Remote Work Policy Indian Companies: Practical Drafting Guide for Employers

Reviewed and Validated by: Kartavya Ostwal, Advocate

A remote work policy is more than just permission to work from home, It’s a framework that outlines expectations, responsibilities and compliance needs

For Indian companies, remote work can be useful for flexibility, talent access and employee convenience. However, it can also create practical risks around supervision, communication, cyber security, client data, timekeeping, attendance, work allocation and employee accountability. A good remote work policy should therefore create flexibility without weakening discipline.

Purpose of a Remote Work Policy

The purpose of a remote work policy is to establish a structured framework that supports productivity, accountability and business continuity.

The policy should not leave remote work to informal understanding between employees and managers. It should state who is eligible, what responsibilities apply, what infrastructure is required, how attendance is recorded and what standards employees must meet while working away from office.

Applicability of Employment Contract and Company Policies

Remote working shall in no way affect or change the employee‘s employment contract, appointment letter, confidentiality, code of conduct or disciplinary procedures, company policy or any other policy of the company. The employee shall remain subject to all employment regulations wherever he/she is working.

Define Who Is Covered

The policy should specify whether it applies to employees whose primary work location is outside the office, employees who are temporarily permitted to work remotely, or office-based employees who may shift to remote working in specific situations such as relocation.

The policy should also state that remote work may be allowed on a permanent or temporary basis at the company’s discretion. HR may assess eligibility on a case-by-case basis where employees request remote working due to location or other relevant circumstances.

This is important because not every role can be performed remotely in the same way. Some roles may require office presence, client-facing work, access to physical records, team coordination, secure infrastructure or location-specific compliance.

Read another article: Legal Requirements for Startups in India

Remote Work Should Remain Subject to Company Discretion

Remote work should be treated as a  company-approved arrangement, not an automatic employee entitlement.

The policy should state that the company may approve, modify, suspend or withdraw remote work based on business requirements, team needs, productivity concern, performance issue, security, compliance requirements or operational concerns.

This allows the company to deal with situations where the remote work arrangement is no longer operationally effectively, where the employee is repeatedly unavailable, where data security concerns arise, or where the role requires closer supervision.

Workspace Requirements

Employees working remotely should be required to choose a quiet and distraction-free working space. Employees should remain fully available and engaged in their assigned duties during working hours and should avoid treating remote work as a casual or flexible availability arrangement.

The policy should make clear that the place of work may change, but the employee’s duties do not. The employee remains responsible for attending meetings, meeting deadlines, completing tasks, responding to work related communications, complying with company policies and protecting company information.

Employees should ensure that their workspace is reasonably safe, suitable for work purposes and does not expose confidential information to unauthorised persons.

Work-From-Home Infrastructure

The policy should specify the minimum work-from-home infrastructure required.

Employees should have a stable broadband connection, power backup and mobile internet redundancy so that work deliverables, internal meetings and external meetings are not disrupted.

Where disruptions are repeatedly observed, the reporting manager should be able to raise the issue and question whether the employee’s work-from-home setup is adequate. Employees should also be required to proactively inform their reporting manager and HR if they face challenges with their remote work setup.

This requirement helps minimise disruptions and maintain accountability Without infrastructure standards, employees may repeatedly rely on internet, power or device issues to justify missed calls, poor responsiveness or delayed deliverables.

Company Asset and Equipment Policy

In the case of the company provided laptops, mobile phones, monitors, headsets or other company assets responsibility is of the employee for proper use maintenance and safe handling of such equipment should rest eith the employee. The policy should mention the repair, and reporting requirements in case of damages or return on resignation or termination of employment, or withdrawal of policy.

Availability During Working Hours

Remote employees should remain available and responsive during working hours.

A good policy should require employees to follow the break and attendance schedules agreed with their manager. They should also ensure that their schedules overlap with team members as long as necessary to complete duties effectively.

Where the company operates with client calls, internal calls, project meetings or team-dependent deliverables, the policy should expressly state that employees must attend required calls and meetings.

Remote work should not mean that the employee can decide availability unilaterally. The manager and team must know when the employee will be available, when breaks apply and how work coordination will happen.

Attendance and Timekeeping

The policy should clearly state how attendance and working hours will be recorded.

Remote employees should be required to comply with the working schedule and attendance requirements communicated by their reporting manager If they are absent or late, they should inform HR and the manager in advance. Unexcused or unreported absence for an extended period may be treated seriously under the company’s attendance and separation framework.

Employees should accurately record and maintain their working hours through the company’s timekeeping system where applicable. They should diligently record their hours so that attendance, payroll, leave and other employment records remain accurate.

