With remote work becoming the norm, organizations need to ensure that they have the right policies and procedures to comply with their industry’s applicable laws, regulations, and rules. This is something that both business owners (who oversee compliance) and the workforce (who make compliance happen) need to consider.
Here we set out some key compliance areas that businesses need to be on top of in the remote work world.
Having secure IT systems in place is important from an operational perspective — it mitigates the risk of cyber-attacks, intrusions, and unauthorized access. However, it is also a compliance exercise. Depending on the industry, a range of standards and requirements for IT security may apply to your organization.
Processes must be in place to ensure employees access business assets through secure pathways. This often involves ‘virtual workplaces’ or ‘virtual private networks’ (‘VPNs’). Security-compliant software can also help manage remote work while allowing seamless collaboration. Additionally, other security protocols include multi-factor identity verification and access hierarchies determining who can access which business assets.
Managing Confidential Information
Employees may now have access to a range of confidential business information in their homes. In many industries, the handling of this information is regulated (e.g., energy, health, and legal sectors). Procedures need to determine how this information will be handled (e.g., specifying that no confidential information must be sent by email or stored on desktops). In addition, there should be some mechanism in place for auditing whether employees have complied with these obligations.
Personal Information Data Security
Employees may now have access to information to identify customers or other individuals (‘personal information’) in their homes. There must be processes in place for handling this information and enabling customer rights to access or, in some cases, delete that information. Personal data is now widely dispersed across different employees’ homes and on their devices in remote working. Businesses need to consider how they will respond to any request from an individual to access that information.
Health and Safety
Employers are still generally responsible for employee health and safety, even while employees are working out-of-office. For example, businesses need to consider whether staff has access to ergonomic workstations and whether other support for staff wellness can be provided remotely. Review your remote work policies to ensure they comply with health and safety regulations.
Compliance with employment laws, generally, requires companies to follow specific processes before termination of employment. After leaving the office environment, there may be some employees whose performance suffers. Similarly, there may be some staff who were already underperforming and continue to do so.
However, just as in a normal office environment, there need to be clear benchmarks for employee performance. For example, you might implement policies requiring that employees be available by phone call or messaging app throughout assigned work hours or, in some cases, the use of time-tracking software.
A crucial factor for ensuring ongoing profitability in your business is correctly costing your services or jobs. With employees now working from home, some of your overheads will have changed. You may have had a rent reduction, or other costs may have gone down (e.g., lighting or heating). On the other hand, other overheads may have increased, such as investment in remote working software. You need to reflect these changes in your job costing to protect your margins.
Processes and policies need to be in place for any employees that can charge expenses to the company. To start, an organization-wide ‘Expense Policy’ is a good business practice to prevent misuse or fraud. However, in many cases, it is also a compliance issue. As part of the remote work environment, you may have allowed employees to charge extra expenses, such as internet usage and working equipment. Management then needs to monitor this expenditure carefully.
As a first step to implementing some of these steps, it is recommended introducing or updating an employee Remote Working Policy. The regulations in your policy are dependent on your business and the above considerations. Start now by evaluating the needs and capabilities of your company.