Statement Of Services

This Statement of Services (“Service Statement”) contains provisions that define, clarify, and govern the provisions  of the quote to which it is attached (the “Quote”). If you do not agree with the terms of this Service Statement, you  should not sign the Quote and you must contact us for more information. 

This Service Statement is effective as of date on which you accepted the Quote (“Effective Date”). 

This Service Statement describes generally all managed services provided by ITCubed; however, only those services  described in the Quote will be provided to you (collectively, the “Services”). Activities or items that are not  specifically described in the Quote will be out of scope and will not be provided to you unless otherwise agreed to  by us in writing.  

SCOPE OF SERVICES 

Onboarding Services 

• Uninstall any monitoring tools or other software installed by previous IT consultants.
• Compile a full inventory of all protected servers, workstations, and laptops. 
• Uninstall any previous virus protection and install our managed antivirus application.
• Install remote support access application on each managed device to enable remote support.
• Configure patch management application and check for missing security updates. 
• Uninstall unsafe applications or applications that are no longer necessary. 
• Optimize device performance including disk cleanup, antivirus, and spyware scans. 
• Review firewall configuration and other network infrastructure devices. 
• Review status of battery backup protection on all devices. 
• Stabilize network and assure that all devices can securely access the file server. 
• Review and document current server configuration and status. 
• Determine existing backup strategy and status; prepare backup options for consideration.
• Review password policies and update user and device passwords. 
• As applicable, make recommendations for changes that should be considered to the managed  environment. 

If deficiencies are discovered during the onboarding process, we will bring those issues to your attention and discuss  the impact of the deficiencies on our provision of our monthly managed services. Please note, unless otherwise  expressly stated in the Quote, onboarding-related services do not include the remediation of any issues, errors, or  deficiencies (“Issues”), and we cannot guarantee that all Issues will be detected during the onboarding process.  

Ongoing/Recurring Services  

Ongoing/recurring services begin upon the completion of onboarding services (if any). 

Managed Services 

Below is a general description of the managed services we provide. To the extent that these services are expressly  stated in the Quote, they will be provided to you as follows: 

MANAGED EQUIPMENT / HARDWARE / SOFTWARE 

The Services will be applied to the company issued equipment, hardware and software listed in the “Managed  Environment” schedule (collectively, the “Environment”), a copy of which accompanies this Service Statement.  This schedule is current as of the signing of this agreement. Inventory controls are maintained and will be made  available upon request. Items that are not included in the Environment may not receive or benefit from the  Services. Adding additional items to the Environment may require additional costs or fees; please contact us for  more information. 

Data Backup & Disaster Recovery 

ITCubed’s backup and disaster recovery (BDR) services include: 

• Managed backup of servers and workstations listed in the Quote 
  • 24/7 monitoring of backup system, including offsite backup, offsite replication, and an onsite  backup appliance (“Backup Appliance”) 
  • Troubleshooting and remediation of failed backup disks
  • Preventive maintenance and management of imaging software
  • Firmware and software updates of backup appliance
  • Problem analysis by the network operations team
  • Monitoring of backup successes and failures
  • Weekly recovery verification

• Backed-Up Servers / Workstations: See Quote for servers/workstations that will be backed up.
  
  • Note: Data on equipment that is not specifically listed in the Quote will not be backed up.  
• Storage Limitation: Client will be allocated storage space for backup and recovery purposes as listed in the  Quote. Any space required or requested by Client beyond the initial amount provided to Client (e.g., if Client exceeds the allocated storage space or additional space is reasonably anticipated) will require the  payment of additional fees and costs.
• Backup Frequency: On-site backups will occur in real time; offsite backups will occur on a schedule  determined initially by ITCubed based on Client’s needs; however, the schedule may subsequently be  modified by mutual agreement between ITCubed and Client.  
• Backup Data Security: All backed up data is encrypted in transit and at rest in 256-bit AES encryption. All  facilities housing backed up data implement physical security controls and logs, including security  cameras, and have multiple internet connections with failover capabilities. 
• Backup Retention: ITCubed only guarantees retrieval of the most recent recovery point sent to the  backup appliance in a local recovery situation. ITCubed only guarantees retrieval of archived data sent to  the off-site data center in the prior calendar day. 

