ISO27001 Mobile and Remote Working Policy Beginner’s Guide

ISO 27001 Mobile and Remote Working Beginner's Guide

What a mobile and teleworking policy contains, how to write it and download the template.

ISO27001 Mobile and Remote Working Policy Ultimate Guide author Stuart Barker High Table

Table of contents

What is the Mobile and Teleworking Policy?

The Mobile and Teleworking Policy is used to manage the risks introduced by using mobile devices and to protect information accessed, processed and stored at teleworking sites. Mobile device registration, assigned owner responsibilities, Mobile Firewalls, Remote Wipe and Back up are covered in this policy. This is also the Remote Working policy.

Fay-Barker-Hight-Table-1

Mobile and Remote Working Policy

Download Mobile and Remote Working Policy
ISO27001 Mobile and Remote Working Policy-Black

Remote working is becoming more common place. Whether working from home or virtual offices people are spending less time in the main company office. The policy will address the potential risks that this poses to information security.

How to write a mobile and remote working policy

Time needed: 4 hours.

How to write a mobile and teleworking policy

  1. Include a Purpose Statement

    To manage the risks introduced by using mobile devices and to protect information accessed, processed and stored at teleworking sites.

  2. Include a Scope Statement

    All company employees and external party users.
    All company mobile devices.
    All personal devices used to access, process or store company information.

  3. Include a Principle Statement

    Mobile devices and remote sites are to have adequate protection of company information.

  4. Include an Overview Statement

    The policy includes the popular Bring Your Own Device Policy, often abbreviated to BYOD. There are considerations for data protection and GDPR. The policy is not designed to prevent employees from flexible working, rather it is intended to protect the information assets of the business in a practical and pragmatic way. Where possible it would be good practice for mobile devices that connect to confidential business data to be provided by, and managed by, the business. These would be managed by the asset management process and covered by the asset management policy.

  5. Write content for the required sections

    The required sections are:
    Mobile Device Registration
    Mobile Device Assigned Owner Responsibilities
    Mobile Device Firewall
    Mobile Remote Wipe
    Mobile Back Up
    Teleworking / Remote Working Policy
    Bring Your Own Device Policy ( BYOD )
    Policy Compliance
    Compliance Measurement
    Exceptions
    Non-Compliance
    Continual Improvement

Remote Working FAQ

Can I use my own device at work?

Yes. Technically this is possible. It is about risk mitigation. Restricting access to confidential and sensitive data based on role based access in addition to having technical controls on the device will reduce the risk.

Is BYOD, Bring Your Own Device and the Mobile and Teleworking Policy the same thing?

Yes. They all cover the same topics.

My manager wants an iPad in breach of policy. Is that allowed?

A policy is a statement of what you do. A policy is flexible enough to cover exceptions. By using compensating controls this can be perfectly fine. You would record the exception and authorise it via the Management Review Team meeting. Examples of compensating controls include: role based access, signing a waiver and acceptance, additional technical controls, regular device audit.

ISO 27001 Templates Toolkit Business Edition Black
ISO27001 Policy Templates Pack Green

FREE 30 minute ISO27001 strategy session.

Claim your 100% FREE no-obligation 30 minute strategy session call (£1000 value). This is strictly for small businesses who are hungry to get ISO27001 certified up to 10x faster and 30x cheaper.

GET BOOKED
ISO27001 Certification Stragey Call

Related Posts

Shopping Cart