Remote access policies and standards should be established as an important part of BCP implementation. In the event of a disaster, personnel may be able to work from a remote location and vendors may be allowed remote access to back-up facilities. As such, remote access guidelines should be developed addressing acceptable configuration and software requirements for certain remote devices that may introduce security risks. Remote access policies should address various security guidelines including prior management approval requirements, controls for third-party access, and virus controls. If employees are allowed to use personal computers for remote access during a disaster, management should ensure that only secure connections are used e.g., VPN. In addition, clear guidance should be established and disseminated to employees regarding appropriate procedures to follow when accessing or transmitting confidential information from a remote location.