Remote Working - Remote and Mobile Computing Policy. Purpose 3. Strategic Aims 3. Introduction 3. Scope 5. Responsibilities 5.

Transcription

1 Brigade Order Human Resources Brigade Order 3 Part 5 Section Title Remote Working - Remote and Mobile Computing Policy Contents No. Purpose 3 Strategic Aims 3 Introduction 3 Scope 5 Responsibilities 5 Information 5 Software 6 ICT equipment 6 Loss, theft or damage 6 Remote network access 6 Storage and transmission of photographs using mobile devices 7 Managerial responsibilities and performance measures 7 Appendix A (FB426) Remote Working Guidance - Meeting between Line Manager and Remote Worker 1 of 17

2 Roles, Responsibilities and Review The Human Resources Manager and the ICT Manager are responsible for ensuring this Order is implemented across the Brigade. The Human Resources Manager and ICT Manager will be responsible for the day to day operation of the Order and will review this Order when organisational changes take place. 2 of 9

3 Brigade Order, Human Resources 3 Part 5 - Remote Working: Remote and Mobile Computing Policy Purpose To define the policy requirements in relation to the use of Shropshire Fire and Rescue Service s (SFRS s) mobile information assets. Remote working has been introduced to assist and support flexibility within SFRS. It can reduce costs by consolidating desk and office space and reduce time and travel costs e.g. an employee may, by agreement, be based from home or from a remote office (e.g. a Retained Fire Station). Remote working may also assist with partnership and community working by having staff readily available within agreed locations. Remote working can also be considered at the request of an employee in line with SFRS Flexible Working Requests (Brigade Order No 5 Part 14). Remote working offers flexibility to the organisation and employees to work, as agreed, away from the Service s main sites. It can raise productivity in that the remote worker can be more flexible and creative, with greater thinking time than in the office. They do not have to contend with noise in the workplace, telephones ringing continually, or the daily commute. This can result in effective time management and can improve their work-life balance. Remote working can raise morale, commitment and engagement within the organisation. The objective of this Order is to ensure that the information assets and information processing facilities of the Service are adequately protected with logical, physical and environmental controls when being used by employees who work in a remote or mobile capacity. Strategic Aims This Order supports: Strategic Aim 4 - to deliver a fire and rescue service, which provides value for money for our community now and into the future. Introduction For the purposes of this Brigade Order remote working is used to describe employees who are either permanently or temporarily based away from the Service s main sites (Shrewsbury HQ and Telford Training and Development Centre); working in a location that is separate from a central workplace by using telecommunication technologies. 3 of 10

4 Different options for remote working are: Mobile working employees classified as mobile workers will mostly work away from the office/base. They will have a choice of working from different locations with some requirements for office presence. This may require sharing their workspace when they are working from the office/base. Field Working employees classified as field workers will carry out their duties in an office base at retained stations or partner agencies such as councils, housing associations etc. Home working some posts will be suitable for home working as part of the contract of employment. Current employees may request home working subject to an approved business case being available. Ad hoc home working where the role demands office presence for the majority of the time but the role can be delivered to the same standards by introducing an element of flexibility. Remote working works best when: There is a clear business need to have employees based away from the Service s main sites e.g. RDS Fire Station to assist local community and partnership working. There is a specific, clearly defined and well-understood task to be completed. Uninterrupted, quiet time is needed to concentrate on the task. The employee s absence from the normal place of work can be catered for and managed. Remote Working is not advisable when: There is a clear business need to have employees based at the main Service HQ or at the Training and Development Centre, Telford. There is a need for frequent contact with colleagues/clients. There are likely to be other distractions at the remote base or at home (e.g. it is not to allow full time caring responsibilities). Access to information located in the office is frequently needed. Some jobs or activities within the Service may not be permitted under remote or mobile working e.g. financial transactions, processing of sensitive or personal data, some ICT roles All staff are required to comply with the Service s policies and procedures whether working at the Service s main sites, or working at remote sites e.g. Retained Stations, Community Hubs or working at home. 4 of 10

