Skip to main content
All CollectionsPolicy Center
Developing a Physical Security Policy for a remote team
Developing a Physical Security Policy for a remote team
Updated over 2 years ago

Many companies have asked how to develop their Physical Security Policy for a remote team. Drata consulted our auditor partners and developed the following list of ideas to consider including:

-Do not leave work devices in an unsecured place. Follow the same physical security habits that you would in a work setting: lock your screen when away from your computer, lock your doors, and do not leave your devices in the car.

-Do not let friends and family use work devices.

-Enable password protected screen savers to avoid accidental exposure of potentially confidential or sensitive information;

-Do not leave the laptop unattended in any situation, and place it in a secure location when not in use to prevent unauthorized disclosure;

-If traveling, the equipment must remain in the possession of the user as hand luggage at all times;

-Exercise caution with laptops in airports, especially at security screening checkpoints;

-All media is to be stored in a locked safe, furniture or a similarly secure location when not in use;

-Immediately report lost or stolen laptops to the Information Technology Department.

-Any paper documents containing sensitive data should be locked away in a secure location when the employee is not not in close proximity to their workspace.

-When traveling away from your home for an extended period of time, work equipment should be taken with the employee or locked away in a secure location, such as a safe, at the employee's home.

How can I apply the above guidance to my policy?

We recommend is the following:

  1. Replace what's currently under the ‘General’ section in the Physical Security Policy Template with what's described above.

  2. Delete the entire 'Access Requirements' and 'Building Standards per Location' sections.

  3. Keep the 'Data Center Security' section.

  4. Delete everything under the 'Asset Security' section, including any Appendices (this is effectively deleting the contents of the rest of the template).

  5. You may also want to modify the 'Scope' and 'Background' sections to clarify you're a remote company who uses the cloud.

Did this answer your question?