With remote work becoming the norm, organizations need to ensure that they have the right policies and procedures to ensure compliance with the applicable laws, regulations, and rules in their industry. This is something that both board directors (who oversee compliance) and management (who make compliance actually happen), need to consider.
Here we set out some of the key compliance areas that organizations need to be on top of in the remote work world.
Having secure IT systems in place is important from an operational perspective: It mitigates the risk of cyber-attacks, intrusions and unauthorised access. However, it is also a compliance exercise. A range of international standards (e.g., the ISO/IEC 27000-series), set requirements for IT security which may apply to your organization (depending on the industry). Processes must be in place to ensure employees access business assets through secure pathways. This often involves ‘virtual workplaces’ or ‘virtual private networks’ (‘VPNs’). Additionally, other security protocols to consider include multi-factor identity verification and access hierarchies determining who can access which business assets.
Managing Confidential Information
Employees may now have access to a range of confidential business information in their home. In many industries, the handling of this information is regulated (e.g., energy, health and legal sectors). Procedures need to determine how this information is to be handled (e.g., specifying that no confidential information is to be sent by email or stored on desktops). In addition, there should be some mechanism in place for auditing whether employees have complied with these obligations.
Personal Information Data Security
Employees may now have access to information which can identify customers or other individuals (‘personal information’), in their home. Under various data protection laws (e.g., the EU General Data Protection Regulation or the California Consumer Privacy Act), there must be processes in place for handling this information and enabling customer rights to access or, in some cases, delete, that information. If personal information is now to be widely dispersed across different employees’ homes and on their personal devices, businesses need to consider how they will respond to any request from an individual to access that information (a ‘Data Subject Access Request’).
Health and Safety
As the employer, you are still generally responsible for employee health and safety, even while employees are working out-of-office. For example, organisations need to consider whether staff have access to ergonomic workstations and whether there is other support for staff wellness that can be provided remotely. Review your remote work policies to ensure they are in compliance with health and safety regulations.
Compliance with employment laws, generally, requires companies to follow certain processes before termination of employment. After leaving the office environment, there may be some employees whose performance suffers. Similarly, there may be some staff who were already under-performing and continue to do so. However, just as in a normal office environment, there need to be clear benchmarks for employee performance. For example, you might implement policies requiring that employees be available by phone call or messaging app throughout assigned work hours, or, in some cases the use of time-tracking software.
A crucial factor for ensuring ongoing profitability/staying within budget in your organisation, is correctly costing your services or jobs. With employees now working from home, some of your overheads will have changed. You may have had a rent reduction, or other costs may have gone down (e.g., lighting or heating). On the other hand, other overheads may have increased such as investment in remote working software. You need to reflect these changes in your job costing to protect your margins.
Processes and policies need to be in place for any employees that are able to charge expenses to the company. To start, an organization-wide ‘Expense Policy’ is a good business practice to prevent misuse or fraud. However, in many cases, it is also a compliance issue (for example, if you are funded through government contracts). As part of the remote work environment you may have allowed employees to charge extra expenses to the company, such as internet usage and working equipment. Management then needs to carefully monitor this expenditure (pre-paid company virtual debit cards are one option for achieving this).
As a first step to implementing some of these steps, we recommend that you introduce (or update) an employee Remote Working Policy. See here for a good example of a Remote Working Policy that has been implemented in a public sector organization.
Looking for security-compliant software to support your remote work arrangements? Convene’s remote meeting solution enables organisations to securely meet, collaborate, and share files remotely. Read more or request your free trial here.