­Introduction

This customer acceptable use policy defines Deep Run Security’s policy that is designed to protect Deep Run Security, its customers (“Customers”) and any other persons, parties or entities on the Internet from any negative impact caused by inappropriate activities. This agreement is between you or the entity you represent, or, if no such entity is designated by you in connection with a Subscription purchase or renewal, you individually (“you”) and Deep Run Security (“Deep Run”, “we”, “us”, or “our”) and consists of the below terms and conditions, as well as the Acceptable Use Policy, the Service Terms, the SLAs and the Offer Details for your subscription or renewal (together the “Agreement”). It is effective on the date we provide you with confirmation of your Subscription or the date on which your subscription is renewed as applicable. All Customers shall adhere to this policy and are subject to the terms and conditions herein.

Deep Run Security reserves the right to perform activities to audit, test, and investigate the security of Customer sites in an effort to ensure that security protections are maintained and that Customer sites do not bypass, or allow others to bypass, Deep Run Security controls.

If, in its sole discretion, Deep Run Security believes that systems located within Microsoft Azure facilities are being used in an unlawful or improper manner (whether civil or criminal) or for unlawful or improper activities, Deep Run Security will fully cooperate with civil- and criminal-enforcement authorities conducting investigations of such use or activities. Deep Run Security will also support the investigation of the prohibited activities listed below and any other activities that Deep Run Security, in its sole discretion, believes impact the operation or security of Deep Run Security, Customers or other systems accessible by Customers or Customers’ clients or users.

Acceptable Use

Customers have access to and perform data management assessment activities within their company and customer’s SPECTRUM environments. Customers are responsible for ensuring that these activities do not impose risks to, or negative impacts on, Deep Run Security, Customers or other sites or systems. Customers are also responsible for adhering to all local, state, federal and international laws and regulations relating to Customer operations.

Because Deep Run Security relies on a shared infrastructure to support Customers, it is necessary that Deep Run Security set policies and standards associated with how each SPECTRUM customer environment is secured and used. The compromise of one Customer site may result in an impact on Deep Run Security or other Customers. Therefore, all Customers shall adhere to all applicable security and best practices standards.

Prohibited Activities

Each Customer is responsible for ensuring that it does not allow Deep Run Security systems to be used for any of the following purposes:

  • gaining, or attempting to gain, unauthorized access to any system or customer environment that does not belong to the Customer;
  • sending unsolicited e-mail or other messages or communication in any form (e.g., spam);
  • altering, defacing or otherwise causing any unauthorized or unapproved modification of any system belonging to Deep Run Security, another Customer or any other system on the Internet;
  • storing, transmitting or processing material in a manner that violates intellectual-property rights or laws or regulations, including, without limitation, those associated with trade secrets, copyrights, patents and trademarks;
  • violating the privacy rights of others, including, without limitation, the collection of information about individuals without their knowledge or consent, except as allowed by applicable laws and regulations;
  • transmitting or storing any material/data that is unlawful, obscene, harassing, libelous, abusive or hateful; that encourages unlawful acts; or that may be interpreted as violating the civil rights of others;
  • storing or transmitting material that violates local, state, federal or international laws or regulations;
  • engaging in, or permitting, any activity that leads to a degradation or denial of service for Deep Run Security, another Customer or any other system or site on the Internet;

Customers are prohibited from assisting any persons in using Customer systems located at Deep Run Security to engage in any of the activities listed above. If a Customer becomes aware of any such activity, the Customer must remedy the situation immediately. The Customer shall also notify Deep Run Security, by telephone within four hours and in writing within 24 hours, of the detection of a violation by such Customer or its agents.

Each Customer is responsible for ensuring that security controls are not circumvented by way of actions taken by it or individuals accessing such Customer’s systems.

