ITECS ACCEPTABLE USE POLICY

Last Updated: March 01, 2025
Version: 2.1

1. INTRODUCTION

This Acceptable Use Policy ("AUP") specifies the actions prohibited by ITECS Outsourcing LLC. ("ITECS") to users of ITECS hosting and managed services. ITECS reserves the right to modify the Policy at any time, effective upon posting of the modified Policy to this URL: https://itecsonline.com/legal-aup

2. ILLEGAL USE

ITECS services may be used only for lawful purposes. Transmission, distribution, or storage of any material in violation of any applicable law or regulation is prohibited. This includes, without limitation:

• Material protected by copyright, trademark, trade secret, or other intellectual property right used without proper authorization
• Material that is obscene, defamatory, or constitutes an illegal threat
• Content that violates export control laws or regulations
• Any content or activities that violate applicable local, state, or federal laws

3. SYSTEM AND NETWORK SECURITY

Violations of system or network security are prohibited and may result in criminal and civil liability. ITECS will investigate incidents involving such violations and will cooperate with law enforcement if a criminal violation is suspected.

3.1 Unauthorized Activities

The following activities are strictly prohibited:

• Unauthorized access to or use of data, systems, or networks
• Any attempt to probe, scan, or test system vulnerability without express written authorization
• Unauthorized monitoring of data or traffic on any network or system
• Interference with service to any user, host, or network
• Deliberate attempts to overload a system
• Forging of any TCP-IP packet header or any part of the header information
• Any attempts to circumvent or disable security mechanisms

3.2 Prohibited Services

The following services are not permitted on ITECS infrastructure:

• Cryptocurrency mining operations
• Email spam services or mass mailing operations
• Peer-to-peer file sharing networks
• Dark web services or unauthorized proxy operations
• Any service designed to circumvent security measures

4. SYSTEM RESOURCES AND PERFORMANCE

4.1 Resource Limitations

Customers must adhere to the following resource constraints:

• Virtual/dedicated server resources must not exceed 85% of allocated CPU or RAM for periods exceeding 30 minutes
• Storage usage must remain within purchased quota with a 10% buffer maintained
• Network bandwidth usage must align with service plan specifications
• Excessive I/O operations that impact shared infrastructure are prohibited

4.2 Fair Use

• Services must not degrade performance for other customers
• Resource-intensive operations must be scheduled during off-peak hours (1 AM - 5 AM CST)
• Applications requiring high resource utilization must receive prior written approval

5. DATA PROTECTION AND PRIVACY

5.1 Regulatory Compliance

Customers are responsible for:

• Maintaining HIPAA compliance when handling protected health information
• Ensuring PCI-DSS compliance for payment processing
• Meeting all industry-specific regulatory requirements
• Complying with applicable data protection and privacy laws

5.2 Data Management

Requirements include:

• Encryption of sensitive data at rest and in transit
• Regular data backup implementation
• Secure data disposal procedures
• Compliance with data retention policies
• Protection of personal information according to applicable privacy laws

6. CLIENT DATA MIGRATION RESPONSIBILITIES

6.1 ITECS Responsibilities

When a client terminates services with ITECS and transitions to another Managed Service Provider (MSP), ITECS will:

• Maintain service continuity during the agreed-upon transition period
• Provide administrative access to the client's hosted assets
• Respond to reasonable requests for information about the client's environment configuration
• Maintain security and integrity of all systems during the transition
• Provide accurate billing for services rendered through the end of the service agreement

6.2 Client and New MSP Responsibilities

The client and/or their new MSP will be responsible for:

• Planning and executing the data migration strategy
• Creating copies or exports of all required data
• Setting up the new hosting environment
• Conducting all migration activities including data transfer, validation, and testing
• Managing any DNS changes or other network adjustments required for the transition

6.3 Administrative Access

Upon confirmation of service termination and receipt of a formal request:

• Administrative credentials will be provided to the client's authorized representative
• Access will be granted for a reasonable timeframe to facilitate migration
• All access will be documented and monitored per security protocols

6.4 Backup and Data Migration Clarifications

ITECS will NOT:

• Provide copies of internal backup sets or backup infrastructure
• Perform data migration to the new MSP's environment
• Install or configure tools on behalf of the new MSP
• Troubleshoot issues within the new MSP's environment
• Perform post-migration validation or testing

The client/new MSP must:

• Use their own tools and processes to extract and migrate data
• Perform their own data validation and testing
• Manage all aspects of configuring their new environment

6.5 Transition Timeline

• Administrative access will be provided within 2 business days of a formal written request
• Standard transition period is 90 days from termination notice
• Extended transition support may be available for an additional fee

7. SECURITY REQUIREMENTS

7.1 Access Controls

Mandatory security measures include:

• Complex passwords (minimum 12 characters, including uppercase, lowercase, numbers, and special characters)
• Multi-factor authentication for all administrative access
• SSH key-based authentication for server access
• Password rotation every 90 days
• Unique credentials for each user

7.2 System Security

Required security practices:

• Critical security patches applied within 7 days of release
• Non-critical security patches applied within 30 days
• ITECS-approved antivirus/antimalware software
• Regular vulnerability assessments
• Properly configured firewalls with least-privilege access

8. EMAIL AND COMMUNICATIONS

8.1 Email Usage

The following are prohibited:

• Sending unsolicited commercial email (spam)
• Using another site's mail server to relay mail without permission
• Harvesting email addresses for mass mailing
• Sending malicious attachments or links

8.2 Network Communications

Prohibited activities include:

• Excessive cross-posting or multiple-posting
• Network abuse or flooding
• Deliberate propagation of malware
• Deceptive marketing practices

9. THREAT MONITORING AND PREVENTION

9.1 Security Monitoring

ITECS maintains the right to:

• Monitor for security threats and compromise indicators
• Investigate suspicious activity patterns
• Require customer cooperation in security investigations
• Take immediate action to prevent system compromise
• Block traffic from suspicious sources

9.2 Incident Response

Customers must:

• Report security incidents promptly
• Cooperate with incident investigations
• Implement required security measures
• Follow ITECS's incident response procedures

10. ENFORCEMENT

10.1 Violation Responses

ITECS will respond to violations as follows:

• First violation: Written warning and 24 hours to remediate
• Second violation: 48-hour service suspension
• Third violation: Service termination
• Critical violations may result in immediate service suspension

10.2 Appeals Process

• Appeals must be submitted in writing within 48 hours
• Supporting documentation required
• Decision provided within 3 business days
• ITECS's determination is final

11. INDIRECT OR ATTEMPTED VIOLATIONS

Any indirect or attempted violations of this Policy, including violations by third parties on behalf of a customer, shall be considered violations by the customer.

12. REPORTING VIOLATIONS

Report security incidents or AUP violations to:

• Email: info [at] itecsonline.com
• Phone: 1-877-483-2710

13. MODIFICATIONS

ITECS reserves the right to modify this AUP at any time. Changes become effective upon posting to https://itecsonline.com/legal-aup. Customers are responsible for regularly reviewing this AUP.