D

Semantic Search

Document Manager
← Back to all documents

Author: shaoun

Internal Policy: Remote Work & Data Security (v3.2)

Created on March 04, 2026

Organization: NexaTech Solutions

Effective Date: January 15, 2025

Applies To: All full-time employees, contractors, and interns

1. Purpose

This policy defines requirements for remote work eligibility, security controls, data handling, and acceptable device usage to protect company and customer data.

2. Remote Work Eligibility

Employees may work remotely up to 3 days per week with manager approval. Fully remote roles require VP-level approval.

Ineligible roles:

  • On-site IT infrastructure staff
  • Physical security personnel
  • Hardware lab engineers

Remote work must be performed from:

  • Employee’s registered home address, or
  • Pre-approved co-working spaces

Working from public locations (e.g., cafes, airports) is permitted only if:

  • A company-issued VPN is active
  • Screen privacy filters are used
  • No confidential calls are conducted

3. Device Requirements

Only the following devices may access company systems:

  • Company-issued MacBook (macOS 13+)
  • Company-issued Windows laptop (Windows 11 Enterprise)
  • Mobile devices enrolled in MDM (Mobile Device Management)

Prohibited:

  • Personal laptops
  • Jailbroken/rooted mobile devices
  • Shared family computers

All devices must:

  • Use full-disk encryption
  • Enable automatic OS updates
  • Have CrowdStrike Falcon endpoint protection installed
  • Auto-lock after 5 minutes of inactivity

4. Data Classification

Data is categorized into:

  1. Public – Approved for external distribution
  2. Internal – Non-public business data
  3. Confidential – Customer data, financial records, source code
  4. Restricted – PII, health records, government-regulated data

Restricted data must:

  • Never be downloaded locally
  • Be accessed only via secure VDI (Virtual Desktop Infrastructure)
  • Use MFA (Multi-Factor Authentication)

5. Incident Reporting

Security incidents must be reported within 1 hour to:

Examples of reportable incidents:

  • Lost or stolen device
  • Phishing email clicked
  • Unauthorized access attempt
  • Accidental data exposure

Failure to report may result in disciplinary action up to termination.

6. Monitoring & Compliance

The company reserves the right to monitor:

  • VPN logs
  • Email metadata
  • Endpoint security alerts

Quarterly audits are conducted by the Information Security team.

Non-compliance may result in:

  • Suspension of remote privileges
  • Formal warning
  • Employment termination

7. Exceptions

Policy exceptions require:

  • Written request
  • Director-level approval
  • Security risk assessment

Approved exceptions are valid for 90 days unless renewed.

Find Similar Documents

Adjust minimum similarity threshold and search across document embeddings.