5 Scope This Order applies to all employees who use information assets and information processing facilities outside of their normal office environment. A mobile device is any equipment which has a self-contained power unit and can hold data; examples are (but are not limited to): Laptop computer Tablet Mobile telephone Smart Phone Mobile Data Terminal (MDT located on Service appliances). Responsibilities The ICT Manager shall approve the use of mobile devices and shall ensure that controls are made available to employees who engage in remote or mobile working, including any health and safety safeguards. The ICT department shall provide protection for all devices to ensure that data on mobile devices can be protected appropriately in line with this policy. They shall ensure that controls as defined in this policy are complied with through regular auditing. Line Managers must complete the remote working guidance form (see Appendix A) and liaise with ICT, HR and H&S officers/departments to ensure that staff are accountable for compliance with this Order. All employees who are authorised to process information assets using mobile computing techniques must use only mobile devices that have been approved. They are responsible for ensuring the integrity of the data they process and accountable for all assets that are allocated to them by the organisation. Information It is the policy of the Service to ensure that all information assets and information processing facilities used outside of a normal office environment receive appropriate protection in accordance with HMG Security Policy Framework and Government Security Classification. Such protection shall be commensurate to the value of the information assets that is determined by the Information Asset Owner based upon confidentiality, integrity and availability. Inappropriate removal of information assets and inappropriate treatment may cause breaches leading to the Service potentially suffering financial or reputational loss. The Data Protection Act has implications for remote/home working. The Information Commissioner will fine the ity for any serious breach of the Data Protection Act so it is essential employees are aware of the implications surrounding: 5 of 10

6 Ownership of data Access to data by family members and others Electronic data at home and transferring this Paper data/equipment and transferring/transporting this Software Only software authorised by the Service s ICT department shall be installed on remote and mobile equipment supplied by the Service. For the avoidance of doubt, employees may not install software without authorisation/support from ICT. ICT equipment All information processing facilities provided to employees using mobile computing shall be maintained with due diligence. Sufficient controls shall be taken to ensure that the equipment is secured at all times. Any mobile device that allows the storage of s and information must be password protected and never left unattended and logged on. Employees are accountable for unauthorised access and must protect their password at all times. If a password is suspected to have been compromised the ICT Helpdesk can be contacted for advice on changing passwords. Employees must carry and store equipment with care to reduce the chance of accidental damage. Faults with any supplied equipment shall be reported to the ICT Helpdesk immediately. ICT equipment should not be left in unattended vehicles as they are not insured under such circumstances. Employees shall not loan their mobile device or allow it to be used by others such as family and friends. Non-corporate wireless networks can be used to gain remote access to the Service s network using the equipment issued. The use of own devices is not allowed. Loss, theft or damage Loss, theft or damage to any mobile device shall be reported immediately by the employee to the ICT Helpdesk so that the equipment can be disabled. In the event of avoidable damage, an employee may be required to pay towards the cost of replacement of the mobile device. Remote network access Remote/mobile access to information assets shall be restricted to authorised employees and shall be protected by appropriate physical and logical authentication and authorisation controls. 6 of 10

7 Storage and transmission of photographs using mobile devices Photographs of incident scenes are likely to be classed as personal data and will be subject to the provisions of the Data Protection Act They shall be treated in accordance with Data Protection principles and in particular shall not be stored on a mobile device for longer than necessary, transmitted to a third party or uploaded to the Internet or social networking sites. Managerial responsibilities and performance measures Direct supervision of remote workers is not possible as managers cannot physically observe their employees performance. Also providing timely, reliable and constructive feedback is more challenging for managers of remote workers. Security and storage of documents and sensitive data (either in hard copy or electronically) and the disposal of data must all be discussed and agreed between the employee/line manager and ICT Manager. All staff are required to comply with the Service s policies and procedures whether remote working from home or at an office base. The Service stresses the importance of document and IT security including storage and transportation. Advice must be sought from the ICT Manager. The Service also stresses the importance of Health and Safety, advice must be sought from the Health and Safety Manager A breach of the organisation s rules will invoke formal disciplinary procedures (see Brigade Order HR No.10 Part 1). Employees working from a remote base will be subject to the same performance measures, processes and objectives that apply to all office based employees. The option to work remotely is at the discretion of the Manager and may be withdrawn if organisational need requires the employee to work from the Service s main sites. Where organisational need requires employees to work remotely, the Manager must meet with the employee/s concerned and together they must fully discuss the advantages and disadvantages that remote working may provide. Where an individual employee requests to work remotely, either at an agreed base or from home, the Manager must meet with the employee concerned and together they must fully discuss the advantages and disadvantages that remote working may provide. A request from an individual can be considered under the Services Flexible Working policy (see Brigade Order HR No.5 Part 14). In all cases the Manager/Employee must meet together to discuss and fully consider the following areas (see appendix): Communications - key telephone numbers and contact arrangements between Manager/Employee and colleagues. The frequency of attending Headquarters / Training and Development Centre for team meetings and/or supervision. The IT equipment and software required to enable remote working (seek advice from the ICT Manager). 7 of 10