Each Customer shall not:

  • configure its systems to bypass security controls, including, without limitation, the installation of programs or services that allow the systems to be managed or accessed insecurely or through unauthorized means;
  • conduct online security audits or tests against or through Deep Run Security systems or networks without coordination with and the explicit, written consent of an authorized officer of Deep Run Security;
  • gain, or attempt to gain, unauthorized access to Deep Run Security networking, security, management, backup, storage or monitoring systems;
  • install programs or configure systems to allow the monitoring, or “sniffing,” of data traveling over a shared network;
  • access, or attempt to access, security-relevant information, such as password files that may, among other things, be used to gain unauthorized access to system accounts;
  • install or use software for the purpose of cracking encrypted data, including, without limitation, stored passwords; or
  • remove or disable security software or services, including, without limitation anti-virus software, logging utilities or authentication services.
  • hold Deep Run or its affiliates up to public scorn or ridicule
  • reselling Deep Run services, in whole or in part, to any entity or individual, without Deep Run’s prior written consent, or misrepresenting your relationship with Deep Run Security

Each Customer must implement measures and procedures to ensure that its accounts are not accessed or used in an unauthorized manner, including, without limitation, the following.

  • Each Customer must maintain, and provide Deep Run Security with, a list of authorized individuals and accounts that are permitted to remotely access such systems hosted by Deep Run Security.
  • Each Customer must notify Deep Run Security in writing if a user no longer requires remote access to Deep Run Security’s site. To ensure that access is deleted on time, Deep Run Security must receive this notification at least five business days in advance of the date that the access is no longer needed by that individual.
  • Remote-access accounts shall not be transferred from one individual to another, nor shall they be shared between individuals. Each user shall have an individual remote-access account that uniquely and accurately identifies the owner of the account.

Each Customer assumes all responsibility for the consequences of the use of its accounts by an unauthorized individual.

Violations and Remedies

Deep Run Security reserves the right to suspend or terminate at any time the account of any Customer that, in the sole discretion of Deep Run Security, fails to adhere to any of these policies. Deep Run Security has the right to seek legal remedies for any damages, costs or expenses that may be incurred as a result of a violation of any of these policies by or through a Customer.

Depending on the nature of the violation or alleged violation, Deep Run Security may be notified of violations in a number of ways, including by an external organization, agency, entity or individual that is affected by the activities of a Customer or, when a violation is detected internally, by a source within Deep Run Security.

Deep Run Security retains the sole right to determine whether a violation of this policy has occurred. In general, Deep Run Security will attempt to work with Customers to address violations of this policy in accordance with the steps outlined below but is not required to do so. However, based on the severity of the violation or the number or nature of complaints received, Deep Run Security, in its sole discretion, has the absolute right to immediately terminate service.

Each Customer remains responsible for performing all of its obligations under applicable Managed Services Agreements and Schedules and for paying all fees billed by Deep Run Security, including, without limitation, monthly service fees and termination fees. If the violation is not remedied by the agreed-upon timeframe, Deep Run Security has the right to terminate or suspend services to the Customer. Deep Run Security retains the sole right and discretion to permanently terminate services to the Customer or to resume service upon remedy of the violation and to obtain whatever assurances Deep Run Security requires from Customer that the violation will not repeat. If, in Deep Run Security’s sole discretion, the violation or alleged violation is such that Deep Run Security elects not, or is unable, to contact the Customer, Deep Run Security shall take the steps it deems appropriate.

Notwithstanding anything to the contrary herein, Deep Run Security reserves the right to immediately suspend any Services without notice to, or approval from, Customer if Deep Run Security, in its sole discretion, deems such suspension necessary to protect its systems, facilities or interests or those of its customers or third parties, including, without limitation, in response to any perceived threat of a computer virus, exploit scripts or other malicious software or denial-of-service attack (in each case, from any source) on Deep Run Security’s computer systems or network; provided, however, that Deep Run Security will use commercially reasonable efforts to notify Customer prior to such suspension.

General Terms and Conditions Regarding this Policy

THE CUSTOMER AGREES TO BE BOUND BY ALL OF THE TERMS AND CONDITIONS HEREIN. From time to time, Deep Run Security may modify this policy. Therefore, Deep Run recommends that all Customers visit www.Deeprunsecurity.com/services/spectrum to insure your activities conform to the most recent version. By using the Deep Run Security or facilities after any such modifications, the Customer agrees to those modifications. If at any time the Customer chooses not to accept this policy, the Customer agrees to discontinue use of such services or facilities.

Please send reports of any violations of this acceptable-use policy to deeprun@Deeprunsecurity.com.