LICENSE GRANT 

All Backup Appliances are embedded with proprietary software (“BDR Software”). ITCubed hereby grants to Client  a non-exclusive, royalty free, non-transferable license, during the term of this Service Statement, to use the BDR  Software in conjunction with the BDR-related services provided by ITCubed. Client shall not reverse engineer, de compile or otherwise use the BDR Software in any manner not specifically authorized by ITCubed. 

RECOVERY OF BACKED-UP DATA 

You must contact us if data recovery services are needed. Upon your payment of the applicable fees (described  below), we will make your backed up data available to you in a hosted, virtual environment. Your access to the  backed up data will continue for a period of two (2) weeks; extended access time is available as described in the Fees  section, below. 

Physical Locations Covered by Services 

Services will be provided remotely unless, in our discretion, we determine that an onsite visit is required. Onsite  visits will be scheduled in accordance with the priority assigned to the issue (below), and are subject to technician  availability. Unless we agree otherwise, all onsite Services will be provided at Client’s primary office location listed  in the Quote. Additional fees may apply for onsite visits: Please review the Service Level section below for more  details. 

Term; Termination 

The Services will commence, and billing will begin, on the date indicated in the Quote (“Commencement Date”) and  will continue through the initial term listed in the Quote (“Initial Term”). We reserve the right to delay the  Commencement Date until all onboarding/transition services (if any) are completed, and all deficiencies / revisions  identified in the onboarding process (if any) are addressed or remediated to ITCubed’s satisfaction. The Services will  continue through the Initial Term until terminated as provided in the Agreement, the Quote, or as indicated in this  section (the “Service Term”). 

AUTO-RENEWAL 

After the expiration of the initial Service Term, the Service Term will automatically renew for contiguous terms equal  to the initial Service Term (each a “Renewal Term”) unless either party notifies the other of its intention to not renew  the Services no less than thirty (30) days before the end of the then-current Service Term. The fees charged by us  during each Renewal Term will be increased to reflect our then-current rates which may be higher than the prior  term.

Assumptions/Minimum Requirements/Exclusions 

The scheduling, fees and provision of the Services are based upon the following assumptions and minimum  requirements:  

• Server hardware must be under current warranty coverage. 
• All equipment with Microsoft Windows® operating systems must be running then-currently supported  versions of such software and have all of the latest Microsoft service packs and critical updates installed.
• All software must be genuine, licensed and vendor-supported. 
• Server file systems and email systems (if applicable) must be protected by licensed and up-to-date virus  protection software. 
• The Environment must have a currently licensed, vendor-supported server-based backup solution that can  be monitored. 
• All wireless data traffic in the environment must be securely encrypted. 
• There must be an outside static IP address assigned to a network device, allowing VPN/RDP/ control  access.  
• All servers must be connected to working UPS devices. 
• Recovery coverage assumes data integrity of the backups or the data stored on the backup devices. We  do not guarantee the integrity of the backups or the data stored on the backup devices. Server  restoration will be to the point of the last successful backup.  
• Client must provide all software installation media and key codes in the event of a failure.
• Any costs required to bring the Environment up to these minimum standards are not included in this  Service Statement. 
• Client must provide us with exclusive administrative privileges to the Environment.
• Client must not affix or install any accessory, addition, upgrade, equipment, or device on to the firewall,  server, or NAS appliances (other than electronic data) unless expressly approved in writing by us. 

EXCLUSIONS 

Services that are not expressly described in the Quote will be out of scope and will not be provided to Client unless  otherwise agreed, in writing, by ITCubed. Without limiting the foregoing, the following services are expressly  excluded, and if required to be performed, must be agreed upon by ITCubed in writing: 

• Customization of third-party applications, or programming of any kind. 
• Support for operating systems, applications, or hardware no longer supported by the  manufacturer. 
• Data/voice wiring or cabling services of any kind. 
• Battery backup replacement. 
• Equipment relocation. 
• The cost to bring the Environment up to the Minimum Requirements (unless otherwise  noted in “Scope of Services” above). 
• The cost of repairs to hardware or any supported equipment or software, or the costs to  acquire parts or equipment, or shipping charges of any kind.

Service Levels 

Automated monitoring is provided on an ongoing (i.e., 24x7x365) basis; response, repair, and/or remediation  services (as applicable) will be provided only during business hours unless otherwise specifically stated in the  Quote. We will respond to problems, errors, or interruptions in the provision of the Services in the timeframe(s)  described below. Severity levels will be determined by ITCubed at our discretion after consulting with the Client.  All remediation services will initially be attempted remotely; ITCubed will provide onsite service only if remote  remediation is ineffective and, under all circumstances, only if covered under the Service plan selected by Client.

