Teleworking is a common practice for many organisations – it provides employees the freedom to work from home. Information security should not be overlooked. If elements of your organisations information assets are available at a remote location, a risk assessment needs to be conducted and appropriate controls applied. For most companies simply locking down information access may suffice, but if a lot of high value information is required the standard has extensive suggestions for how to secure a home location. This would force an organisation to consider the validity of home working and only implement it where information security risk is overshadowed by business opportunity.
Organisations could consider virtual machines, keeping information withing the operating environment, restriction on home networks, wireless access, intellectual property rights of material held on private equipment, access to private equipment, software licensing and patching, malware and firewall requirements, guidance for use, physical security, backups, audit considerations, and ultimately the remote disconnection and recovery of material in the event of change of role or termination of employment.