A policy is a statement of management’s intent, and is usually supported by a more detailed procedure or protocol. It’s good practice to have a policy that covers your organisation’s approach to data protection when it comes to staff or contractors working outside of the usual business premises. The following suggested content should assist with compiling your own policy.
In today’s world, in many cases it is far more viable for staff to work, either from home or from virtual offices. This usually exposes the organisation to risks that are not as easily manageable as they would be within the business precinct. It’s good practice to have the policy complement the homeworking contract or agreement. Make reference to any related documents such as your policies on data protection, information security and acceptable use of digital assets. Be specific about rules that apply to your organisation-issued equipment vs any personal equipment.
Security – not to leave laptops and printers unattended; securing laptops in locked cabinets; not allowing third parties to use the laptop
Acceptable use – equipment to be used in accordance with your acceptable use policy
Protection of information – in accordance with your policies and procedures such as data protection and information security; specific reference to personal data; saving data to and securing of approved devices; connecting to the organisation’s network; using private email accounts; conduct while participating in voice communications; password use and protection; security of wireless connections
The content herein is provided for your convenience and does not constitute legal advice.
Compliance Technology Solutions B.V. 2018