Acceptable Use Policy (AUP)
Effective Date: 09MAR2018
Review Date: 09MAR2019
As a hosting provider, Secure-24 LLC (“Secure-24”) offers its Customers (also known as “Subscribers”), and their end users the means to acquire and disseminate public, private, commercial, and non- commercial information through Secure-24 devices, networks, and infrastructure. Secure-24 respects that the Internet provides a forum for free and open discussion and dissemination of information. However, when there are competing business, legal, security or other concerns, Secure-24 reserves the right to take preventative or corrective actions. In order to balance these competing interests, Secure-24 has developed this Acceptable Use Policy (“AUP”), which supplements and explains certain terms of each customer’s respective service agreement and is intended as a guide to the Customer’s rights and obligations when utilizing Secure-24’s services. Notwithstanding the foregoing, the terms of the Master Service Agreement, including all Schedules thereto, shall supersede and govern with regard to any conflict between this document and the Master Services Agreement or Schedules thereto. This AUP may be revised from time to time and revisions shall be applicable in accordance with the terms of the Master Service Agreement.
One important aspect of the Internet is that no one party owns or controls it. This fact accounts for much of the Internet’s openness and value. But, it also places a high premium on the judgment and responsibility of those who use the Internet, both in the information they acquire and in the information they disseminate to others. When Subscribers obtain information through the Internet, they must keep in mind that Secure-24 cannot monitor, verify, warrant, or vouch for the accuracy and quality of the information that Subscribers may acquire. For this reason, the Subscriber must exercise his or her best judgment in relying on information obtained from the Internet, and also should be aware that some material posted to the Internet is sexually explicit or otherwise offensive. Because Secure-24 cannot monitor or censor the Internet, and will not attempt to do so, Secure-24 cannot accept any responsibility for injury to its Subscribers that results from inaccurate, unsuitable, offensive, or illegal Internet communications.
It is the responsibility of Department Managers to ensure that all employees involved in activities within this document are trained.
It is the responsibility of all employees involved with this document to comply with all requirements outlined below.
The users that are responsible for the knowledge of activities contained within this document are listed within the Training Assignment Matrix Form which is attached to the hard copy of the signed document.
When Subscribers disseminate information through the Internet, they also must keep in mind that Secure-24 does not review, edit, censor, or take responsibility for any information its Subscribers may create. When users place information on the Internet, they have the same liability as other authors for copyright infringement, defamation, and other harmful speech. Also, because the information they create is carried over Secure-24’s network and may reach a large number of people, including both Subscribers and nonsubscribers of Secure-24, Subscribers’ postings to the Internet may affect other Subscribers and may harm Secure-24’s goodwill, business reputation, and operations. In doing so, Customer may violate this Acceptable Use Policy and/or the Master Services Agreement between the parties to which this policy is an Exhibit, when Customer, its users, affiliates, or subsidiaries engage in, or attempt to engage in, the following prohibited activities:
- Publishing, transmitting, or distributing defamatory, abusive, harassing, threatening, or obscene or pornographic language or materials, especially child pornography.
- Publishing, transmitting, or distributing information encouraging the violation of laws or the disruption of lawful business activities.
- Distributing malware including, but not limited to, viruses, worms, Trojan horses, spyware, adware, and key loggers.
- Sending unsolicited bulk and/or commercial messages over the Internet (known as “spamming”).
- Maintaining an open SMTP relay.
- Engaging in “hacking”, “cracking”, mail bombing, port scanning, denial of service, or other malicious or destructive activities, whether lawful or unlawful, that Secure-24 determines to be harmful to its Subscribers, operations, reputation, goodwill, or customer relations.
- Disrupting the use of or interfering with the ability of others to effectively use the network or any connected network, system, service, or equipment.
- Violating export control laws or regulations.
- Facilitating a violation of this AUP by advertising, transmitting, or otherwise making available any software, program, product, or service that is designed to violate this AUP, including, but not limited to the facilitation of the means to spam, flooding, mail bombing, and denial of service attacks.
- Subverting security, investigative, authentication, or other controls designed to protect the confidentiality, integrity, and availability of information including, but not limited to, spoofing, forging headers, altering or deleting logs, impersonating other users, misrepresenting the originator of a message, password cracking, encryption cracking, and disabling security software or rendering it useless for its intended purpose.
- Installing malware or any software intended to subvert security, investigative, authentication, or other controls on Subscriber’s, another Subscribers, or Secure-24’s servers or devices.
