A VPN (Virtual Private Network) creates an encrypted tunnel between two endpoints over an untrusted network such as the internet. Typical use cases include remote access to the corporate network and site-to-site connectivity. In an ISMS, VPN is a key control for protecting confidentiality and integrity during remote work. Common protocols include IPsec and WireGuard. Access to the VPN should be secured with multi-factor authentication.