Acceptable Use Policy

3.1 Unauthorized Activities

The following activities are strictly prohibited:

• Unauthorized access to or use of data, systems, or networks
• Any attempt to probe, scan, or test system vulnerability without express written authorization
• Unauthorized monitoring of data or traffic on any network or system
• Interference with service to any user, host, or network
• Deliberate attempts to overload a system
• Forging of any TCP-IP packet header or any part of the header information
• Any attempts to circumvent or disable security mechanisms

4.1 Resource Limitations

Customers must adhere to the following resource constraints:

• Virtual/dedicated server resources must not exceed 85% of allocated CPU or RAM for periods exceeding 30 minutes
• Storage usage must remain within purchased quota with a 10% buffer maintained
• Network bandwidth usage must align with service plan specifications
• Excessive I/O operations that impact shared infrastructure are prohibited

5.1 Regulatory Compliance

Customers are responsible for:

• Maintaining HIPAA compliance when handling protected health information
• Ensuring PCI-DSS compliance for payment processing
• Meeting all industry-specific regulatory requirements
• Complying with applicable data protection and privacy laws

6.1 ITECS Responsibilities

When a client terminates services with ITECS and transitions to another Managed Service Provider (MSP), ITECS will:

• Maintain service continuity during the agreed-upon transition period
• Provide administrative access to the client's hosted assets
• Respond to reasonable requests for information about the client's environment configuration
• Maintain security and integrity of all systems during the transition
• Provide accurate billing for services rendered through the end of the service agreement

6.2 Client and New MSP Responsibilities

The client and/or their new MSP will be responsible for:

• Planning and executing the data migration strategy
• Creating copies or exports of all required data
• Setting up the new hosting environment
• Conducting all migration activities including data transfer, validation, and testing
• Managing any DNS changes or other network adjustments required for the transition

6.3 Administrative Access

Upon confirmation of service termination and receipt of a formal request:

• Administrative credentials will be provided to the client's authorized representative
• Access will be granted for a reasonable timeframe to facilitate migration
• All access will be documented and monitored per security protocols

6.4 Backup and Data Migration Clarifications

ITECS will NOT:

• Provide copies of internal backup sets or backup infrastructure
• Perform data migration to the new MSP's environment
• Install or configure tools on behalf of the new MSP
• Troubleshoot issues within the new MSP's environment
• Perform post-migration validation or testing

The client/new MSP must:

• Use their own tools and processes to extract and migrate data
• Perform their own data validation and testing
• Manage all aspects of configuring their new environment

7.1 Access Controls

Mandatory security measures include:

• Complex passwords (minimum 12 characters, including uppercase, lowercase, numbers, and special characters)
• Multi-factor authentication for all administrative access
• SSH key-based authentication for server access
• Password rotation every 90 days
• Unique credentials for each user

8.1 Email Usage

The following are prohibited:

• Sending unsolicited commercial email (spam)
• Using another site's mail server to relay mail without permission
• Harvesting email addresses for mass mailing
• Sending malicious attachments or links

9.1 Security Monitoring

ITECS maintains the right to:

• Monitor for security threats and compromise indicators
• Investigate suspicious activity patterns
• Require customer cooperation in security investigations
• Take immediate action to prevent system compromise
• Block traffic from suspicious sources

10.1 Violation Responses

ITECS will respond to violations as follows:

• First violation: Written warning and 24 hours to remediate
• Second violation: 48-hour service suspension
• Third violation: Service termination
• Critical violations may result in immediate service suspension