§ 1.602 - Utilization of access.  


Latest version.
  • § 1.602 Utilization of access.

    (a) Once an individual or organization has been issued the necessary passwords to obtain (a) Once VA issues to an attorney, agent, representative of a VA-recognized service organization, affiliated support-staff person, or individual authorized by the General Counsel under § 14.630 of this chapter the necessary logon credentials to obtain basic claims status information and read-only access to the automated claims records of individuals VA records regarding the claimants represented, access will be exercised in accordance with the following requirements. The attorney, agent, representative of a VA-recognized service organization, support-staff person, or individual authorized by the General Counsel under § 14.630 of this chapter:

    (1) The individual or organization will obtain access only from equipment and software approved in advance by the Regional Office from the location where the individual or organization primarily conducts its representation activities which also has been approved in advance Will electronically access VA records through VA IT systems only by the method of access approved in advance by VA;

    (2) The individual will Will use only his or her assigned password logon credentials to obtain access;

    (3) The individual will Will not reveal his or her password logon credentials to anyone else, or allow anyone else to use his or her passwordlogon credentials;

    (4) The individual will access Will access via VA IT systems only the VBA automated claims records of VA claimants who are represented by the person obtaining access or by the organization employing the person obtaining accessclaimants whom he or she represents or is authorized to assist in representing;

    (5) The individual will access Will access via VA IT systems a claimant's automated claims record records solely for the purpose of representing or assisting in the representation of that claimant in a claim for benefits administered by VA;

    (6) Upon Is responsible for the security of the logon credentials and, upon receipt of the passwordlogon credentials, the individual will destroy the hard copy ; so that no written or printed record containing the password will be is retained; and

    (7) The individual and organization will Will comply with all security requirements VBA VA deems necessary to ensure the integrity and confidentiality of the data and VBA's automated computer systems.

    (b) An organization granted access shall ensure that all employees

    VA IT systems; and

    (8) Will, if accredited or authorized by the General Counsel under § 14.630 of this chapter, comply with each of the standards of conduct for accredited individuals prescribed in § 14.632 of this chapter.

    (b)

    (1) A VA-recognized service organization shall ensure that all its representatives and support-staff personnel provided access in accordance with these regulations

    will

    receive

    regular, adequate training on proper security, including the items listed in § 1.603(a). Where an individual such as an attorney or registered agent is granted access, he or she will regularly review

    annual training approved by VA on proper security or annually complete VA's Privacy and Security Training.

    (2) An attorney, agent, affiliated support-staff person of an attorney or agent, or individual authorized by the General Counsel under § 14.630 of this chapter who is provided access in accordance with these regulations will annually acknowledge review of the security requirements for the system as set forth in these regulations

    and in

    , VA's Rules of Behavior, and any additional materials provided by

    VBA

    VA.

    (c) VBA VA may, at any time without notice:

    (1) Inspect the computer hardware and software utilized to obtain access and their location;

    (2) Review the security practices and training of any individual or organization granted access under attorney, agent, representative of a VA-recognized service organization, support-staff person, or individual authorized by the General Counsel under § 14.630 of this chapter provided access in accordance with these regulations; and

    (3) Monitor the access activities of an individual's or organization's access activities. attorney, agent, representative of a VA-recognized service organization, support-staff person, or individual authorized by the General Counsel under § 14.630 of this chapter. By applying for , and exercising , the access privileges under §§ 1.600 through 1.603, the applicant individual expressly consents to VBA VA monitoring the access activities of the applicant at any time for the purpose of auditing system security.

    [59 87 FR 47084, Sept. 14, 1994. Redesignated and amended at 73 FR 29870, 29879, May 22, 200837750, June 24, 2022]