Remote Agent Workstation Security Audit

Inspection template for verifying that at-home agents use approved workstations with required security controls, current patches, active antivirus and firewall protection, secure remote access, and no local storage of customer data.

Approved Device and Workstation Identity

• Device is on the approved asset list
  Confirm the workstation asset tag, hostname, or device ID matches an approved company-managed or authorized remote-work device.
• No unauthorized shared or public device in use
  Confirm the agent is not using a public, shared, or unapproved personal device for handling customer work.
• Local admin privileges are restricted
  Verify the user does not have unnecessary local administrator access on the workstation.
• Device encryption is enabled
  Confirm full-disk encryption is active on the workstation to protect data at rest.
• Operating system and endpoint agent versions recorded
  Record the current OS version and any required endpoint management or security agent versions.

Endpoint Protection and Patch Status

• Firewall is enabled and enforcing policy
  Verify the host firewall is active and configured according to company policy.
• Antivirus or EDR protection is active
  Confirm antivirus or endpoint detection and response protection is installed, running, and not disabled.
• Virus definitions or security signatures are current
  Verify security signatures are up to date within the organization-defined threshold.
• Operating system patches are current
  Record the number of days since the last successful OS security update and confirm it is within policy.
• Required browser and collaboration app updates are current
  Confirm browsers, softphone tools, chat clients, and other required applications are patched to approved versions.

Remote Access and Session Security

• VPN or approved secure remote access is in use
  Confirm the agent connects through the approved VPN, virtual desktop, or other sanctioned remote access method.
• Multi-factor authentication is required for access
  Verify MFA is enforced for remote access and sensitive applications.
• Screen lock activates after inactivity
  Confirm the workstation locks automatically after the company-defined inactivity period.
• Remote session is not left unattended while active
  Observe whether the agent leaves an active remote session unlocked or unattended during the audit.

Customer Data Handling and Local Storage

• No customer data stored locally on the workstation
  Verify there are no local files, downloads, screenshots, exports, or cached records containing customer data on the device.
• No customer data stored on removable media
  Confirm customer data is not saved to USB drives, external disks, or other removable storage.
• Browser downloads and desktop folders are clear of customer records
  Check common local storage locations for exported reports, screenshots, or files containing customer information.
• Approved cloud or system-of-record storage is used instead of local storage
  Verify the agent uses approved enterprise systems for any required file storage or case documentation.

Physical Workspace and Closeout

• Screen is positioned to prevent unauthorized viewing
  Confirm the monitor is positioned to reduce shoulder-surfing risk from household members or visitors.
• Sensitive information is not visible in the workspace
  Verify printed materials, notes, or other visible items do not expose customer or company confidential information.
• Inspector comments and corrective actions documented
  Record all deficiencies, non-conformances, and required remediation steps identified during the audit.
• Inspector signature
  Signature of the person completing the inspection.