Flexible Workplaces & Information Security
It’s what you do, not where you go.
Wherever you work for the BC Public Service, you're always responsible for protecting the security and privacy of the information you handle and the technology you use.
The Office of the Chief Information Officer's Working Outside the Workplace Policy outlines how we need to safeguard electronic and paper-based confidential and/or personal information when working outside the workplace.
What This Means for You
If you are internally mobile, externally mobile or only telework on an occasional basis
- Prior to making arrangements for working on or removing confidential or personal information from the workplace, employees (and others as included in the scope statement below) must ensure that they have received their supervisor's approval
- Before supervisors give approval to work from home, both you and your supervisor must read the Home Technology Assessment, discuss it and make sure you take the actions advised in the assessment. The assessment isn't meant to be a hurdle, but to help you avoid such things as spreading viruses and leaking confidential information
Double-check Your Understanding
Below are examples of mobile work scenarios that require different responses. You need to be able to answer questions like the ones below. The Working Outside the Workplace Policy and the Home Technology Assessment will help you know what to do in these and other mobile work situations.
John works from the office most of the time, but once in a while works from home for a day or a morning, with the permission of his supervisor. He uses his home computer with VPN (virtual private network). Are he and his supervisor doing their due diligence to meet the requirements for information security?
John and his supervisor are partway there, but may need to do more. John is using VPN and has the required permission of his supervisor. However, they need to ensure he is following the other responsibilities set out in the Home Technology Assessment, such as rules about using your home computer (secure login required if computer is used by more than one person, files not stored on hard-drive, anti-virus and patches up to date).
Fatima sent herself a document to work on at home, but she doesn't have the latest version of Windows and can't open the doc.x file, so she uses Google Docs to translate the document. Are she and her supervisor meeting their responsibilities for work outside the workplace?
They are not. Google Docs is not a secure, approved program. If she is using Google Docs because she doesn't have Office 2010, chances are she is using her home computer instead of a government-issued laptop. If that's true, she needs to make sure she's using her home computer according to the requirements set out in the Home Technology Assessment, such as the requirement to use DTS or VPN except in extenuating circumstances (see the Working Outside the Workplace Policy for an explanation of extenuating circumstances). If she can't use VPN or DTS, it would be a good idea for her to purchase the version of the Microsoft Office suite available to public service employees.
Yun Hee is an "internally mobile" worker who works in a different location at her office every day depending on the work she's doing that day. She loves the freedom of working in different places in her building, but notices that when she's working in open spaces, people can "shoulder surf," and see documents on her screen while she's working on them. She keeps her paper files and laptop in her locker every night. Is she doing enough to protect the privacy and security of the information she has access to?
It's great that Yun Hee locks up her computer and files every night. That's more secure than leaving files lying on her desk at the end of the night like she used to do when she worked at the same desk every day. However, "shoulder surfing" can expose confidential information. Yun Hee needs to make sure to always lock her computer before she leaves it during the work day, even to go to grab a cup of tea. If she is viewing documents with confidential information, she needs to position her body to block the screen or move to an area where people cannot see over her shoulder.