseas
- New Zealand Information Security Manual - Working Off-Site
- Travelling Overseas with Electronic Devices
See the following sections for guidance on working away from the office.
Understand the different ways of working away from the office, the risks your organisation could be exposed to, and how to approach planning to reduce those risks. Ways of working away from the officeThe two main ways that people work away from the office are through mobile or remote working.
Before you can protect your people, information, and assets in working away from the office scenarios, you need to understand the likely risks and their impacts. Your organisation has a responsibility under the Health and Safety at Work Act 2015 (and any associated regulations and codes of practice that apply) to take all reasonably practicable steps to: address any risks to your people prevent injury to people in and near your facilities (including the public).
Put a range of physical and information security measures in place to keep your people, information, and assets safe when working away from the office. When your people are working away from the office, your organisation must: ensure your people are appropriately briefed and trained to comply with your security and safety requirements and procedures mitigate the risks to your people, information, and assets to an acceptable level before you approve any arrangements for working away from the office apply security measures that give assurance in information and asset-sharing arrangements.