TELEWORKING POLICY

RECOM CONSULTING LIMITED

ISO 27001:2013

House 18 (Flat B2), Road 1/A, Block J, Baridhara, Dhaka 1212

 ISMS FRAMEWORK

Document Details

Document: TELEWORKING POLICY

Document Number: RCL/ISMS/L2/02

Version: 1.0

Document Date: 01-10-2021

Prepared By: CISO

Reviewed By: ISSC

Approved By: CEO

Classification Level: Internal

Modification History

Sl. No. Description of Change Date of Change Version No.

1 Initial Release 01-10-2021 1.0

This is an internal document prepared by RECOM CONSULTING LIMITED and it is strictly prohibited to be reproduced, utilization of
disclosure to any third party, in any form, without prior intimation to RECOM CONSULTING LIMITED
Page 2 of 7
 ISMS FRAMEWORK

1 CONTENTS
1 Contents ........................................................................................................................................................................3
1. Overview .......................................................................................................................................................................4
2. Purpose .........................................................................................................................................................................4
3. Scope .............................................................................................................................................................................4
4. Responsibility ................................................................................................................................................................5
5. Procedure ......................................................................................................................................................................5

This is an internal document prepared by RECOM CONSULTING LIMITED and it is strictly prohibited to be reproduced, utilization of
disclosure to any third party, in any form, without prior intimation to RECOM CONSULTING LIMITED
Page 3 of 7
 ISMS FRAMEWORK

1. OVERVIEW
Teleworking working is the use of Information Communication Technology (ICT) in enabling access
to RECOM information, from locations other than a user’s nominated place of work.

Working from home, whilst travelling, at a client’s site or at any other location away from the
established (physical) office may be attractive and offer benefits. However, opening up RECOM’s
information and systems through teleworking working also presents security risks. The use of
teleworking technologies allows intruders (hackers, electronic eavesdroppers, shoulder surfers,
etc.) to access, read and potentially modify RECOM Consulting Ltd.’s information and systems
without having to be on site.

2. PURPOSE

The purpose of this policy is to ensure that security of information and systems, accessed through
teleworking are given due importance. It is essential that staff have the knowledge that security
procedures and policies exist and they are understood and adhered to.

Information that is related to and can identify an individual is personal data and should be
protected. As such, appropriate technical and organizational measures should be taken against
accidental or deliberate loss, change, destruction of, or damage to personal data. This policy
ensures that both confidential information and personal data is adequately protected whilst
working remotely.

3. SCOPE

The scope of these policies includes all persons/parties who have access to Recom Consulting
Limited’s information and ICT systems belonging to or under the control of Recom Consulting
Limited including:

• Recom Consulting Limited employees;

• Contractors;
• Temporary staff;
• Partner organizations;
• Members of the public; and
• Any other party utilizing Recom Consulting Limited resources.

This is an internal document prepared by RECOM CONSULTING LIMITED and it is strictly prohibited to be reproduced, utilization of
disclosure to any third party, in any form, without prior intimation to RECOM CONSULTING LIMITED
Page 4 of 7
 ISMS FRAMEWORK

4. RESPONSIBILITY

Recom Consulting Limited IT personnel are responsible for ensuring that all staff and
managers are aware of security policies and that they are observed. Managers need to be
aware they have a responsibility to ensure staffs have sufficient, relevant knowledge
concerning the security of information and systems. Designated owners of systems, who have
responsibility for the management of ICT systems and information, need to ensure that staffs
are aware of their responsibilities towards security. Designated owners of systems and
information need to ensure they uphold the security policies and procedures.

5. PROCEDURE

• For teleworking, access to Recom Consulting Limited information, networks and

applications (including Recom Consulting Limited email) can be attained via the secure
(Virtual Private Network) access portal. This requires two factors of authentication, a
computer based certificate and User ID/Password.
• If home computer has a computer based certificate then access via the secure VPN to
Recom Consulting Limited networks can be attempted using Wi-Fi networks.
• It is possible to access Recom Consulting Limited email from a remote location (such as
home) using non-wireless or wireless technology. At the end of using this email service
staff must logoff Recom Consulting Limited webmail and close the browser window.
Failure to do so can leave the account accessible to unauthorized individuals.
• Connection to the Recom Consulting Limited’s network should only be attempted using
the domain logon and password credentials which staffs are issued with.
• Extra care should be taken to properly close all applications, network connections and web
browsers when using PCs, mobile devices and software not officially provided by Recom
Consulting Limited. Passwords, logon credentials and sensitive files can be left behind on
un-trusted devices, making them readily available to subsequent users.
• Staff should only use a home Wi-Fi system as a last resort but if this becomes necessary
they must ensure that the network is as secure as possible. Recom Consulting Limited
staff must connect via Wi-Fi WPA2 standard and that they adhere to the Recom
Consulting Limited’s Password policy.
• All users accessing Recom Consulting Limited networks or specialized external services via
teleworking must abide by the Recom Consulting Limited’s associated security policies
and procedures.
• Recom Consulting Limited IT management is responsible for ensuring that staff knows
how to use approved devices and software to connect to and safely/securely use Recom
Consulting Limited networks via teleworking.