Any falsification or manipulation of attendance records, time logs or working hours may result in disciplinary action.

This helps prevent disputes over salary, leave, overtime, absenteeism and productivity.

Working Hours

The remote work policy should clearly identify working hour expectations.

Employees should complete regular working hours as applicable to internal or client projects. They should also attend internal and client calls as required by projects.

If project demands require weekend work or additional hours, the policy should explain how such work will be approved, recorded and compensated or adjusted, depending on the company’s internal framework.

Remote work should not result in uncontrolled overtime. It should also not allow employees to be unavailable during normal working hours.

Companies should ensure that remote work arrangements comply with applicable labour laws, Shops and Establishments requirements and statutory obligations relating to working hours, rest periods and leave entitlements.

Manager Responsibilities

Managers should not simply approve remote work and then disengage.

A good remote work policy should require team members and managers to determine long-term and short-term goals. Managers should frequently meet employees, either online or in person where possible, to discuss progress and results.

Managers should also monitor deliverables, clarify expectations, check whether schedules overlap with team requirements, address infrastructure problems and raise concerns where remote work affects performance.

This ensures that remote work remains measurable and outcome-oriented.

Office Attendance for Remote Employees

A remote work policy may still require periodic office attendance.

For example, employees may be required to attend office depending on business requirements, employee location, project requirements or operational needs. . The frequency may differ depending on whether the employee is within or outside geographical area, in the same city or in another city.

This is useful where the company wants to preserve team integration, conduct periodic in-person meetings, complete documentation, collect or return assets, handle training or maintain team co-ordination

The policy should make clear that remote work does not eliminate the company’s right to require office attendance when necessary.

Cyber Security and Device Security

Remote work increases cyber security risk because employees access company accounts and systems from outside the office.

Employees should be required to keep personal and company-issued devices secure. This includes password protection, antivirus software, regular security updates, ensuring devices are not left unlocked or unattended and logging into company accounts and systems only through secure and private networks.

Employees should avoid accessing internal systems from other people’s devices, lending their own devices to others or using public Wi-Fi for company work.

Remote employees should comply with applicable data protection standard and encryption requirements prescribed by the Company. .

Confidential Data Handling

Remote employees may have access to confidential data such as customer information, partner data, vendor data, employee records, unpublished financial information, customer lists, internal documents and technology-related information.

The policy should require employees to avoid transferring sensitive data to other devices or accounts unless absolutely necessary. When employees are unsure about sharing sensitive data, they should consult the reporting manager. For mass transfer of data, employees should seek support from the relevant support or IT team.

Employees should also share confidential data over company networks or systems and not over public Wi-Fi or private unsecured connections. They should ensure that recipients of data are properly authorised and have adequate security policies.

Reporting Security Incidents

The remote work policy should require immediate reporting of security incidents.

Employees should immediately report scams, privacy breaches, hacking attempts, suspicious emails, phishing attempts, , stolen equipment, damaged equipment any identified security vulnerabilities in company systems.

In the event of loss or theft of a device, employees should immediately change account credentials and notify the designated HR or IT team.

This is critical because delayed reporting may increase harm to company systems, client data, employee information and business operations.

Clear Screen and Device Locking

The policy should include basic remote security hygiene.

Employees should lock devices when leaving their desks, turn off screens where required, avoid leaving devices unattended and refrain from downloading suspicious, unauthorised or illegal software on company equipment.

These obligations may look simple, but they are important in remote work environments where family members, visitors, roommates or unrelated persons may be present near the employee’s workspace.

Remote Work and Social Media

Remote employees should continue to follow the company’s social media policy.

The policy should prohibit employees from using social media in a manner that disregards job responsibilities and deadlines, discloses confidential information or directs offensive comments towards members of the online community through personal or business accounts.

This is important because remote work often increases reliance on digital communication. Employees may blur personal and professional boundaries, making social media conduct a relevant workplace concern.

Employees should notify their reporting manager and HR in advance, wherever reasonably possible, in case of delay, absence or inability to attend work.

Remote Work and Attendance Breaches

The policy should explain the consequences where ian employee is repeatedly late, absent or unavailable.

Corrective counselling  waring measures  may be used as a first attempt at resolution, However, company may take stricter action where the employee is repeatedly remain absent, repeats the conduct, or where the absence or tardiness affects work.

Unexcused or unreported absence should not be treated as working time. The policy should further provide that repeated or serious attendance breaches may result in disciplinary action, including termination in appropriate cases.

Employees should also notify their reporting manager and HR in advance wherever reasonably possible in case of delay, absence or inability to attend work.

