Facebook at Work is a new service from Facebook designed to allow colleagues in organizations to collaborate and network in a similar way to how Facebook users interact in ordinary Facebook:

https://work.fb.com/

This article describes how to allow your users access to your corporate Facebook at Work social network, while preventing them from accessing their standard Facebook account
 

You will need to block most Facebook requests, but allow requests to your corporate page:

company.facebook.com

As well as several other background domains necessary to display content from Facebook

SSL interception: This is a prerequisite and essential for controlling Facebook traffic as it is almost exclusively served in HTTPS. 

Policy to be implemented:
Here is some sample policy which according to testing allows Facebook at work for your Facebook at Work page (e.g. company.facebook.com), but blocks other facebook.com requests:

1) Using CPL policy:

<proxy> 
ALLOW condition=fbatwork 
DENY url.domain=facebook.com 

define condition fbatwork 
url.domain=fbcdn.net 
url.domain=company.facebook.com (where company is your company name) 
url.host.regex=chat.facebook.com 
end 

For details about how to install CPL, have a look at this KB article:

How do I add CPL to a local policy file on the ProxySG?

2) Using VPM:

a) Create a new Web Access layer
b) Create a first rule: Source: Any (or a user or group, as you wish) Destination: New > Combined Destination Object > New URL and then add each of these URLs, one at a time:

fbcdn.net 
company.facebook.com
chat.facebook.com 

With this policy, you should be able to open company.facebook.com but you will be denied opening facebook.com