UnixTime

Research Note

Remote Working Security Checklist

Use this checklist before approving remote work or during periodic review of remote working controls.

On this page

When to use this

Use this checklist before approving remote work or during periodic review of remote working controls.

Checklist

  • Remote working activity is authorized.
  • Location type is approved for the activity and data.
  • Remote equipment is organization-approved or otherwise risk-approved.
  • Equipment is included in the asset register where applicable.
  • Storage encryption is enabled.
  • Screen lock and timeout are configured.
  • Endpoint protection and patching are current.
  • Secure access method is enforced.
  • MFA is enabled.
  • Remote access is limited to required systems and information.
  • Public-location restrictions are communicated.
  • Printing and paper handling rules are defined.
  • Non-work use rules are acknowledged.
  • User has completed remote working awareness/training.
  • Control verification evidence is recorded.

Review record

Field Value
Person/role TBD
Device TBD
Location type TBD
Approved data/activity TBD
Review result Approved / conditional / rejected
Evidence location TBD
Owner TBD