We're a startup with just 5 employees currently working remotely, and we're in the process of achieving Cyber Essentials Plus certification. I'm trying to figure out whether I need a centralized device management solution like a firewall or update management system, or if I can just rely on company policies. Since we have no physical office or infrastructure, I was thinking maybe I could just provide firewall software for each employee and draft a policy that requires them to keep their software up to date on their own devices. Does this approach make sense, or should I consider implementing a more centralized management system to ensure compliance? I'd appreciate any advice!
3 Answers
You might want to discuss admin rights management as well. Since you’re a small team, reaching out to IASME or an auditing firm could help clarify what’s considered acceptable. While I believe in the power of policies, some criteria may require more than just a handshake agreement, even without a technical system in place.
You don’t necessarily need a full-blown centralized management solution given that it's just a small remote team, but having some proof that your devices are properly configured and updated is crucial. You’ll need to collect some evidence to show that everything is patched and protected according to your policy. Just make sure you have a way to document this effectively.
Consider using tools like Action1 for managing patches and software deployments. For Cyber Essentials Plus, you’ll definitely need to prove that users aren’t running as admins and that all your software, such as OS and firewalls, is up-to-date. Keeping a close eye on this will help you meet the requirements.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures