Flexible Workplaces & Information Security
Wherever you work for the BC Public Service, you're responsible for protecting the security and privacy of the information and the technology you use.
The Office of the Chief Information Officer's Working Outside the Workplace Policy outlines how to protect electronic and paper-based confidential and personal information outside the workplace.
What This Means for You
If you are internally mobile, externally mobile or only telework occasionally:
- Before making arrangements for working on or removing confidential or personal information from the workplace, get your supervisor's approval
- Before supervisors give approval to work from home, you both must read
- Discuss the assessment and take the actions advised. The assessment isn't meant to be a hurdle, but to help you avoid such things as spreading viruses and leaking confidential information
Mobile Work Examples
Are you able to answer the questions posed in the following mobile-work scenarios? The Working Outside the Workplace Policy and the Home Technology Assessment guide your actions in these and other mobile work situations.
John works from the office most of the time, but sometimes works from home for a day with the permission of his supervisor. He uses his home computer with VPN (Virtual Private Network).
Are John and his supervisor doing their due diligence to meet the requirements for information security?
John and his supervisor are partway there, but may need to do more. John is using VPN and has his supervisor's permission. However, they need to make sure he is following all guidelines in the Home Technology Assessment. For example, is he using his home computer correctly?
- Secure login if computer is used by more than one person
- Files not stored on hard-drive
- Anti-virus and patches up to date
Fatima sent herself a document to work on at home, but she doesn't have the latest version of Windows and can't open the docx. file. She uses Google Docs to translate the document.
Are Fatima and her supervisor meeting their responsibilities for work outside the workplace?
No, they are not. Google Docs is not a secure, approved program. If Fatima is using Google Docs because she doesn't have Office 2010, chances are she's using her home computer instead of a government-issued laptop. If that's true, she needs to use her home computer according to the requirements set out in the Home Technology Assessment, such as the requirement to use DTS or VPN except in extenuating circumstances (see the Working Outside the Workplace Policy for more).
If Fatima can't use VPN or DTS, it would be good to purchase the version of the Microsoft Office suite available to public service employees.
Yun Hee is an "internally mobile" worker who works in a different location at her office every day depending on the work she's doing. She loves the freedom of working in different places in her building, but notices that in open spaces, people can "shoulder surf" - see documents on her screen. Yun Hee keeps her paper files and laptop in her locker every night.
Is Yun Hee doing enough to protect the privacy and security of the information she has access to?
It's great that Yun Hee locks up her computer and files every night. That's more secure than leaving files lying on her desk overnight like she previously did when working at the same desk every day. However, "shoulder surfing" can expose confidential information. Yun Hee needs to lock her computer when she leaves during the work day. If she is viewing documents with confidential information, Yun Hee needs to position her body to block the screen or move to where people cannot see over her shoulder.