When to use this
Use this checklist before approving remote work or during periodic review of remote working controls.
Related controls
Checklist
- Remote working activity is authorized.
- Location type is approved for the activity and data.
- Remote equipment is organization-approved or otherwise risk-approved.
- Equipment is included in the asset register where applicable.
- Storage encryption is enabled.
- Screen lock and timeout are configured.
- Endpoint protection and patching are current.
- Secure access method is enforced.
- MFA is enabled.
- Remote access is limited to required systems and information.
- Public-location restrictions are communicated.
- Printing and paper handling rules are defined.
- Non-work use rules are acknowledged.
- User has completed remote working awareness/training.
- Control verification evidence is recorded.
Review record
| Field | Value |
|---|---|
| Person/role | TBD |
| Device | TBD |
| Location type | TBD |
| Approved data/activity | TBD |
| Review result | Approved / conditional / rejected |
| Evidence location | TBD |
| Owner | TBD |
- Template
- Iso27001
- Remote working
- Checklist
Note Metadata
Aliases: Remote Work Security Checklist
Source: 90 Templates/Remote Working Security Checklist.md