Mobile working and remote system access offers great benefits, but exposes new risks that need to be managed. Risk based policies and procedures that support mobile working or remote access to systems that are relevant to users, as well as service providers should be created. Train users on the secure use of their mobile devices in the environments they are likely to be working in.