Remote Working

Before a remote working arrangement can commence there will be an initial risk assessment of the proposed environment and nature of the work to be carried out.

1. Nature of the Work: a major part of the risk assessment concerns the type of activities that are to be carried out as part of the arrangement. A full understanding needs to be gained of:

   • The classification of the information that will be stored and processed as part of the role
   • The method of access of the information
   • Whether the role requires that classified information is printed locally
   • The business criticality of the role and the consequences if it were unavailable

2. Physical Security: the risk assessment will also consider the physical security of the proposed work location:

   • Is there enough room to house the required equipment safely?
   • Is it in a separate area of the living accommodation?
   • Can the work area be secured e.g. via a locked door when not in use?
   • Who else has access to the work area?
   • Will the equipment be visible from outside the accommodation e.g. through a window?
   • What is the likelihood of theft in the surrounding area?
   • Can paper documents be locked away securely?
   • Is there an adequate and reliable power supply to the work area?

3. Insurance: the impact of remote working on the individual's home insurance should be investigated to ensure that any policies currently in place remain valid. Additional insurance may be required and if so it should be agreed in advance how this will be funded.

All of the provisions in the your organization Mobile Device Policy also apply to the remote working environment and this document should be read by all parties involved.

1. Equipment: the individual's own devices such as laptops or PCs could be used to access your organization information under your organization Mobile Device Policy. Users of mobile devices should adhere to your organization Mobile Device Management Policy.

2. Communications: in addition to client equipment the remote worker will wherever possible be provided with a physically separate communications link that is not connected in any way to existing domestic broadband or similar. This is to ensure that:

   • Network performance is not affected by other activities in the household;
   • The configuration of the router can be security-hardened according to organization policy;
   • The ability for other devices to connect to this link can be prevented through the protection of network keys, etc.

   A Virtual Private Network (VPN) should be used to ensure that all network traffic from the remote worker to your organization internal systems is encrypted to organization standards.

3. Backup and Virus Protection: where possible, no your organization information will be stored on the client machine. If this is unavoidable it is the responsibility of the remote worker to ensure it is backed up to the corporate network as soon as possible. Virus protection will be provided on all relevant equipment and configured to update automatically on connection to the corporate network.

your organization will provide remote employees with equipment that is essential to their job duties, like laptops, headsets, and/or smartphones (when applicable.) We will install VPN and company-required software when employees receive their equipment. If the equipment is not available and employees use their equipment for work, your organization will reimburse the employee for that use, consistent with legal requirements and this policy.

Equipment that your organization provides is Company property. your organization retains control over the property and reserves the right to monitor Company property even when used at your remote location. Employees must keep it safe and avoid any misuse. Equipment supplied by the Company is to be used for business purposes only. The remote worker will sign an inventory of all Company property received and agree to take appropriate action to protect the items from damage or theft. Employees must take proper measures to secure Company information, assets, and systems.

Device owners must:

• Keep their equipment password protected
• Store equipment in a safe and clean space when not in use
• Follow all data encryption, protection standards, and settings
• Refrain from visiting untrustworthy or suspicious sites
• Only download authorized software with prior approval
• Keep devices containing Confidential data in locked desks

your organization will pay the employee an allowance towards their BYOD, this allowance is understood to also cover any individual stationery items required by the individual.

| Country | NET per calendar month | |-----------------|-------------------------| | European Union | €100 | | UK | £80 | | Romania | RON 500 | | Canada | $125 | | US | $125 | | India | INR 8500 |

your organization will NOT reimburse the employee for the following charges: roaming, plan overages, etc.