Resource 10 - Addressing health and safety, and information security and privacy

Health and safety considerations

Under the Health and Safety at Work Act 2015, businesses and undertakings (known as ‘Persons Conducting a Business or Undertaking’ or ‘PCBUs’) have primary responsibility for their workers’ health and safety, while they are working. That means that when employees¹⁶ ask to work from home, agencies must consider the risks their employees might be exposed to in that environment, the degree of harm those risks could cause, and how those risks can be mitigated.

You should develop a policy setting out the parties’ respective obligations, including the steps to be taken if a concern arises about the employee’s ability to maintain their physical health and safety and their mental health in their home working environment.

The policy could include

• an employee agreement that they will:
  • ensure that their home workspace is arranged so that it is comfortable and ergonomically sound
  • take regular breaks
  • ensure that the workspace is kept clear and free from obstacles or tripping hazards and well lit
  • ensure that all work-related information and data is kept secure.
• an agreement between the manager and employee to ensure:
  • regular breaks are taken
  • regular communication and proactive discussion of any problems that arise from working from home
  • proactive discussion of any risks to the employee’s physical and/or mental health and safety arises about ways this harm can be eliminated or minimised.
• an agreement between the agency and employee covering:
  • an assessment of the home workspace to ensure its suitability from a health and safety perspective
  • identification of any health and safety hazards in the employee’s allocated work area, and how any risks presented by these hazards will be mitigated
  • an agreed process for the employer and employees to communicate frequently about the remote working arrangements and how to raise any issues or concerns.

Managers should consult their agency’s health and safety experts about the requirements and safeguards that are needed to ensure the agency’s health and safety obligations are met.

Information security and privacy

When employees are working remotely, it is important that agencies ensure the security and privacy of information is maintained. There are common guidelines for agencies on how to keep private information safe, however each agency is responsible for its own security safeguards. This may include an assessment of the following:

• the work to be done at home
• procedures to minimise the security risk of storage and transmission of official information
• the classification of any information to be held at or transmitted from or to the home
• any security clearance requirements of the staff member
• the suitability (including past performance in security matters) of the staff member to work outside the usual environment
• requirements with respect to IT security/servicing and communications security, such as encrypted data, two-step authentication on electronic devices, and up-to-date protection software.

See also the Government Health and Safety Lead guidance: Supporting workers to work from home.

¹⁶Including permanent and fixed-term staff, and consultants working within the business