The US-based Risk and Insurance Management Society (RIMS) recommends employers develop formal work-from-home policies to minimise their risk.

In a report on remote work, it says a detailed policy should set out “parameters, guidelines and expectations”.

RIMS board member and Cisco Systems Director of Global Risk Management Leslie Lamb says a consistent work-from-home policy ensures all staff are offered the same opportunity, “providing a framework for both manager and employers on expectations”.

The report says the policy should cover productivity and performance, ethics, confidentiality and data security.

Ms Lamb says potential loss of data is a major concern. She recommends an organisation’s IT staff be involved in policy development.

“IT involvement can help ensure important details such as the way critical information is saved… are not overlooked.”

The most effective remote-work policy is usually a collaborative process.

“Human resources usually drives the remote-work policy, but part of the development effort should include establishing a cross-functional team that also involves legal, IT, employee health and safety, [and] facilities and risk management,” Ms Lamb said.

The risk professional should ensure the policy addresses potential threats and complies with requirements of the organisation’s insurance.

RIMS director Lori Seidenberg warns inconsistencies between the remote-work policy and an organisation’s insurance policies must be addressed.

“There are two ways to fix the problem,” she said. “Either adjust the insurance policy or revise the remote-worker policy.

“Many of the questions noted on the insurance application will require information about policies and procedures. The risk professional must know what is included in the remote-work policy and what needs to be included in it to protect the organisation.”