ITECS ACCEPTABLE USE POLICY

Last Updated: February 2025
Version: 2.0

1. INTRODUCTION

This Acceptable Use Policy ("AUP") specifies the actions prohibited by ITECS Outsourcing LLC. ("ITECS") to users of ITECS hosting and managed services. ITECS reserves the right to modify the Policy at any time, effective upon posting of the modified Policy to this URL: https://itecsonline.com/legal-aup

2. ILLEGAL USE

ITECS services may be used only for lawful purposes. Transmission, distribution, or storage of any material in violation of any applicable law or regulation is prohibited. This includes, without limitation:

• Material protected by copyright, trademark, trade secret, or other intellectual property right used without proper authorization
• Material that is obscene, defamatory, or constitutes an illegal threat
• Content that violates export control laws or regulations
• Any content or activities that violate applicable local, state, or federal laws

3. SYSTEM AND NETWORK SECURITY

Violations of system or network security are prohibited and may result in criminal and civil liability. ITECS will investigate incidents involving such violations and will cooperate with law enforcement if a criminal violation is suspected.

3.1 Unauthorized Activities

The following activities are strictly prohibited:

• Unauthorized access to or use of data, systems, or networks
• Any attempt to probe, scan, or test system vulnerability without express written authorization
• Unauthorized monitoring of data or traffic on any network or system
• Interference with service to any user, host, or network
• Deliberate attempts to overload a system
• Forging of any TCP-IP packet header or any part of the header information
• Any attempts to circumvent or disable security mechanisms

3.2 Prohibited Services

The following services are not permitted on ITECS infrastructure:

• Cryptocurrency mining operations
• Email spam services or mass mailing operations
• Peer-to-peer file sharing networks
• Dark web services or unauthorized proxy operations
• Any service designed to circumvent security measures

4. SYSTEM RESOURCES AND PERFORMANCE

4.1 Resource Limitations

Customers must adhere to the following resource constraints:

• Virtual/dedicated server resources must not exceed 85% of allocated CPU or RAM for periods exceeding 30 minutes
• Storage usage must remain within purchased quota with a 10% buffer maintained
• Network bandwidth usage must align with service plan specifications
• Excessive I/O operations that impact shared infrastructure are prohibited

4.2 Fair Use

• Services must not degrade performance for other customers
• Resource-intensive operations must be scheduled during off-peak hours (1 AM - 5 AM CST)
• Applications requiring high resource utilization must receive prior written approval

5. DATA PROTECTION AND PRIVACY

5.1 Regulatory Compliance

Customers are responsible for:

• Maintaining HIPAA compliance when handling protected health information
• Ensuring PCI-DSS compliance for payment processing
• Meeting all industry-specific regulatory requirements
• Complying with applicable data protection and privacy laws

5.2 Data Management

Requirements include:

• Encryption of sensitive data at rest and in transit
• Regular data backup implementation
• Secure data disposal procedures
• Compliance with data retention policies
• Protection of personal information according to applicable privacy laws

6. SECURITY REQUIREMENTS

6.1 Access Controls

Mandatory security measures include:

• Complex passwords (minimum 12 characters, including uppercase, lowercase, numbers, and special characters)
• Multi-factor authentication for all administrative access
• SSH key-based authentication for server access
• Password rotation every 90 days
• Unique credentials for each user

6.2 System Security

Required security practices:

• Critical security patches applied within 7 days of release
• Non-critical security patches applied within 30 days
• ITECS-approved antivirus/antimalware software
• Regular vulnerability assessments
• Properly configured firewalls with least-privilege access

7. EMAIL AND COMMUNICATIONS

7.1 Email Usage

The following are prohibited:

• Sending unsolicited commercial email (spam)
• Using another site's mail server to relay mail without permission
• Harvesting email addresses for mass mailing
• Sending malicious attachments or links

7.2 Network Communications

Prohibited activities include:

• Excessive cross-posting or multiple-posting
• Network abuse or flooding
• Deliberate propagation of malware
• Deceptive marketing practices

8. THREAT MONITORING AND PREVENTION

8.1 Security Monitoring

ITECS maintains the right to:

• Monitor for security threats and compromise indicators
• Investigate suspicious activity patterns
• Require customer cooperation in security investigations
• Take immediate action to prevent system compromise
• Block traffic from suspicious sources

8.2 Incident Response

Customers must:

• Report security incidents promptly
• Cooperate with incident investigations
• Implement required security measures
• Follow ITECS's incident response procedures

9. ENFORCEMENT

9.1 Violation Responses

ITECS will respond to violations as follows:

• First violation: Written warning and 24 hours to remediate
• Second violation: 48-hour service suspension
• Third violation: Service termination
• Critical violations may result in immediate service suspension

9.2 Appeals Process

• Appeals must be submitted in writing within 48 hours
• Supporting documentation required
• Decision provided within 3 business days
• ITECS's determination is final

10. INDIRECT OR ATTEMPTED VIOLATIONS

Any indirect or attempted violations of this Policy, including violations by third parties on behalf of a customer, shall be considered violations by the customer.

11. REPORTING VIOLATIONS

Report security incidents or AUP violations to:

• Email: info [at] itecsonline.com
• Phone: 1-877-483-2710

12. MODIFICATIONS

ITECS reserves the right to modify this AUP at any time. Changes become effective upon posting to https://itecsonline.com/legal-aup. Customers are responsible for regularly reviewing this AUP.