BCS

Policy

Remote Working Policy — BCS-managed devices only.

Every BCS clinician working remotely does so on a BCS-issued, encrypted, centrally managed device, over an approved connection. Personal laptops, personal hotspots and unmanaged networks are not permitted under any circumstances.
See our compliance stack Talk to us

Scope

Who this policy applies to.

This policy applies to every pharmacist, pharmacy technician and clinical team member employed or deployed by Bespoke Clinical Services (BCS), at all times when accessing NHS clinical systems, patient data or BCS systems remotely — from home, from a hub, from a partner site, or from any other location outside a PCN or GP practice premises.

It is a condition of employment and a condition of deployment to any PCN or practice contract. It exists to protect patients, our NHS partners, and the BCS workforce.

Devices

BCS-managed devices only.

BCS pharmacists are not permitted to use personal laptops, tablets or phones to access clinical systems or patient data. Every device is issued by BCS, encrypted at rest, centrally managed, and remotely wipeable.

  • All devices issued and owned by BCS — no BYOD
  • Full-disk encryption enforced on every device
  • Mobile Device Management (MDM) with remote lock and wipe
  • Endpoint protection, patching and live monitoring centrally managed
  • Screen lock, complex passwords and multi-factor authentication required
  • Devices returned to BCS on exit; access revoked the same day

Connectivity

Approved networks only. No personal hotspots.

Personal mobile hotspots, public Wi-Fi and unmanaged home networks are not approved for clinical work. Remote access to NHS systems is routed via the BCS HSCN connection and approved secure connectivity only.

  • Connection to NHS systems via the BCS HSCN network
  • Approved, password-protected home broadband with WPA2/WPA3 only
  • No personal mobile hotspots, no tethering from personal phones
  • No public, café, hotel or shared Wi-Fi for clinical work
  • No VPNs, proxies or anonymisers other than those provisioned by BCS
  • Network activity logged and monitored in line with NHS DSPT

Working environment

A safe, private, professional space.

  • Clinical work conducted in a private space — no shared screens visible to family or visitors
  • Headsets used for any patient or clinical conversation
  • No printing of patient information at home
  • No storage of patient data on personal devices, personal cloud accounts or removable media
  • Devices locked when stepping away, even briefly

Governance

How we enforce it.

  • Policy signed by every pharmacist before first clinical access
  • Annual information governance and cyber security training (mandatory)
  • Quarterly device and access audits across the workforce
  • Any breach reported within 24 hours and managed through the BCS incident process
  • Cyber Essentials certified, NHS DSPT compliant, ISO-aligned controls
  • Policy reviewed annually and following any material change

Why it matters

Security you can prove to your PCN and to CQC.

Most data breaches in primary care start with an unmanaged device or an unmanaged network — a personal laptop, a hotel Wi-Fi, a hotspot from a family member's phone. BCS removes that risk at the source by owning the device, owning the connection, and owning the responsibility.

A copy of this policy, alongside the full CQC and information governance evidence pack, is shared with every PCN at the point a service goes live. For any questions, contact us via our contact page.

Talk to our Service Development team

30-minute discovery call. We'll show you how BCS maps to your PCN's specific priorities.

Book a discovery call