This is an internal document prepared by RECOM CONSULTING LIMITED and it is strictly prohibited to be reproduced, utilization of
disclosure to any third party, in any form, without prior intimation to RECOM CONSULTING LIMITED
Page 5 of 7
 ISMS FRAMEWORK

• Managers must ensure that they have up to date contact and device information of their
staff making use of teleworking.
• Users conducting teleworking should not allow or give permission for unauthorized users
(including family and friends) to use that PC/mobile device.
• Any information concerning passwords, usernames, network credentials or requirements /
ability used to access the Recom Consulting Limited’s information and systems by
teleworking must not be shared with other staff, unauthorized users, third party vendors,
family, friends or members of the public.
• Teleworking devices distributed by the Recom Consulting Limited should only be used by
authorized parties for authorized Recom Consulting Limited business or purposes in
accordance with the Recom Consulting Limited’s Acceptable Use Policy and associated
security policies.
• Users should always be aware of the potential for other people (including family, friends,
colleagues and intruders) to overlook screens (shoulder surfing) and keyboards and view
personal, confidential information or passwords.
• During short periods of time when devices are not being used (e.g. when on the phone)
users should lock PCs and devices to prevent screens being overlooked. For example, on
PCs/laptops this can normally be achieved by holding down the ctrl-alt-del keys together
and choosing the ‘lock computer’ option or by holding down the Windows (flag) key and
hitting the L key.
• Users should ensure that all applications are properly closed/logged off, browsers are
closed and internet sessions are logged off, prior to network connections being logged off
and closed.
• On completion of work, teleworkers should fully power down or log off remote devices.
Devices should not just be suspended.
• Active equipment that is unlocked and in use should not be left unattended at any time.
• A password should be set up and used on all equipment that can be locked by use of a
password. For example ipad devices can be set locked using a password and this facility
should not be disabled by the user.
• Transfer of personal or restricted information must take place through a secure, encrypted
channel (identified by the https address prefix and padlock symbol) using suitable
software/applications.
• Person identifiable information and/or business data should not be stored on the PC. If
possible data should be accessed from and be stored on Recom Consulting Limited
servers or on password protected and encrypted portable/removable media.
• Users must not install or update any software on Recom Consulting Limited owned or
managed devices.
• Users must not install any screen savers on Recom Consulting Limited owned or managed
devices.

This is an internal document prepared by RECOM CONSULTING LIMITED and it is strictly prohibited to be reproduced, utilization of
disclosure to any third party, in any form, without prior intimation to RECOM CONSULTING LIMITED
Page 6 of 7
 ISMS FRAMEWORK

• Users must not download or install any applications or items on Recom Consulting Limited
owned or managed devices from the internet unless official authorization has been gained
from the IT and Management.
• Users must not alter or disable any element of the configuration of devices, including data
encryption and anti-virus software.
• Only Recom Consulting Limited provided removable media should be used and must be
safely ‘closed’ if necessary and removed from any device when finished with.
• Person identifiable information and data should only be sent using official channels,
authorized software/applications and official equipment deemed fit for the purpose. For
example, text messages containing person identifiable information and data should not be
sent via mobile phone.
• Staffs entrusted with an Recom Consulting Limited mobile device are responsible for
ensuring that it is regularly connected to the Recom Consulting Limited network for
automatic upgrade of anti-virus software and other software licensing agreements.
• In the event that a user becomes aware of an information or data breach or accidental
disclosure, this matter must be reported immediately as per the Recom Consulting
Limited’s Incident Reporting Procedure.

This is an internal document prepared by RECOM CONSULTING LIMITED and it is strictly prohibited to be reproduced, utilization of
disclosure to any third party, in any form, without prior intimation to RECOM CONSULTING LIMITED
Page 7 of 7