38 CFR § 1.602 - Utilization of access.
(a) Once an individual or organization has been issued the necessary passwords to obtain read-only access to the automated claims records of individuals represented, access will be exercised in accordance with the following requirements:
(1) The individual or organization will obtain access only from equipment and software approved in advance by the Regional Office from the location where the individual or organization primarily conducts its representation activities which also has been approved in advance;
(2) The individual will use only his or her assigned password to obtain access;
(3) The individual will not reveal his or her password to anyone else, or allow anyone else to use his or her password;
(7) The individual and organization will comply with all security requirements VBA deems necessary to ensure the integrity and confidentiality of the data and VBA's automated computer systems.
(b) An organization granted access shall ensure that all employees provided access in accordance with these regulations will receive regular, adequate training on proper security, including the items listed in § 1.603(a). Where an individual such as an attorney or registered agent is granted access, he or she will regularly review the security requirements for the system as set forth in these regulations and in any additional materials provided by VBA.
(c) VBA may, at any time without notice:
(1) Inspect the computer hardware and software utilized to obtain access and their location;
(2) Review the security practices and training of any individual or organization granted access under these regulations; and
(3) Monitor an individual's or organization's access activities. By applying for, and exercising, the access privileges under §§ 1.600 through 1.603, the applicant expressly consents to VBA monitoring the access activities of the applicant at any time.