ISO 27001:2022 Annex A 6.7 Checklist Guide •

ISO 27001:2022 Annex A 6.7 Checklist Guide

See how ISMS.online can help your business

See it in action
By Max Edwards | Updated 15 August 2024

Using a checklist for A.6.7 Remote Working streamlines the compliance process, ensuring all necessary security measures and policies are effectively implemented and monitored. Achieving compliance enhances the organisation's security posture, mitigating risks associated with remote work environments.

Jump to topic

ISO 27001 A.6.7 Remote Working Checklist

A.6.7 Remote Working is a control within the People Controls section of ISO 27001:2022, designed to address the security measures and policies necessary for employees working remotely. This control ensures that remote work is conducted securely, protecting organisational information and systems from potential threats and vulnerabilities associated with remote work environments.

Implementing this control involves establishing robust security measures, managing devices, ensuring secure communication, enforcing access control, raising policy awareness, and maintaining effective monitoring and reporting mechanisms.

Given the increasing prevalence of remote work, these measures are crucial for maintaining the integrity and security of organisational information systems.


Get an 81% headstart

We've done the hard work for you, giving you an 81% Headstart from the moment you log on.
All you have to do is fill in the blanks.

Book a demo

Why Should You Comply With Annex A.6.7? Key Aspects and Common Challenges

1. Security Measures

Implementing technical and procedural safeguards to secure remote working environments.

  • Challenges:
    • Ensuring all remote devices are properly configured and updated with the latest security patches.
    • Managing and securing various home network environments that are beyond direct control.
    • Implementing and enforcing the use of VPNs and encryption across all remote endpoints.

  • Solutions:
    • Regular Updates and Patch Management: Establish automated processes to ensure devices are regularly updated and patched.
    • Home Network Security Guidelines: Provide clear guidelines for securing home networks, including the use of strong passwords and firewalls.
    • VPN and Encryption Policies: Implement mandatory VPN usage policies and end-to-end encryption for all data transmissions.
  • Associated ISO 27001 Clauses: 6.1.2, 8.1

2. Device Management

Establishing policies and procedures for the use of company-owned and personal devices.

  • Challenges:
    • Creating and enforcing BYOD (Bring Your Own Device) policies that balance security with employee convenience.
    • Ensuring compliance with device security configurations and software requirements.
    • Managing the lifecycle and security of devices remotely, including lost or stolen devices.

  • Solutions:
    • BYOD Policy Development: Develop comprehensive BYOD policies that include security requirements and acceptable use.
    • MDM Implementation: Utilise mobile device management solutions to enforce security configurations and monitor compliance.
    • Device Tracking and Response: Implement tools for tracking devices and procedures for handling lost or stolen devices.
  • Associated ISO 27001 Clauses: 7.5.1, 8.1, 8.2, 8.3

3. Communication Tools

Ensuring secure communication channels are used for remote work.

  • Challenges:
    • Standardising and securing communication tools across diverse teams and regions.
    • Training employees to use secure communication methods and avoid unapproved platforms.
    • Monitoring and managing the security of these tools to prevent data leaks and unauthorised access.

  • Solutions:
    • Standardised Communication Platforms: Select and mandate the use of secure, standardised communication tools.
    • Employee Training Programmes: Regularly train employees on the use of secure communication tools and the risks of unapproved platforms.
    • Security Monitoring: Implement monitoring tools to track and secure communications.
  • Associated ISO 27001 Clauses: 7.3, 8.2, 8.3, 9.1

4. Access Control

Implementing strict access control measures to ensure that only authorised personnel can access sensitive information and systems remotely.

  • Challenges:
    • Implementing and managing multi-factor authentication (MFA) across all remote access points.
    • Regularly reviewing and updating access permissions in response to role changes and threats.
    • Balancing ease of access for remote employees with the need for stringent security controls.

  • Solutions:
    • MFA Implementation: Enforce multi-factor authentication for all remote access to sensitive systems.
    • Regular Access Reviews: Schedule regular reviews of access permissions to ensure they are up-to-date and appropriate.
    • Access Control Policies: Develop and implement robust access control policies that balance security and usability.
  • Associated ISO 27001 Clauses: 7.2, 8.3, 9.2

5. Policy Awareness

Educating employees about remote working policies and procedures.

  • Challenges:
    • Ensuring consistent and comprehensive training for all remote employees.
    • Engaging employees to understand and adhere to remote working policies.
    • Continuously updating training materials and communicating changes effectively.