8 Meetings meetings must only take place at a relevant work base. Meetings with colleagues or clients at home must be avoided. Whereabouts employees must be able to account for their whereabouts and must maintain an accurate electronic diary accessible by the line manager. Health and Safety It is the responsibility of the employee s manager to ensure the Health, Safety and Welfare of employees, whether working at the Service s main sites, remote bases or at home. must also be made to Health and Safety Brigade Order (BO) 8 part 7 The Health and Safety (Display Screen Equipment) Regulations 1992 amended by the Health and Safety (Miscellaneous Amendments) Regulations Completion of the Display Screen Equipment Assessment Checklist is required (H&S BO 8 part 7 Appendix A). Accident/Near Miss reporting procedures apply equally to incidents arising in the employee s remote base or home (seek advice from the H&S Manager). Confidentiality All information and paperwork belongs to the Service and it is the responsibility of employees to keep it safe. Confidential paperwork must not be left open to view. Confidential/personal information must not be processed or stored on your home PC; all work-related documents stored on a home computer must be deleted routinely as and when they are completed. When leaving the Service s employment, all information must be returned or deleted as appropriate. Working hours Normal working hours apply and it will be the responsibility of the employee to comply with working hours and to ensure that they take sufficient rest periods under the working time regulations. Working hours, patterns, contact times and availability with the employee must therefore be agreed with the line manager in advance. Employees covered by the Flexible Working Hours scheme who intend working more than a 7.4 hour day, must first gain agreement from their manager. Conditions of employment - Normal conditions of employment as set out in the employee contract apply. Sickness employees who are sick when scheduled to work from a remote base or from home must report it in the normal way (Brigade Order HR No 7 Part 1 Control and Monitoring of Sickness Absence). Insurance Employees who request to work from home are advised to inform their household insurance company that they will be undertaking work from home. Other factors to consider will include:- Ability to resolve problems and concerns at a distance with the line manager (by telephone/ ) Ability to communicate effectively with colleagues, and to function as part of a team, while operating remotely Ability to be self-motivated and to work to agreed deadlines without close supervision and in relative isolation from colleagues. 8 of 10

9 Ability to ensure own health and safety in the remote working or home environment Ability to manage time and organise work effectively and with self-discipline Flexibility in work management and approach IT skills and self-sufficiency Ability to cope with reduced social contact with colleagues Ability to create an appropriate separation between work and home life (and knowing when to stop working) Ability to arrange family commitments to provide a suitable working environment, without disruption (in cases of home working) Management responsibilities must also include:- Monitoring performance and output by setting agreed SMART objectives with suitable targets and performance measures Maintaining managerial control as appropriate during working hours Ensuring there is regular contact and communication with the employee. It is advisable to agree with the employee a minimum frequency of visits to their work base and HQ in order to keep updated of organisational developments Arranging any further training that may be required Monitoring and addressing health and safety issues Regularly reviewing the arrangement Liaising with HR if the working arrangement ceases to arrange for contracts to be varied and records updated Regularly review with HR to ensure the arrangement is working satisfactorily The Manager must keep all parties informed of remote working arrangements. In all cases advice must be sought from the HR Manager, ICT Manager and H&S Manager before any arrangement is agreed with employee/s. The Line Manager and employee must discuss and sign an agreement (see appendix) to show that the employee: Is aware of the risks and responsibilities associated with mobile computing resources If issued with SFRS equipment for mobile working, will regularly return it to the ICT department for maintenance, upgrade of software, removal of audits, and 9 of 10

10 refresh of anti-virus and other software applications Will travel to HQ/TC or specified base as and when required, for example in the event of team meetings, training, or in an event such as technology failure that will prevent mobile/remote working Will participate in a review of arrangements as and when required The signed agreement will be forwarded to the HR department to be scanned and filed on the employee s employment record. An amendment to the employee s contract of employment will be issued. 10 of 10

11 Appendix A Remote Working Guidance Meeting between Line Manager and Remote Worker AA - 1 FB426

12 Employee Name: Line Manager Remote Base e.g. Fire Station Home Address: General Information Discuss the following: 1. Options of remote working 2. Is there a clear business need to have employee based away from the SFRS main site? 3. Is there a specific, clearly defined and well understood task to be completed? 4. Will the employee have uninterrupted, quiet time needed to concentrate on the task? 5. Can employee s absence from the normal place of work be catered for and managed? Note of discussion points 1-5 above. Equipment 6. Mobile device has advice been sought from the ICT Manager? 7. Is the employee aware he/she must use only mobile devices that have been approved? 8. Is the employee aware he/she is accountable for all assets that are allocated to them by SFRS Note of discussion points 6-8 above and detail equipment loaned to employee (point 6 above) AA - 2 FB426