All time frames are calculated as of the time that ITCubed is notified of the applicable issue / problem by Client  through ITCubed’s designated support portal, service desk, email, or by telephone at the telephone number listed  in the Quote. Notifications received in any manner other than described herein may result in a delay in the  provision of remediation efforts.  

Service desk support provided outside of our normal support hours will be billed to Client at the hourly rate of  $165/hour (one hour minimum applies, unless otherwise agreed in writing between ITCubed and client). 

Additional Service Levels

Fees 

The fees for the Services will be as indicated in the Quote. 

CHANGES TO ENVIRONMENT Initially, you will be charged the monthly fees indicated in the Quote. Thereafter, if  the managed environment changes, or if the number of authorized users accessing the managed environment changes, then you agree that the fees will be automatically and immediately modified to accommodate those  changes.  

MINIMUM USERS The initial number of Users indicated in Quote are the minimum number of users (“Minimum  User Number”) that you must maintain throughout the duration of the Services under the Quote. You agree that  the Minimum User Number will not drop below the amounts indicated in the Quote unless we agree to the  reduction. All modifications to the amount of hardware, devices, or users under the Quote (as applicable) must be  in writing and accepted by both parties.  

INCREASES In addition, we reserve the right to increase our monthly recurring and data recovery fees; provided,  however, if an increase is more than five percent (5%) of the fees charged for the Services in the prior calendar year,  then you will be provided with a sixty (60) day opportunity to terminate the Services by providing us with written  notice of termination. You will be responsible for the payment of all fees that accrue up to the termination date and  all pre-approved, non-mitigatable expenses that we incurred in our provision of the Services through the date of  termination. Your continued acceptance or use of the Services after this sixty (60) day period will indicate your  acceptance of the increased fees. 

TRAVEL TIME If onsite services are provided, we will travel up to 45 minutes from our office to your location at no  charge. Time spent traveling beyond 45 minutes (e.g., locations that are beyond 45 minutes from our office,  occasions on which traffic conditions extend our drive time beyond 45 minutes one-way, etc.) will be billed to you  at our then current hourly rates. In addition, we reserve the right to bill you, without markup, for all tolls, parking  fees, and related expenses that we incur if we provide onsite services to you. 

APPOINTMENT CANCELLATIONS You may cancel or reschedule any onsite appointment with us at no charge by  providing us with notice of cancellation at least one business day in advance. If we do not receive timely notice of  cancellation/re-scheduling, or if you are not present at the scheduled time or if we are otherwise denied access to  your premises at a pre-scheduled onsite appointment time, then you agree to pay us a cancellation fee equal to two  (2) hours of our normal hourly rates. 

AUTOMATED PAYMENT You are encouraged to pay your invoices by credit card and/or by ACH, as described below,  to avoid late fees and potential suspension of Services for untimely payment. If you authorize payment by credit  card and ACH, then the ACH payment method will be attempted first. If that attempt fails for any reason, then we  will process payment using your designated credit card.

• • ACH. When enrolled in an ACH payment processing method, you authorize us to electronically debit your  designated checking or savings account, as defined and configured by you in our payment portal, for any  payments due under the Quote. This authorization will continue until otherwise terminated in writing by  you. We will apply a service charge to your account, equal to the amount that we are charged by our  bank, for any electronic debit that is returned unpaid due to insufficient funds or due to your bank’s  electronic draft restrictions. 
  • Credit Card. When enrolled in a credit card payment processing method, you authorize us to charge  your credit card, as designated by you in our payment portal, for any payments due under the Quote.  

Removal of Software Agents; Return of Firewall & Backup Appliances 

Unless we expressly direct you to do so, you will not remove or disable, or attempt to remove or disable, any  software agents that we installed in the Environment. Doing so without our guidance may make it difficult or  impracticable to remove the software agents, which could result in network vulnerabilities and/or the continuation  of license fees for the software agents for which you will be responsible, and/or the requirement that we  remediate the situation at our then-current hourly rates, for which you will also be responsible. Depending on the  particular software agent and the costs of removal, we may elect to keep the software agent in the Environment  but in a dormant and/or unused state. 