- Engaging in activities that violate the Intellectual Property rights of other parties including copyright infringement, patent infringement, trademark infringement, service mark infringement, software piracy, and trade secret disclosure.
- Gaining or attempting to gain unauthorized and/or illegal access to other computers or networks including attempting to penetrate security measures of another system and any activity that might be used as a precursor to an attempted system penetration (e.g. port scan, stealth scan, vulnerability scan, reconnaissance, or other information gathering activity)
- Engaging in activity that violates privacy (including data privacy), publicity, or other personal rights of others.
- Engaging in illegal activities of any kind including, but not limited to, advertising, transmitting, or otherwise making available Ponzi schemes, pyramid schemes, fraudulently charging credit cards, and pirating software.
- Transferring Customer Data or other data to Secure-24 a) without any required consents, b) in violation of any data privacy laws or c) that require control requirements that are not in scope of the applicable SOW. Customer shall have a legal business purpose for transferring Customer Data to Secure-24.
Secure-24 will not, as an ordinary practice, monitor the communications of its Subscribers to ensure that they comply with this Secure-24 policy or applicable law. When Secure-24 becomes aware of harmful activities, however, it may take any action to stop the harmful activity as permitted in accordance with the Master Services Agreement between the parties, which may include but not be limited to, removing information, shutting down a web site, implementing screening software designed to block offending transmissions, denying access to the Internet, taking a server off-line, or taking any other permissible action it deems appropriate.
Secure-24 is aware that many of its Subscribers are themselves providers of Internet services and that information reaching Secure-24’s facilities from those Subscribers may have originated from a customer of the Subscriber or from another third-party. Secure-24 does not require its Subscribers who offer Internet services to monitor or censor transmissions or web sites created by customers of its Subscribers. Secure-24 reserves the right to take action against Subscribers or their customers to help enforce compliance with this policy. Secure-24 anticipates that Subscribers who offer Internet services will reasonably cooperate with Secure-24 in any corrective or preventive action that Secure-24 deems necessary for compliance with this policy. Failure to cooperate with such corrective or preventive measures is a violation of this Secure-24 policy.
Secure-24 also is concerned with the privacy of on-line communications and web sites. In general, the Internet is neither more nor less secure than other means of communication, including mail, facsimile, and voice telephone service, all of which can be intercepted and otherwise compromised. As a matter of prudence, however, Secure-24 urges its Subscribers to assume that all of their on-line communications are insecure and to take appropriate security measures. In general, the Internet is neither more nor less secure than other means of communication, including mail, facsimile, and voice telephone service, all of which can be intercepted and otherwise compromised. As a matter of prudence, however, Secure-24 urges its Subscribers to assume that all of their on-line communications are insecure and to take appropriate security measures.
Secure-24 will not intentionally monitor the contents of private electronic mail messages sent or received by its Subscribers unless required to do so by law, governmental authority, or when public safety is at stake or when requested by the Customer. An exception to this policy is the automated monitoring of e-mail by security tools for virus scanning, spam blocking, and other security measures including logging message traffic and monitoring for communication with known or suspected “botnets” or other suspicious sites, domains, or IP addresses. Secure-24 may also monitor its service electronically to determine that its facilities are operating satisfactorily.
Secure-24 is required by law to remove or block access to customer content upon receipt of a proper notice of copyright infringement. It is also Secure-24’s policy to terminate the privileges of customers who commit repeated violations of copyright laws.
Secure-24 is required by law to notify law enforcement agencies if it becomes aware of the presence of child pornography on or being transmitted through Secure-24’s network.
Secure-24 may disclose information including, but not limited to, information concerning a Subscriber, a transmission made using our network or using an internet service such as a web site, in order to comply with a court order, subpoena, summons, discovery request, warrant, statute, regulation, or governmental request in accordance with the Master Services Agreement between the parties. Finally, Secure-24 may disclose Subscriber information or information transmitted over its network where necessary to protect Secure-24 and others from harm, or where such disclosure is necessary to the proper operation of the system in accordance with the Master Services Agreement between the parties.
Secure-24 expects that it’s Subscribers who provide Internet services to others will comply fully with all applicable laws concerning the privacy of on-line communications. A Subscriber’s failure to comply with those laws will violate Secure-24 policy.
Any complaints or information about a Subscriber’s violation of this AUP should be emailed to firstname.lastname@example.org.