Appendix J: Telework and Remote Access Policy (RAS)
1. Remote Access Policy. The Department’s Remote Access Policy is contained in OCIO Policy 2006-xxx.
A. In the event of a disaster emergency, to facilitate Continuity of Operations for the Department of the Interior, each Bureau and Office CIO shall make risk-based determination regarding use of personally owned equipment.
B. Any new risks resulting from changes to authorized uses shall be formally documented in the Risk Assessment report and accepted by the Designated Approving Authority (DAA). Any additional security controls that might be deemed appropriate by the DAA shall be documented in the System Security Plan (SSP).
C. If a Disaster Emergency is officially declared and privately own computers become necessary to continue DOI’s business, the Minimum Mandatory Requirements for Protective Countermeasures annotated in the Policy Section pertaining to privately owned computers shall be implemented to mitigate the associated risk.
D. To facilitate remote access functionality, Bureau and Offices shall ensure to preposition any required software for RAS accessibility, that users may need to perform their operational responsibilities via RAS e.g. 3270 emulation software, anti-virus software., secure financial processing software.
E. Additionally, due to the unpredictability of disaster incidences, each Bureau and Office will develop and maintain a disaster list of personnel who will need immediate remote access should a Disaster Emergency take place. Ready access to this information will be critical in maintaining DOI operations.
2. Telework Policy. The Department’s Telework policy is contained in Personnel Bulletin No. 05-02, dated February 18, 2005.>
It is the policy of the Department of the Interior to provide eligible employees opportunities to work at alternative worksites when it is consistent with the mission of the organization and budgetarily supportable. This policy is designed to promote telework as a flexibility for managers and employees and to complement Continuity of Operations (COOP) plans.
It is the supervisor’s responsibility to review positions and determine whether there is a potential to create a telework opportunity. Employees who telework from home or an alternate workplace are an invaluable resource during a time of emergency. Therefore, when managers and supervisors review positions to determine and designate positions as “emergency” or “mission critical”, and an employee assigned to an identified position applies to telework, that designation should be included in the telework agreement.
Before beginning work at an alternative worksite, the employee and immediate supervisor must sign a telework agreement. Teleworkers fall under the same regulations, directives, and policies as if they were at their government work site. In addition, the employee must comply with all the Department security and information technology policies and procedures including those for remotely accessing Interior’s networks and services.
To ensure the ability to react quickly in times of an emergency, managers and supervisors should consider establishing situational telework agreements (ad-hoc) with all employees to have necessary access in place and allow for coverage of essential work away from the official duty station.