  • Solutions:
    • Comprehensive Training Programmes: Develop training programmes that cover all aspects of remote working security.
    • Interactive Training Sessions: Use interactive and engaging methods to ensure employee understanding and adherence.
    • Regular Updates and Communication: Continuously update training materials and policies, and communicate changes effectively.
  • Associated ISO 27001 Clauses: 7.2, 7.3

6. Monitoring and Reporting

Establishing mechanisms to monitor remote work activities and detect potential security incidents.

  • Challenges:
    • Implementing effective monitoring tools that respect employee privacy while ensuring security.
    • Detecting and responding to security incidents in a timely manner, given the dispersed nature of remote workforces.
    • Analysing and acting on vast amounts of monitoring data to identify and mitigate threats.

  • Solutions:
    • Privacy-Respecting Monitoring Tools: Implement monitoring tools that balance privacy with security needs.
    • Incident Response Plans: Develop and test incident response plans tailored to remote work scenarios.
    • Data Analysis Tools: Utilise advanced data analysis tools to sift through monitoring data and identify potential threats.
  • Associated ISO 27001 Clauses: 9.1, 9.2, 10.1


Compliance doesn't have to be complicated.

We've done the hard work for you, giving you an 81% Headstart from the moment you log on.
All you have to do is fill in the blanks.

Book a demo

ISMS.online Features for Demonstrating Compliance with A.6.7

1. Policy Management

  • Policy Templates: Provides pre-built templates for creating and communicating remote working policies.
    • Challenge Addressed: Standardises policy creation, ensuring comprehensive coverage and ease of communication.
  • Policy Pack: Enables the bundling of related policies, ensuring comprehensive coverage of remote working requirements.
    • Challenge Addressed: Ensures that all relevant policies are grouped and communicated effectively.
  • Version Control: Tracks changes and updates to policies, ensuring employees have access to the most current guidelines.
    • Challenge Addressed: Maintains up-to-date policies, addressing the dynamic nature of remote working requirements.

2. Incident Management

  • Incident Tracker: Logs and manages remote work-related security incidents, ensuring proper documentation and response.
    • Challenge Addressed: Provides a structured way to manage and respond to incidents, ensuring no incident goes untracked.
  • Workflow: Facilitates the handling of incidents through predefined processes, ensuring consistent and effective responses.
    • Challenge Addressed: Ensures that incident response processes are followed systematically.
  • Notifications: Alerts relevant personnel of incidents, ensuring timely awareness and action.
    • Challenge Addressed: Enhances timely communication and response to security incidents.

3. Risk Management

  • Risk Bank: Identifies and catalogues risks associated with remote working, providing a repository for risk assessments.
    • Challenge Addressed: Centralises risk information, making it easier to manage and mitigate risks.
  • Dynamic Risk Map: Visualises risks in real-time, helping to prioritise and address remote working threats.
    • Challenge Addressed: Provides a clear visual representation of risks, aiding in risk prioritisation and management.
  • Risk Monitoring: Continuously monitors identified risks, ensuring proactive management and mitigation.
    • Challenge Addressed: Enables ongoing risk assessment and timely interventions.

4. Training

  • Training Modules: Provides specific training on remote working security practices, ensuring employees understand and follow policies.
    • Challenge Addressed: Ensures consistent and comprehensive training across the organisation.
  • Training Tracking: Monitors employee participation and completion of training modules, ensuring compliance with training requirements.
    • Challenge Addressed: Tracks training engagement and completion, ensuring compliance.
  • Assessment: Tests employee knowledge on remote working security, ensuring comprehension and adherence to policies.
    • Challenge Addressed: Validates understanding and adherence to security practices.

5. Communication

  • Alert System: Sends out important notifications related to remote working policies and security updates.
    • Challenge Addressed: Ensures timely and effective communication of critical information.
  • Notification System: Ensures timely dissemination of critical information and policy changes to all employees.
    • Challenge Addressed: Enhances communication effectiveness and policy adherence.
  • Collaboration Tools: Facilitates secure communication and collaboration among remote workers.
    • Challenge Addressed: Provides secure and standardised tools for remote collaboration.

6. Documentation

  • Doc Templates: Provides templates for documenting remote working policies, procedures, and incident reports.
    • Challenge Addressed: Standardises documentation, ensuring completeness and consistency.
  • Version Control: Ensures that all documentation is current and reflects the latest policies and procedures.
    • Challenge Addressed: Maintains up-to-date documentation, addressing changes and updates promptly.
  • Collaboration: Allows for collaborative creation and review of remote working documents, ensuring thoroughness and accuracy.
    • Challenge Addressed: Enhances document quality and completeness through collaboration.

