Managing Home and Hybrid Workers
Managing home and hybrid workers includes the arrangements an organisation has in place for employees who work from home or remotely. Hybrid working typically means a mix of home and office days. Fully home-based working means the home is the primary place of work.
From a management system perspective, home and hybrid working does not remove any of the employer duties - it just moves where they apply. Health and safety, information security, equipment provision, data protection and people management still apply wherever the person is doing the work.
Setting the Ground Rules for Home and Hybrid Workers
The starting point is a clear remote or home working policy covering what the organisation offers, who is eligible, and the expectations on both sides. Typical areas include:
- Who can work from home, how often, and on what basis.
- The approval process and who signs off a home working arrangement.
- Core hours and availability expectations.
- Equipment provision and what the employee is expected to provide themselves.
- Information security requirements for home environments.
- Health and safety expectations and self-assessment obligations.
- Process if the arrangement needs to change or end.
Home working is rarely an automatic right. The policy should make clear that arrangements are subject to review and can be withdrawn where they stop working for either side.
Health and Safety for Home and Hybrid Workers
Employer health and safety duties under the Health and Safety at Work etc. Act 1974 and the Management of Health and Safety at Work Regulations 1999 apply to home workers the same way they apply to office-based staff. The Display Screen Equipment Regulations 1992 also apply where the home is a regular workstation. Organisations outside the UK should apply equivalent local duties.
In practice, this means a risk assessment of the home working environment, a Display Screen Equipment self-assessment, and arrangements for reporting any issues. The self-assessment is usually completed by the employee using a structured checklist, with help from the H&S team or occupational health where needed.
DSE and the specifics of display screen setup are covered in a dedicated H&S article - the focus here is on the broader management of the home and hybrid working arrangement.
Information Security for Home and Hybrid Workers
Under ISO 27001 and equivalent data protection duties, the information security arrangements that apply in the office need to work at home too. Key considerations include:
- Device security - company-provided laptops with encryption, MFA, up-to-date patching and the ability to be remotely wiped.
- Acceptable use - clarity on what can be done on personal vs company devices, and restrictions on public Wi-Fi.
- Physical security - a working environment where screens and documents are not visible to others, sensitive conversations cannot be overheard, and equipment is secure when not in use.
- Data handling - clear rules on where company data can and cannot be stored, printed or transmitted.
- Reporting - how the home worker reports a suspected incident, lost device or compromised account.
These are all standard information security controls, just applied to the home environment. The risk assessment should be explicit about the home working scenario.
Managing Home and Hybrid Workers Day to Day
Beyond policy and risk assessment, managing home and hybrid workers day to day tends to come down to a few practical things:
- Clear communication routines - regular one-to-ones, team catch-ups, and a shared understanding of when people are contactable.
- Work-life boundaries - encouraging people not to overwork, supporting clear start and end times, and respecting time off.
- Equitable treatment - making sure home-based staff have the same access to development, feedback and opportunities as office-based colleagues.
- Inclusion in the management system - home workers should be consulted and informed like everyone else, not drift out of the loop.
- Regular review - arrangements, equipment and risk assessments should be reviewed periodically and whenever anything significant changes.
Hybrid working adds its own considerations - meeting technology that works for people in the room and at home, fair allocation of office days, and making sure important conversations do not happen informally in the office where home workers miss out.
The home working risk assessment is often treated as a paper exercise. It is not. A proper DSE self-assessment picks up genuine issues - the kitchen chair doubling as an office chair, the laptop propped up on a cookery book. Employers need to actually look at the responses and act on them, not just file them.
The core H&S duties do not change when someone works from home. The environment does, and the risk assessment needs to reflect that.
We treat home workers as part of the same team, not a separate category. They get the same induction, the same consultation and the same reviews. Equipment is issued from the office with encryption and a proper setup, not left to the individual.
We review home working arrangements annually. Circumstances change, people move house, desk setups drift. A yearly check keeps the arrangement working for both sides.
Home working touches several standards at once. H&S duties still apply, ISO 27001 covers information security at home, and ISO 9001 Clause 7.1.2 requires the resources (including the environment) to be suitable. A single home working policy with a proper risk assessment can cover all of them if designed well.
Home working does not need a separate management system. The rules that apply in the office still apply at home. Give people the right kit, the right policies, a sensible risk assessment and regular check-ins. That is most of what is needed.
Practical Compliance Guidance
Section 3.1 of the IMS1 Manual covers the management of staff, including arrangements for home and hybrid working within the wider people and H&S processes.
You can also consider setting up a training matrix and implementing induction forms to ensure that competency is recorded.
Several alphaZ documents support a structured approach to managing home and hybrid workers:
| alphaZ document | How to use it |
|---|---|
| ISO 9001, 14001 & 45001 IMS Toolkit | The complete toolkit for an integrated management system covering quality, environment and health and safety. |
| P-112 Remote Working Policy | Policy setting out the organisation approach to remote and hybrid working, including eligibility, expectations and arrangements. |
| P-36 Home Working Policy | Policy focused specifically on home working, complementing the wider remote working policy. |
| PP-1-21 Remote Working Policy Procedure | Policy and procedure covering the practical steps for setting up, approving and reviewing remote working arrangements. |
| F-Q72 Home Working Checklist | Checklist for evaluating the home working environment, equipment and arrangements before approving home working. |
| RA-HS112 Working from Home Risk Assessment | Risk assessment template covering the hazards associated with working from home. |
| F-HS18 DSE Self-Assessment | Self-assessment form for employees to evaluate their display screen equipment setup at home or in the office. |
Note - all the above files can be downloaded with an alphaZ subscription.
Frequently Asked Questions
UK Legislation
The following UK legislation is relevant to managing home and hybrid workers. Organisations outside the UK should identify the equivalent legislation applicable in their jurisdiction.
- Health and Safety at Work etc. Act 1974
- Management of Health and Safety at Work Regulations 1999
- Health and Safety (Display Screen Equipment) Regulations 1992
- Data Protection Act 2018
- Flexible Working Regulations 2014
