Governance

GOV041

Before working away from the office

Understand the different ways of working away from the office, the risks your organisation could be exposed to, and how to approach planning to reduce those risks.

Ways of working away from the office

The two main ways that people work away from the office are through mobile or remote working.

  • Mobile working is mainly adopted by people who travel a lot and typically work in a public setting with limited security controls in place. For example, when visiting customers or clients, doing field work, commuting, or working in a cafe or airport lounge.
  • Remote working is when people work from controlled, fixed environments where the security risks have been assessed and security measures are in place. For example, people who regularly work from home, or work from an alternative location to their organisation’s office.

These flexible arrangements might be temporary or permanent, and they usually rely on technology to enable people to do their jobs effectively.

Working away from the office involves risks

Your people can face a variety of risks when they work away from the office. And these risks can sometimes extend to family, friends, and associates.

Working away from the office also increases risks to your organisation’s information and assets — they can be lost, misused, stolen, damaged, or destroyed.

The risks vary greatly depending on the amount of control that your organisation has on the environment where your people work.

Plan ahead to reduce your risks

Your organisation may find it hard to implement some elements of protective security in mobile and remote working scenarios. However, you must take all reasonably practicable steps to ensure the safety of your people, information, and assets.

To help you do that, consider the Information Security Lifecycle and Physical Security Lifecycle. In summary, you need to implement these five stages.

  • Understand the risks to your people, information, and assets (your vulnerabilities).
  • Assess the risks of threats happening and their likely impacts on your people and organisation.
  • Design and implement the security measures you need to protect your people, information, and assets.
  • Maintain secure operations and deliver needed support to your people.
  • Review and learn from security incidents. Improve your security measures, so they remain fit for purpose.

Page last modified: 31/10/2018