Detailed Annex A.6.7 Compliance Checklist

1. Security Measures

  • Ensure all remote devices are configured with the latest security patches.
  • Implement and enforce the use of VPNs and encryption.
  • Establish procedures for securing home network environments.
  • Conduct regular security assessments of remote working environments.

2. Device Management

  • Create and enforce BYOD policies that balance security with convenience.
  • Ensure compliance with device security configurations and software requirements.
  • Implement mobile device management (MDM) solutions.
  • Manage the lifecycle and security of remote devices.
  • Establish protocols for reporting lost or stolen devices.

3. Communication Tools

  • Standardise and secure communication tools across teams.
  • Provide training on secure communication methods.
  • Monitor and manage the security of communication tools.
  • Regularly update and patch communication software.

4. Access Control

  • Implement multi-factor authentication (MFA) for remote access.
  • Regularly review and update access permissions.
  • Ensure access controls balance security with user convenience.
  • Conduct periodic access control audits.

5. Policy Awareness

  • Provide consistent and comprehensive training on remote working policies.
  • Engage employees to understand and adhere to policies.
  • Continuously update and communicate training materials.
  • Implement acknowledgment tracking to ensure policy understanding.

6. Monitoring and Reporting

  • Implement effective monitoring tools that respect privacy.
  • Detect and respond to security incidents promptly.
  • Analyse monitoring data to identify and mitigate threats.
  • Establish clear reporting lines and protocols for remote work incidents.

Additional Considerations

  • Conduct regular training sessions on best practices for remote working security.
  • Provide resources and support for troubleshooting remote work issues.
  • Create a knowledge base with FAQs and guides on remote working policies and security.
  • Ensure all remote working technology is regularly updated.
  • Evaluate and adopt new technologies that enhance remote working security.
  • Maintain an inventory of all remote working devices and their compliance status.
  • Regularly review and improve remote working policies and procedures.
  • Gather feedback from remote workers to identify areas for improvement.
  • Benchmark against industry best practices and standards.

By addressing these aspects, using relevant ISMS.online features, and following the compliance checklist, the A.6.7 Remote Working control ensures that remote work is conducted securely, protecting organisational assets and maintaining compliance with ISO 27001:2022 requirements.


Manage all your compliance in one place

ISMS.online supports over 100 standards
and regulations, giving you a single
platform for all your compliance needs.

Book a demo

Every Annex A Control Checklist Table

ISO 27001 Annex A.5 Control Checklist Table

ISO 27001 Control NumberISO 27001 Control Checklist
Annex A.5.1Policies for Information Security Checklist
Annex A.5.2Information Security Roles and Responsibilities Checklist
Annex A.5.3Segregation of Duties Checklist
Annex A.5.4Management Responsibilities Checklist
Annex A.5.5Contact With Authorities Checklist
Annex A.5.6Contact With Special Interest Groups Checklist
Annex A.5.7Threat Intelligence Checklist
Annex A.5.8Information Security in Project Management Checklist
Annex A.5.9Inventory of Information and Other Associated Assets Checklist
Annex A.5.10Acceptable Use of Information and Other Associated Assets Checklist
Annex A.5.11Return of Assets Checklist
Annex A.5.12Classification of Information Checklist
Annex A.5.13Labelling of Information Checklist
Annex A.5.14Information Transfer Checklist
Annex A.5.15Access Control Checklist
Annex A.5.16Identity Management Checklist
Annex A.5.17Authentication Information Checklist
Annex A.5.18Access Rights Checklist
Annex A.5.19Information Security in Supplier Relationships Checklist
Annex A.5.20Addressing Information Security Within Supplier Agreements Checklist
Annex A.5.21Managing Information Security in the ICT Supply Chain Checklist
Annex A.5.22Monitoring, Review and Change Management of Supplier Services Checklist
Annex A.5.23Information Security for Use of Cloud Services Checklist
Annex A.5.24Information Security Incident Management Planning and Preparation Checklist
Annex A.5.25Assessment and Decision on Information Security Events Checklist
Annex A.5.26Response to Information Security Incidents Checklist
Annex A.5.27Learning From Information Security Incidents Checklist
Annex A.5.28Collection of Evidence Checklist
Annex A.5.29Information Security During Disruption Checklist
Annex A.5.30ICT Readiness for Business Continuity Checklist
Annex A.5.31Legal, Statutory, Regulatory and Contractual Requirements Checklist
Annex A.5.32Intellectual Property Rights Checklist
Annex A.5.33Protection of Records Checklist
Annex A.5.34Privacy and Protection of PII Checklist
Annex A.5.35Independent Review of Information Security Checklist
Annex A.5.36Compliance With Policies, Rules, and Standards for Information Security Checklist
Annex A.5.37Documented Operating Procedures Checklist