Within ten (10) days after being directed to do so, Client will remove, package and ship, at Client’s expense and in  a commercially reasonable manner, all hardware, equipment, and accessories provided to Client by ITCubed that  were used in the provision of the Services. If you fail to timely return all equipment to us, or if the equipment is  returned to us damaged (normal wear and tear excepted), then we will have the right to charge you, and you  hereby agree to pay, the replacement value of all such unreturned or damaged equipment. 

Additional Terms 

ADVICE 

From time to time, we may provide you with specific advice and directions related to the Services (“Advice”). We  strongly suggest that you follow our Advice to avoid issues, errors, or other unwanted delays in the Services and/or  outages in the Environment. Note, your failure to follow our Advice could result in downtime or other issues for  which you might incur significant charges—so please take our Advice when offered and, if you have any questions  about our Advice, please do not hesitate to schedule a time to chat with us. 

MONITORING SERVICES; ALERT SERVICES 

Unless otherwise indicated in the Quote, all monitoring and alert-type services are limited to detection and  notification functionalities only. Monitoring levels will be set by ITCubed, and Client shall not modify these levels  without our prior written consent. 

REMEDIATION 

Unless otherwise provided in the Quote, remediation services will be provided in accordance with the recommended  practices of the managed services industry. Client understands and agrees that remediation services are not  intended to be, and will not be, a warranty or guarantee of the functionality of the Environment, or a service plan  for the repair of any particular piece of managed hardware or software.

DARK WEB MONITORING 

Our dark web monitoring services utilize the resources of third-party solution providers. Dark web monitoring can  be a highly effective tool to reduce the risk of certain types of cybercrime; however, we do not guarantee that the  dark web monitoring service will detect all actual or potential uses of your designated credentials or information.  

MODIFICATION OF ENVIRONMENT 

Changes made to the Environment without our prior authorization or knowledge may have a substantial, negative  impact on the provision and effectiveness of the Services and may impact the fees charged under the Quote. You  agree to refrain from moving, modifying, or otherwise altering any portion of the Environment without our prior  knowledge or consent. For example, you agree to refrain from adding or removing hardware from the Environment,  installing applications on the Environment, or modifying the configuration or log files of the Environment without  our prior knowledge or consent. 

We will coordinate with your internal personnel (“Your Personnel”) as necessary to help ensure that the Services are  delivered efficiently and effectively. That said, we are not responsible for the remediation of issues beyond the  scope of the Quote caused by any activities undertaken by Your Personnel, such as modifications to hardware or  software configurations, installation of software, firmware upgrades, etc. unless we pre-authorized those activities. 

ANTI-VIRUS; ANTI-MALWARE 

Our anti-virus / anti-malware solution will generally protect the Environment from becoming infected with new  viruses and malware (“Malware”); however, Malware that exists in the Environment at the time that the security  solution is implemented may not be capable of being removed without additional services, for which a charge may  be incurred. We do not warrant or guarantee that all Malware will be capable of being detected, avoided, or  removed, or that any data erased, corrupted, or encrypted by or as a result of Malware or other nefarious activities  (such as hacking, phishing, etc.) will be recoverable. Given the various ways in which Viruses and other malevolent  attacks can impact and disrupt the Environment, we also suggest that you implement additional monitoring solutions  to detect subtle, invasive, and/or more advanced threats to the Environment. Please speak with your technician to  determine what other security-related options may be available to you. In order to improve security awareness, you  agree that ITCubed or its designated third-party affiliate may transfer information about the results of processed  files, information used for URL reputation determination, security risk tracking, and statistics for protection against  spam and malware. Any information obtained in this manner does not and will not contain any personal or  confidential information.  

BREACH/CYBER SECURITY INCIDENT RECOVERY 

Unless otherwise expressly stated in the Quote, the scope of the Services do not include the remediation and/or  recovery from a Security Incident (defined below). Such services, if requested by you, will be provided on a time and  materials basis under our then-current hourly labor rates. Given the varied number of possible Security Incidents,  we cannot and do not warrant or guarantee (i) the amount of time required to remediate the effects of a Security  Incident (or that recovery will be possible under all circumstances), or (ii) that all data impacted by the incident will  be recoverable. For the purposes of this paragraph, a Security Incident means any unauthorized or impermissible  access to or use of the Environment, or any unauthorized or impermissible disclosure of Client’s confidential  information (such as user names, passwords, etc.), that (i) compromises the security or privacy of the information  or applications in, or the structure or integrity of, the Environment, or (ii) prevents normal access to the Environment,  or impedes or disrupts the normal functions of the Environment.

