Overseas Work & System Access Procedure
Guidelines for staff, managers, and IT on notifying, approving, and securing system access when working overseas.
1. Purpose
This procedure ensures that any staff working outside Australia notify management and IT in advance so overseas access to company systems can be reviewed and approved.
This process helps reduce the risk of:
- Account compromise
- Fraudulent activity
- Unnecessary security alerts and investigations
2. Scope
This procedure applies to all staff accessing company systems while located outside Australia.
3. Notification Requirement
Staff intending to work while overseas must notify their manager prior to travel. Once approved, the staff member must email IT@investorkit.com.au with the required information before any overseas system access occurs.
Advance notification allows IT to:
- Verify legitimate travel activity
- Adjust monitoring systems accordingly
- Reduce the likelihood of accounts being incorrectly flagged or restricted
4. Required Information
The following must be included in the email to IT@investorkit.com.au
- Destination country
- Travel dates
- Overseas contact phone number (if applicable)
- Emergency contact details
- Manager approval and manager contact details
5. IT Review Process
Once notified, IT will review the request and assess the following:
- Risk profile of the destination region
- User role and system access level
- Current cybersecurity threat intelligence
- Monitoring and access control requirements
Based on this review, IT will determine whether overseas system access can proceed and whether any additional security controls are required.
6. Possible Outcomes
Access Approved
Overseas access is approved and the employee may continue to work while travelling.
Access Approved with Additional Controls
Additional security measures may be applied, such as:
- Increased monitoring
- Additional authentication requirements
- Restricted access permissions
Access Not Recommended
Where the security risk is considered high, IT may recommend that system access is not permitted while overseas.
7. Unexpected Overseas Access
If overseas login activity is detected without prior notification or approval, access may be temporarily blocked until the activity can be verified as legitimate.
Unapproved overseas access may be treated as a potential security incident until verified. Once travel activity is confirmed, access will be restored as appropriate.
8. Responsibilities
Staff
- Notify their manager prior to working overseas
- Once approved, email IT@investorkit.com.au with the required travel and contact information
Managers
- Approve whether a team member is permitted to work while overseas
- Confirm approval to the staff member so they can submit directly to IT
IT
- Review overseas access requests submitted to IT@investorkit.com.au
- Assess security risks associated with the region and user access level
- Determine whether system access can be permitted, requires additional controls, or should be restricted
9. Review
This procedure will be reviewed periodically to ensure it remains aligned with company security requirements and evolving cybersecurity risks.