ISO 27001 Annex A.6 Control Checklist Table

ISO 27001 Control NumberISO 27001 Control Checklist
Annex A.6.1Screening Checklist
Annex A.6.2Terms and Conditions of Employment Checklist
Annex A.6.3Information Security Awareness, Education and Training Checklist
Annex A.6.4Disciplinary Process Checklist
Annex A.6.5Responsibilities After Termination or Change of Employment Checklist
Annex A.6.6Confidentiality or Non-Disclosure Agreements Checklist
Annex A.6.7Remote Working Checklist
Annex A.6.8Information Security Event Reporting Checklist


ISO 27001 Annex A.7 Control Checklist Table

ISO 27001 Control NumberISO 27001 Control Checklist
Annex A.7.1Physical Security Perimeters Checklist
Annex A.7.2Physical Entry Checklist
Annex A.7.3Securing Offices, Rooms, and Facilities Checklist
Annex A.7.4Physical Security Monitoring Checklist
Annex A.7.5Protecting Against Physical and Environmental Threats Checklist
Annex A.7.6Working in Secure Areas Checklist
Annex A.7.7Clear Desk and Clear Screen Checklist
Annex A.7.8Equipment Siting and Protection Checklist
Annex A.7.9Security of Assets Off-Premises Checklist
Annex A.7.10Storage Media Checklist
Annex A.7.11Supporting Utilities Checklist
Annex A.7.12Cabling Security Checklist
Annex A.7.13Equipment Maintenance Checklist
Annex A.7.14Secure Disposal or Re-Use of Equipment Checklist


ISO 27001 Annex A.8 Control Checklist Table

ISO 27001 Control NumberISO 27001 Control Checklist
Annex A.8.1User Endpoint Devices Checklist
Annex A.8.2Privileged Access Rights Checklist
Annex A.8.3Information Access Restriction Checklist
Annex A.8.4Access to Source Code Checklist
Annex A.8.5Secure Authentication Checklist
Annex A.8.6Capacity Management Checklist
Annex A.8.7Protection Against Malware Checklist
Annex A.8.8Management of Technical Vulnerabilities Checklist
Annex A.8.9Configuration Management Checklist
Annex A.8.10Information Deletion Checklist
Annex A.8.11Data Masking Checklist
Annex A.8.12Data Leakage Prevention Checklist
Annex A.8.13Information Backup Checklist
Annex A.8.14Redundancy of Information Processing Facilities Checklist
Annex A.8.15Logging Checklist
Annex A.8.16Monitoring Activities Checklist
Annex A.8.17Clock Synchronisation Checklist
Annex A.8.18Use of Privileged Utility Programs Checklist
Annex A.8.19Installation of Software on Operational Systems Checklist
Annex A.8.20Networks Security Checklist
Annex A.8.21Security of Network Services Checklist
Annex A.8.22Segregation of Networks Checklist
Annex A.8.23Web Filtering Checklist
Annex A.8.24Use of Cryptography Checklist
Annex A.8.25Secure Development Life Cycle Checklist
Annex A.8.26Application Security Requirements Checklist
Annex A.8.27Secure System Architecture and Engineering Principles Checklist
Annex A.8.28Secure Coding Checklist
Annex A.8.29Security Testing in Development and Acceptance Checklist
Annex A.8.30Outsourced Development Checklist
Annex A.8.31Separation of Development, Test and Production Environments Checklist
Annex A.8.32Change Management Checklist
Annex A.8.33Test Information Checklist
Annex A.8.34Protection of Information Systems During Audit Testing Checklist


How ISMS.online Help With A.6.7

Ensure your organisation’s remote working practices are secure, compliant, and efficient.

Take the next step towards robust information security management by leveraging the powerful features of ISMS.online. Our platform provides the tools and support you need to implement and maintain ISO 27001:2022 compliance, particularly for remote working environments.

Don’t wait—secure your organisation’s future today. Contact ISMS.online to learn more about how our comprehensive solutions can benefit your business.

Find out more by booking a demo.

complete compliance solution

Want to explore?
Start your free trial.

Sign up for your free trial today and get hands on with all the compliance features that ISMS.online has to offer

Find out more

Explore ISMS.online's platform with a self-guided tour - Start Now