What to Include in a Remote Work Policy

Workplace policies are what protect and (in some cases) restore order across organizations of all sizes and types. Without the right policies in place, your organization faces security, productivity, and bottom-line threats that, left unchecked, can lead to irreparable harm. Further, with remote work numbers at an all-time high, the need for specific remote work policies is more prevalent than ever.

Remote work policies ensure that remote users and devices are managed properly and securely. Creating these policies makes secure and compliant remote work possible. These policies also help protect your organization’s bottom line and boost morale among on-site, hybrid, and remote workers.

Why You Need a Remote Work Policy

Nonexistent communication, including written expectations and rules around remote work can have dangerous consequences. Without specific remote work policies in place, you run the risk of employees making harmful or risky decisions, feeling lonely to the point of quitting, getting away with being highly inefficient, and more. Luckily, the potential disadvantages of remote work can all be avoided by providing a proper policy to employees in writing. 

Despite how important it is to establish remote work policies, many organizations struggle with what to include in a remote work policy and how to communicate it to employees and stakeholders. If you’re struggling with this, use this article as a guide for establishing an organization-wide remote work policy.

Drafting a Remote Work Policy

If your organization has remote workers or wants to offer remote work opportunities, it’s time to prepare a comprehensive remote work policy that includes sections on:

• General information and processes
• Equipment and resources
• Expectations
• Processes
• Security measures
• Contact information

Keep in mind that if you expect that your organization’s remote work policies will vary greatly between departments, consider drafting a general, company-wide remote work policy, as well as department-specific policies.

Here’s an outline of items that can be included in any remote work policy:

General Information and Processes

The general section of your remote work policy needs to include information on the purpose and scope of the policy, as well as general guidelines and processes that are applicable to most employees.

Eligibility

• What departments, teams, or types of roles are eligible for remote work opportunities.
• How often employees are allowed to work remotely.
• How long an employee must work for your organization before they’re eligible for remote work.

Hybrid Office Information 

If you plan to have office space available for employees only working remotely part-time, specify:

• How often they’re expected to work from the office space.
• Where the office space(s) is located.
• The process for going between in-office and remote work.
  • Communicating what days people will be in the office or at home.
  • How employees need to sign up for office spots.
  • How employees enter the office (key card, digital code).

Meetings, Reviews, and Activities

Set policies around how often they need to occur and what tools can be used for: 

• One-on-ones with managers.

• Team all-hands meetings.
• Client kickoff meetings.
• Performance reviews.
• Employee learning and development activities.
• Team bonding activities.

Processes

• Onboarding process for remote new hires.
• Offboarding process for remote employees leaving the organization.

Equipment & Resources

Whether you plan to provide remote users with company-issued laptops or phones, allow personal devices used for work purposes, or provide a stipend for home offices, it’s important to set expectations for these things in a remote work policy.

Company-Issued Devices

• What technology will be provided for remote work based on department, team, role, or other factors.
• What resources such as apps and other digital tools will be provided to remote employees to ensure that work gets done efficiently.
• How employees are expected to use company-issued equipment.
• How to return or request new equipment.

Bring Your Own Device (BYOD)

To better control the BYOD trend in your organization, create a specific BYOD policy as part of an overall remote work policy. This can include:

• Any stipend or reimbursement options you want to offer to employees purchasing necessary equipment for their home offices.
• How personal devices used for work purposes will be monitored and secured.
• Productivity expectations on personal devices and how progress will be tracked.

Access 

• How remote employee access to organizational resources will be provisioned, monitored, and secured. Consider using the principle of least privilege access.
• Access and security best practices with a specific cadence for remote employee training.
• Conditional access policies that will be on remote employees’ devices that prohibit them from working on public/unknown networks, hotspots, shared devices, etc.

Expectations

Don’t forget to outline non-technical remote work expectations, such as:

Working Hours and Breaks

• General working hours.
  • For example, employees can choose any hours to work between 6 a.m. – 6 p.m., or they need to work from 8 a.m. – 5 p.m., or it depends on their team.
• Break expectations — many organizations don’t set specific break guidelines as long as individual productivity goals are being met.

Productivity and Goals

• Productivity expectations.
  • Example: If productivity goals are not being met and a conversation about it has taken place, give the employee a certain period of time to get back on track, or request that they come back into the office.
• Best practices for remote employee goal setting.
• How productivity will be measured and tracked.

Communication

• How often employees need to check in with their manager.

• What tools need to be used for different types of communication.
• The process for requesting and communicating time off.
• How to report technical difficulties that result in downtime during expected working hours.

Security Measures

Be sure to describe all security measures that will be implemented on remote users’ devices, as well as expectations around security best practices and training that have not already been mentioned in your remote work policy. This might include: 

• Conditional access policies
• Password complexity and change policies
• Multi-factor authentication (MFA)
• General device, network, and access security policies
• How and when employees are expected to report lost or stolen devices, phishing attempts, etc., and that they will not be punished as long as they report what happened within a specific time frame.

Contact Information

Outline who to contact regarding different types of issues. Include contact info for:

• Security
• IT
• Management
• HR

Creating Your Remote Work Policy

Every organization will have a different overarching remote work policy. Not everything listed here needs to be included, and you might find that items not mentioned here do need to be included in your policy. A helpful strategy for putting together a remote work policy is being specific in areas regarding security and compliance, while leaving other less important areas more general and flexible.

Don’t forget, this policy is a living document that can be iterated upon as things change, just be sure to communicate any changes to the entire organization, especially those directly affected. A remote work policy is just one of the many 2022 and beyond initiatives we recommend — find other resources, tools, and ideas in our IT Admin’s Toolkit.

The IT Admin's Toolkit for 2022 — Read, Download, and Customize Tools to Fit Your Needs

View Resources