From one day to the next, Working From Home (WFH) became a reality for most companies due to the Covid-19 pandemic lockdown.
Both companies and employees under the Brazilian Consolidated Labor Laws (CLT) needed to adapt themselves to perform their functions from home. On the one hand, companies needed provide employees with good conditions to carry out their tasks and ensure compliance with internal processes and legal norms. On the other hand, employees must actively engage with the new work culture, understanding their rights and duties.
There are two key factors to ensure data security and the integration of people and processes when away from the offices: the active work of people and management team, and the use of efficient access management systems.
Even though most of the access management tasks are in charge of the IT or information security area, the HR team (people and management) is expected to act as an orchestrator of one of the most important phases (identity management), since the key events happen first in the HR area (payroll system). The main tasks carried out by the HR team are:
Receive our content by email
Fill in the fields below to register on our blog.
- Onboarding: “Birth” of a network and e-mail service user;
- Leave or vacation: Deactivation of user access to the network, VPN and e-mail service;
- Promotion or job transfer: Change of area, manager and function (revoking previous access permission and assignment of new access permission);
- Dismissal: Deactivation of access.
We have listed below the main practices that help organizations to prevent the key legal risks related to working from home:
1) Pay attention to the workday
Working from home or away from the corporate environment give you some advantages, but you need to observe whether the tasks are being carried out properly and also create a timesheet to avoid overtime and access outside the period established by the employer. Solutions like CAP2AM by Iteris, which provides organizations with compliance with corporate policies, such as “permitted logon hours”, are essential to bring integration and agility to this scenario. They provide an automated way of setting limits, helping the People and Management and IT teams to standardize norms and “journeys” for remote work. There are also discussions about the differences among telecommuting and working from home and limits related to the workday control, so we recommend to consult your legal department.
2) Temporary access deactivation
When it comes to on-line security, accessing corporate files outside the office and on unprotected personal can pose risks and challenges related to decentralization and variety of access points. However, when the team uses the organization’s cloud or VPN (Virtual Private Network), it is possible to manage access, block information, monitor devices and check for intrusions or connected devices, such as USBs.
A way of protection is establishing a continuous verification process for identities and permissions, such as the Access Certification. This is an automated process that periodically validates certain accesses, maintaining or revoking the most diverse types of requests, and a very important governance ally. With a centralized and detailed control of numerous types of networks access, internal systems and cloud, CAP2AM by Iteris is able to block conflicting accesses (SoD) and assist in granting and revoking requests, making it a great ally in strategic decisions to keep telecommuting as safely as possible.
3) Temporary deactivation
Whether due to vacation or leave, it is essential that the employees access to the company’s systems, such as e-mail service, network and internal platforms, is temporarily deactivated. This is an extremely important factor of data security and also ensures that the company will not face legal issues: under the Brazilian Consolidated Labor Laws (CLT), for example, an employee is not allowed to perform tasks under these conditions.
Investing in the integration among the IT and People and Management teams and in systems for automated access standardization helps organizations to reduce manual tasks in cases of leave thanks to the virtual management of employee identity. In addition, it ensures that the company complies with the CLT rules.
4) Mitigating risks associated to deviation from agreed role
Do you know that it is possible to claim deviation from agreed role or extra work based on frequent accesses? Deviation from agreed role occurs when an employee performs functions not assigned to their position. It is different from extra work, when the employee has more tasks than he or she was hired to perform. Some penalties can be imposed based on allegations of irregular work, such as:
- Unpaid overtime;
- Unpaid unhealthy risks;
- Unpaid wages during the deviation period
So, an important tip: be always attentive to employees and the functions they perform.
CAP2AM is an IG&A (Identity Governance and Administration) solution that establishes an integrated and effective task flow among the main corporate systems and resources, allowing organizations to have a comprehensive synergy among governance, usability, integration and auditing.
To know more about the benefits can provided by CAP2AM for your company and how we can help you overcome the deployment challenges, click here.