Remote Work & BYOD Policy — Trust Centre — Compass IoT
Security

Trust Centre

Remote Work & BYOD Policy

Security requirements for working outside the office and using personal devices to access Compass IoT systems or data.

Last updated May 2026 · Compass IoT Pty Ltd

Our commitment

Where work happens does not change the security standards that apply to it.

Compass IoT operates as a hybrid-work organisation. Most of our team works outside a traditional office environment, and we support this fully — but remote and hybrid work introduces security considerations that require clear expectations. This policy applies to all employees and contractors working remotely or using personal devices to access Compass IoT systems.

Remote work

Working securely outside the office

Remote-first organisation

All remote workers must maintain the same security standards as they would in an office environment. The following requirements apply when working remotely:

  • A secure, password-protected internet connection is required. Public Wi-Fi networks must not be used to access Compass IoT systems without a VPN or equivalent protection.
  • Work must be conducted in an environment where screens and conversations cannot be easily observed or overheard by unauthorised individuals.
  • Company devices must be kept physically secure — locked when unattended and never left in vehicles or public spaces where they could be stolen.
  • Confidential information must not be printed or displayed in shared or public spaces.
  • Any suspected compromise of a device or account used for remote work must be reported to the security team immediately.

BYOD

Using personal devices

Compass IoT permits limited use of personal devices (Bring Your Own Device — BYOD) to access certain company systems, subject to the requirements below. Access to production systems, customer data, or Restricted information is not permitted from personal devices.

  • Personal devices used to access Compass IoT systems must have a current operating system, up-to-date security patches, and active endpoint protection.
  • Full-disk encryption must be enabled on any personal device used for work purposes.
  • Personal devices must be protected with a strong PIN, password, or biometric lock.
  • Company data must not be stored on personal devices beyond temporary working copies required for an active task. Confidential or Restricted data must not be stored on personal devices at all.
  • If a personal device used for work is lost or stolen, this must be reported immediately so that company access can be remotely revoked.
  • Compass IoT reserves the right to remotely wipe company accounts and data from personal devices in the event of loss, theft, or termination of employment.

Production access

Access to production infrastructure, customer data, and Restricted information is only permitted from Compass IoT managed devices. BYOD access is limited to communication tools, project management, and collaboration platforms.

Responsibilities

Employee and contractor responsibilities

All covered persons are responsible for maintaining the security of their remote working environment and any devices used to access Compass IoT systems. This includes:

  • Keeping operating systems, browsers, and security software up to date on any device used for work.
  • Using only company-approved tools and platforms for work communication and collaboration.
  • Never sharing company credentials with household members or other individuals, regardless of trust.
  • Reporting lost or stolen devices, suspected account compromise, or security concerns without delay.

Policy review

Ownership and review

This policy is owned by the Compass IoT leadership team and reviewed annually or when material changes occur to our ways of working or technology environment.

Questions

Get in touch

Questions about remote work security or BYOD requirements.