With split tunnelling, the VPN tunnel is used only for traffic destined for the corporate network while remaining internet traffic flows directly through the local connection. This reduces latency and saves VPN bandwidth. The risk: the endpoint is simultaneously connected to the internet and the corporate network, potentially serving as a bridge for attacks. In your ISMS you must weigh whether the performance benefits justify the increased risk. If you allow split tunnelling, strengthen endpoint security measures (EDR, firewall) and narrowly define which direct connections are permitted.