My company provides a managed computing service that remotely manages networks and PCs for other businesses. I am currently working with a community bank that is interested in our services, but is concerned about regulatory restrictions that may prohibit us from accessing their network and PCs remotely. Although we setup a firewall and VPN tunnel to ensure a secure connection, their network/PCs are connected to a service bureau that contains customer information (their concern is that we indirectly have access to this through their network). Is anyone aware of restrictions and whether our company needs to meet certain criteria to provide such services?