PS-5 – Remote Working Security

What is PS-5 – Remote Working Security Control?

Remote Working Security control is about putting processes in place to ensure that your employees working from home are secure when accessing your organization’s data. With the rise of working from home, cybersecurity attacks have increased. This is normal because employees don’t all have the same security safeguards as provided in the office; therefore, it is important to provide guidance and the necessary support to help employees secure their network when accessing the organization’s data.

Available tools in the marketplace

Tools

No tool recommendation is made for this section.

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version.

• Externally outsourced available template from SHRM

Control implementation

To implement this control,

You need to define and document best practices for your employees working from home. Examples of best practices include:

• Public use of wi-fi
• Remote access via VPN
• Keeping data on work computers only
• Physical security while working remotely

What evidence do auditors look for?

Most auditors, at a minimum, are looking for the below-suggested action.

1. A documented telecommuting policy

Evidence example

For the suggested action, an example is provided below:

1. A documented telecommuting policy
   The following screenshot shows a sample of “Telecommuting Policy and Procedure”.