Disciplinary Consequences for Security Breaches

The cyber security section should define consequences for breach.

For a first-time, unintentional, small-scale security breach, the company may issue a warning and train the employee on security. For intentional, repeated or large-scale breaches causing serious damage, more severe disciplinary action, including termination, may be invoked. Each incident should be examined case by case.

Employees who disregard security instructions may also face progressive discipline even if their conduct has not yet resulted in an actual security breach.

Sample Remote Work Policy Clause

The Company may permit eligible employees to work remotely on a permanent or temporary basis, subject to business requirements, role requirements, team requirements, performance standard, security considerations and prior approval by the Company.

Employees working remotely shall choose a quiet and distraction-free workspace and shall dedicate their full attention to their duties during working hours. Employees shall follow the working hours, break schedule and attendance requirement  and availability requirements agreed with their reporting manager.

Employees shall maintain stable internet connectivity, adequate power backup and mobile internet redundancy to ensure that work deliverables, internal meetings, client meetings and other work obligations are not disrupted.

Employees shall remain available and responsive during working hours, attend internal and client meeting  as required, complete assigned work within prescribed timelines and ensure that their work schedule overlaps with team members where necessary.

Employees shall keep all company devices, documents, data and systems secure. Employees shall access company accounts and systems only through secure networks, avoid unauthorised transfer of sensitive data, refrain from using public Wi-Fi for confidential work and immediately report any suspected or actual data breach, suspicious email, phishing attempt, stolen device, damaged equipment or security weakness.

The Company may modify, suspend or withdraw remote work approval if the arrangement affects performance, availability, team coordination, security, compliance or business requirements. Violation of this policy may invite disciplinary action, including termination in serious cases.

The Company reserves the right to modify, suspend or withdraw remote work approval based on business requirements, operational needs, performance concerns or security considerations.

Practical Drafting Checklist

• Define who is eligible for remote work.
• State whether remote work is permanent, temporary or discretionary.
• Require HR or manager approval.
• Define working hours and availability.
• Require attendance and timekeeping compliance.
• Require overlap with team schedules.
• Set minimum work-from-home infrastructure.
• Require a quiet and distraction-free workspace.
• Require stable internet and power backup.
• Require secure devices and private networks.
• Prohibit unauthorised transfer of sensitive data.
• Require immediate reporting of cyber incidents.
• State when office attendance may be required.
• Define manager responsibilities.
• Reserve the company’s right to modify or withdraw remote work.
• State disciplinary consequences for breach.

Common Mistakes Employers Should Avoid

• The first mistake is allowing remote work informally without a written policy.
• The second mistake is failing to. defining working hours.
• The third mistake is not maintaining attendance and timekeeping records.
• The fourth mistake is failing to. setting infrastructure standards.
• The fifth mistake is ignoring cyber security requirements.
• The sixth mistake is not requiring secure networks.
• The seventh mistake is notregulate the transfer of confidential or sensitive information .
• The eighth mistake is not requiring incident reporting.
• The ninth mistake is assuming remote employees never need to attend office.
• The tenth mistake is failing to. linking remote work to performance, availability and business needs.

FAQs

What is a remote work policy?

A remote work policy is an HR policy and operational framework that sets out the rules for employees working from a location other than the company’s office. It generally covers eligibility, approval, working hours, availability, infrastructure, attendance, data security and employee responsibilities.

Can remote work be temporary or permanent?

Yes. A company may permit remote work on a permanent or temporary basis, subject to the company discretion,  role requirement  and business  needs.

What infrastructure should remote employees maintain?

Remote employees should maintain a stable broadband connection, power backup and alternative internet arrangement to avoid disruption to deliverables, internal meetings and external meetings.

Should remote employees follow attendance schedules?

Yes. Remote employees should follow the break and attendance schedules agreed with their manager and should inform HR and the manager in advance if they are absent or late.

Can remote employees be required to attend office?

Yes. A remote work policy may require periodic office attendance depending on distance, city, project needs, documentation, team requirements or company requirements.

What cyber security rules should apply to remote employees?

Remote employees should use secure devices, password protection, antivirus software, updated systems, secure private networks and should avoid public Wi-Fi or other people’s devices for company work.

What should employees do if there is a suspected data breach?

Employees should report suspected or actual data breaches, scams, suspicious emails, hacking attempts, phishing attempts or security weaknesses immediately to the the designated HR, IT or reporting authority

Corrida Legal Note

A remote work policy should be written as a complete operating framework. It should give employees flexibility, but it should also protect the company’s productivity, data, systems, attendance discipline and client obligations. The policy should be clear enough for employees to follow and strong enough for managers and HR to enforce.