Just as a technology neutral discussion – if you let your own employees (IT admins) remotely access the network to perform administrative tasks/systems administration when off site – do you let them use their own personal equipment to hook up to the network – or do you provide them with a “managed endpoint” for such access. If it’s a managed endpoint can you describe the endpoint and what controls you put on it? If you let them remote into the network from their home PC – do you have any additional controls over that kind of admin activity? i.e. what is the risk of letting them use their home PC as opposed to a “managed endpoint”? Ive put it technology neutral but by all means discuss the technology and controls you use.