13 Risk Is the employee aware that: 9. Inappropriate removal of information assets and inappropriate treatment may cause breaches in confidentiality, integrity or availability leading to SFRS potentially suffering financial or reputational loss? 10. Employees who use mobile devices shall be responsible for ensuring the integrity of the data they process? Employees must only use the backup equipment provided by ICT use of USB should be avoided 11. The employee must ensure sufficient controls shall be taken to ensure that the equipment is secured at all times? 12. Faults with any supplied equipment shall be reported immediately to the ICT Helpdesk? 13. Devices must not be left unattended in a public place or in a car for any period and can be transported only when switched off? Laptops must not be transported whilst in hibernating or standby modes? Employees must carry and store equipment with care to reduce the chance of accidental damage? 14. Mobile phones and PDAs shall be locked at all times when the devise is not in use? Devices which allow the storage of s and information locals shall be password protected? 15. Remote/mobile access to information will be restricted to authorised employees and shall be protected by appropriate physical and logical authentication and authorisation controls? 16. Employees must not loan their mobile device or allow it to be used by others? 17. Loss, theft or damage to any mobile device shall be reported by the employee immediately to the ICT Manager (via Fire Control if out of hours)? 18. Avoidable damage may result in employee being required to pay towards the cost of replacement of the mobile device? Note of Risk discussion Storage Is the employee aware that:- 19 Photographs of incident scenes are likely to be classed as personal data and will be subject to the provisions of the Data Protection Act They shall not be stored on a mobile device for longer than necessary; transmitted to a third party, uploaded to the internet or to social network sites AA - 3 FB426

14 20 The employee is aware that the Data Protection Act has implications for remote/home working Note of Storage discussion Line Manager/employee responsibilities and performance measures the employee is aware that:- 21 Direct supervision is not possible. Discuss and agree a timely, reliable and constructive feedback structure. Note of Supervision Plan 22 The employee understands that he/she must comply with SFRS policies and procedures whether remote working at home or at an office base? 23 The employee understands the importance of Health & Safety and advice has been sought from the H&S manager? Note any advice received from the H&S Officer AA - 4 FB426

15 24 Has the remote working place been risk assessed? 25 The employee is aware that a breach of SFRS rules will invoke formal disciplinary procedures (Brigade Order HR No 10 Part 1)? 26 The employee is aware that remote workers will be subject to the same performance measures processes and objectives that apply to all office based employees? 27 The employee is aware that the option to work remotely is at the discretion of the manager and may be withdrawn if organisational need requires the employee to work from SFRS main sites? Discussion points/consideration must be given to the following areas: 28 Communications and meetings 29 Whereabouts 30 Health and Safety Including a DSE assessment (see Health & Safety BO No 8 Part 7) 31 Confidentiality 32 Working Hours 33 Conditions of Employment 34 Sickness 35 Insurance 36 Ability to resolve problems 37 Ability to still be part of a team 38 Ability to be self-motivated & work without close supervision/in relative isolation 39 Ability to ensure own health and safety 40 Ability to manage time and organise work effectively 41 Flexibility in work management and approach 42 IT Skills and self-sufficiency 43 Ability to cope with reduced social contact with colleagues 44 Ability to create an appropriate separation between work and home life (in case of home working) 45 Ability to arrange family commitments to provide a suitable working environment without disruption. 46 Monitor performance 47 Maintain managerial control 48 Ensure regular contact and communication (agree minimum frequency of visits to work base and HQ) 49 Training AA - 5 FB426

16 50 H&S monitoring 51 Regular reviews 52 Liaise with HR Note of discussion from points from above Any other discussion points Agree and sign below:- I am aware of the risks and responsibilities associated with remote working and mobile computing resources. If issued with SFRS equipment for mobile working, I will regularly return it to the ICT Team for maintenance, upgrade of software, removal of audits and refresh of anti-virus and other software applications. AA - 6 FB426

17 I will travel to SFRS HQ/TC or specified base as and when required, for example in the event of team meetings, training, or in an event such as technology failure that will prevent mobile/remote working. I will participate in a review of arrangements as and when required. Signed (Employee). Line Manager... AA - 7 FB426