ENVIRONMENTAL FACTORS  

Exposure to environmental factors, such as water, heat, cold, dust, or varying lighting conditions, may cause installed  equipment to malfunction. Unless expressly stated in the Quote, we do not warrant or guarantee that installed  equipment will operate error-free or in an uninterrupted manner. 

The effectiveness of any audio or video equipment that we install (such as security cameras and security recording  equipment) is limited by the features and functions of the installed devices. We do not and cannot guarantee that  any video or audio equipment will clearly capture and/or record the details of events occurring at or near installed  audio or video devices under all circumstances.  

FAIR USAGE POLICY 

Our Fair Usage Policy (“FUP”) applies to all Services that are described or designated as “unlimited.” An “unlimited”  service designation means that, subject to the terms of this FUP, you may use the service as reasonably necessary  for you to enjoy the use and benefit of the service without incurring additional time-based or usage-based costs.  However, unless expressly stated otherwise in the Quote, all unlimited services are provided during our normal  business hours only and are subject to our technicians’ availabilities, which cannot always be guaranteed. In  addition, we reserve the right to assign our technicians as we deem necessary to handle issues that are more  urgent, critical, or pressing than the request(s) or issue(s) reported by you. Consistent with this FUP, you agree to  refrain from (i) creating urgent support tickets for non-urgent or non-critical issues, (ii) requesting excessive  support services that are inconsistent with normal usage patterns in the industry (e.g., requesting support in lieu  of training), (iii) requesting support or services that are intended to interfere, or may likely interfere, with our  ability to provide our services to our other customers.  

M365/EMAIL 

You are solely responsible for the security, confidentiality and integrity of all email and the content of all email,  received, transmitted, or stored through the Microsoft 365 email service that is under your control (“M365 Email”).  You agree to refrain from uploading, posting, transmitting or distributing (or permitting any of your authorized users  of the M365 Email to upload, post, transmit or distribute) any prohibited content, which is generally content that (i)  is obscene, illegal, or intended to advocate or induce the violation of any law, rule or regulation, or (ii) violates the  intellectual property rights or privacy rights of any third party, or (iii) mischaracterizes you, and/or is intended to  create a false identity or to otherwise attempt to mislead any person as to the identity or origin of any  communication, or (iv) interferes or disrupts the services provided by ITCubed or the services of any third party, or  (v) contains Viruses, trojan horses or any other malicious code or programs. In addition, you must not use the M365  Email for the purpose of sending unsolicited commercial electronic messages (“SPAM”) in violation of any federal or  state law.  

ITCubed reserves the right, but not the obligation, to suspend Client’s access to the M365 Email and/or all  transactions occurring under Client’s M365 Email account if ITCubed believes, in its discretion, that Client’s email  account is being used in an improper or illegal manner.  

VOIP/ PHONE SYSTEM 

911 Dialing / Emergency Dialing – Limitations 

The VoIP Service (“VoIP Service”) may not support traditional 911 or E911 access to emergency services in all  locations. The 911 dialing feature of the VoIP Service is not automatic; Client may be required to take affirmative  steps to register the address where the VoIP Service will be used in order to activate the 911 Dialing feature. Client  understands that Client must inform any users of the VoIP Service of the non-availability of traditional 911 or E911.

When a VoIP calling device is registered in a particular location, it cannot be moved without re-registering the  device in the new location. Client agrees that it will not move any VoIP calling device without ITCubed’s written  consent. Client shall hold ITCubed harmless for any and all claims or causes of action arising from or related to  Client’s inability to use traditional 911 or E911 services.  

When an emergency call is made, one or more third parties use the address of Client’s registered location to  determine the nearest emergency response location, and then the call is forwarded to a general number at that  location. When the emergency location receives Client’s call, the operator will not have Client’s address and may  not have Client’s phone number. Client understands and agrees that users of the VoIP System must provide their  address and phone number in order to get help. Client hereby authorizes ITCubed to disclose Client’s name and  address to third-party service providers, including, without limitation, call routers, call centers and public service  answering points, for the purpose of dispatching emergency services personnel to Client’s registered location. 

