Posted by: SAS70ExPERT
Access control, Auditing, CIO, Compliance, Network, SAS 70, Security, Telecommuting, Third-party services
As transportation costs continue to skyrocket over the summer, telework/telecommuting is becoming the new trend among office environments. Basically, we have been doing a form of telework by outsourcing all of our jobs overseas, so this premise is not really new, it’s just new for American workers. 92 percent of workers said their work could be performed from home according to a recent survey by advocacy group Telework Exchange. I agree that operating expenses could be reduced by:
1) less office space per employee
2) transportation costs are reduced from commuting to work
3) reduction in computer hardware expenses
But what is the downside of a remote workforce and what effect will that have on company information assets? These information assets are now stored at a families home on First Avenue, in a 3 bedroom, 2 bath, instead of your 5 story office building. These telecommuting risks will need to examined by management and should be considered in a SAS70 audit.
Consider that most employee homes will not have extended physical or environmental security – only garage door locks and an air conditioner. Their computer office could be located next to their children’s bathroom – which is a likely water hazard, in an open space by a garden window. How easy would it be for a burgular to reach in and knock your coffee cup over, and grab your computer from your first floor home office?Really EASY, as I think many homes today still have yet to have a home alarm system on their windows.Critical company information now could be sold on the internet.
In addition, what network security are you assured that they have on their home computer? Do they have the latest virus preventing application? Is their firewall always up and running or might it be turned off to watch a movie?
Is your IT staff prepared to make housecalls? Your company information assets now resids at your employees home. It is now not on the second floor of your office, but could be 20-30 miles to First Avenue home. You now must manage users that are at locations that are spread miles apart? This may be okay if 15% of your workforce is remote, but what if it is 92%? Is your IT staff trained accordingly? If they have to make housecalls, do transportation costs truly decrease? Who is managing the network while your IT Administrator is stuck in traffic on his way to the Marketing Director’s home to fix his computer?
Any third party vendor must complete a SAS70 audit to assure it customer that their data is secure. Are you ready to expand your company floor space beyond the office perimeter? Telecommuting risks must be considered in the SAS70 audit process. What are some of the risks you have identified? Do you even have any policies in place at your company which specifically discuss the do’s and don’t’s of a telecommuter? SAS70ExPERT@gmail.com