Client understands and agrees that 911 dialing does not and will not function in the event of a power failure or  disruption. Similarly, the hosted VoIP Services will not operate (i) during service outages or suspensions or  terminations of service by Client’s broadband provider or ISP, or (ii) during periods of time in which Client’s ISP or  broadband provider blocks the ports over which the VoIP Services are provided. Client further understands and  agrees that 911 Dialing will not function if Client changes its telephone number, or if Client adds or ports new  telephone numbers to Client’s account, unless and until Client successfully register its location of use for each  changed, newly added or newly ported telephone number. 

Client expressly agrees not to use VoIP System for auto-dialing, continuous or extensive call forwarding,  telemarketing, fax broadcasting or fax blasting, or for any other use that results in excessive usage inconsistent  with standard commercial calling patterns. 

PATCH MANAGEMENT 

We will keep all managed hardware and managed software current with critical patches and updates (“Patches”)  as those Patches are released generally by the applicable manufacturers. Patches are developed by third party  vendors and, on rare occasions, may make the Environment, or portions of the Environment, unstable or cause the  managed equipment or software to fail to function properly even when the Patches are installed correctly. We will  not be responsible for any downtime or losses arising from or related to the installation or use of any Patch. We  reserve the right, but not the obligation, to refrain from installing a Patch if we are aware of technical problems  caused by a Patch, or we believe that a Patch may render the Environment, or any portion of the Environment,  unstable. 

BACKUP (BDR) SERVICES 

All data transmitted over the Internet may be subject to malware and computer contaminants such as viruses,  worms and trojan horses, as well as attempts by unauthorized users, such as hackers, to access or damage Client’s  data. Neither ITCubed nor its designated affiliates will be responsible for the outcome or results of such activities.  

BDR services require a reliable, always-connected internet solution. Data backup and recovery time will depend on  the speed and reliability of your internet connection. Internet and telecommunications outages will prevent the BDR  services from operating correctly. In addition, all computer hardware is prone to failure due to equipment  malfunction, telecommunication-related issues, etc., for which we will be held harmless. Due to technology  limitations, all computer hardware, including communications equipment, network servers and related equipment,  has an error transaction rate that can be minimized, but not eliminated. ITCubed cannot and does not warrant that  data corruption or loss will be avoided, and Client agrees that ITCubed shall be held harmless if such data corruption or loss occurs. Client is strongly advised to keep a local backup of all of stored data to mitigate against the  unintentional loss of data. 

PROCUREMENT 

Equipment and software procured by ITCubed on Client’s behalf (“Procured Equipment”) may be covered by one or  more manufacturer warranties, which will be passed through to Client to the greatest extent possible. By procuring  equipment or software for Client, ITCubed does not make any warranties or representations regarding the quality,  integrity, or usefulness of the Procured Equipment. Certain equipment or software, once purchased, may not be  returnable or, in certain cases, may be subject to third party return policies and/or re-stocking fees, all of which shall  be Client’s responsibility in the event that a return of the Procured Equipment is requested. ITCubed is not a warranty  service or repair center. ITCubed will facilitate the return or warranty repair of Procured Equipment; however, Client  understands and agrees that the return or warranty repair of Procured Equipment is governed by the terms of the  warranties (if any) governing the applicable Procured Equipment, for which ITCubed will be held harmless. 

QUARTERLY BUSINESS REVIEW; IT STRATEGIC PLANNING 

Suggestions and advice rendered to Client are provided in accordance with relevant industry practices, based on  Client’s specific needs and ITCubed’s opinion and knowledge of the relevant facts and circumstances. By rendering  advice, or by suggesting a particular service or solution, ITCubed is not endorsing any particular manufacturer or  service provider.  

VCTO OR VCIO SERVICES 

The advice and suggestions provided us in our capacity as a virtual chief technology or information officer will be for  your informational and/or educational purposes only. ITCubed will not hold an actual director or officer position in  Client’s company, and we will neither hold nor maintain any fiduciary relationship with Client. Under no  circumstances shall Client list or place the ITCubed on Client’s corporate records or accounts.  

SAMPLE POLICIES, PROCEDURES 

From time to time, we may provide you with sample (i.e., template) policies and procedures for use in connection  with Client’s business (“Sample Policies”). The Sample Policies are for your informational use only, and do not  constitute or comprise legal or professional advice, and the policies are not intended to be a substitute for the advice  of competent counsel. You should seek the advice of competent legal counsel prior to using or distributing the  Sample Policies, in part or in whole, in any transaction. We do not warrant or guarantee that the Sample Policies are  complete, accurate, or suitable for your (or your customers’) specific needs, or that you will reduce or avoid liability  by utilizing the Sample Policies in your (or your customers’) business operations. 

PENETRATION TESTING; VULNERABILITY ASSESSMENT 

Penetration testing services will be provided only if expressly stated in the Quote. Such services are intended to test  the integrity and vulnerabilities of the Environment’s defenses. Such testing could trip or activate security devices,  alarms, or other security measures, both physical and virtual, despite our efforts to avoid such occurrences. You will  be solely responsible for notifying any monitoring company and all law enforcement authorities of the potential for  “false alarms” due to the provision of the penetration testing services, and you agree to take all steps necessary to  ensure that false alarms are not reported or treated as “real alarms” or credible threats against any person, place or  property. Some alarms and advanced security measures, when activated, may cause the partial or complete  shutdown of the Environment, causing substantial downtime and/or delay to your business activities. We will not  be responsible for and will be held harmless and indemnified by you against, any claims, costs, fees or expenses  arising or resulting from (i) any response to the penetration testing services by any monitoring company or law enforcement authorities, or (ii) the partial or complete shutdown of the Environment by any alarm or security  monitoring device.  

NO THIRD-PARTY SCANNING 

Unless we authorize such activity in writing, you will not conduct any test, nor request or allow any third party to  conduct any test (diagnostic or otherwise), of the security system, protocols, processes, or solutions that we  implement in the managed environment (“Testing Activity”). Any services required to diagnose or remediate errors,  issues, or problems arising from unauthorized Testing Activity is not covered under the Quote, and if you request us  (and we elect) to perform those services, those services will be billed to you at our then-current hourly rates. 

HAAS 

You will use all ITCubed-hosted or ITCubed-supplied equipment and hardware (collectively, “Infrastructure”) for your  internal business purposes only. You shall not sublease, sublicense, rent or otherwise make the Infrastructure  available to any third party without our prior written consent. You agree to refrain from using the Infrastructure in  a manner that unreasonably or materially interferes with our other hosted equipment or hardware, or in a manner  that disrupts, or which is likely to disrupt the services that we provide to our other clientele. We reserve the right to  throttle or suspend your access and/or use of the Infrastructure if we believe, in our sole but reasonable judgment,  that your use of the Infrastructure is violates the terms of the Quote, this Service Statement, or the Agreement. 

DOMAIN NAME SERVICES  

If you register, renew, or transfer a domain name through ITCubed, we will submit the request to the applicable domain name services provider (the “Registrar”) on your behalf. Our sole responsibility is to submit the request to  the Registrar, and we are not responsible for any errors, omissions, or failures of the Registrar. 

UNSUPPORTED CONFIGURATION ELEMENTS OR SERVICES  

If you request a configuration element (hardware or software) or hosting service in a manner that is not customary  at ITCubed , or that is in “end of life” or “end of support” status, we may designate the element or service as  “unsupported,” “non-standard,” “best efforts,” “reasonable endeavor,” “one-off,” “EOL,” “end of support,” or with  like term in the service description (an “Unsupported Service”). We make no representation or warranty  whatsoever regarding any Unsupported Service, and you agree that we will not be liable for any loss or damage  arising from the provision of an Unsupported Service. Deployment and service level guarantees shall not apply to  any Unsupported Service. 

HOSTING SERVICES 

You agree that you are responsible for the actions and behaviors of your users of the Services. In addition, you agree  that neither Client, nor any of your employees or designated representatives, will use the Services in a manner that  violates the laws, regulations, ordinances, or other such requirements of any jurisdiction.  

In addition, Client agrees that neither it, nor any of its employees or designated representatives, will: transmit any  unsolicited commercial or bulk email, will not engage in any activity known or considered to be "spamming" and  carry out any "denial of service" attacks on any other website or Internet service; infringe on any copyright,  trademark, patent, trade secret, or other proprietary rights of any third party; collect, attempt to collect, publicize,  or otherwise disclose personally identifiable information of any person or entity without their express consent  (which may be through the person or entity's registration and/or subscription to Client’s services, in which case  Client must provide a privacy policy which discloses any and all uses of information that you collect) or as otherwise  required by law; or, undertake any action which is harmful or potentially harmful to ITCubed or its infrastructure.

Client is solely responsible for ensuring that its login information is utilized only by Client and Client’s authorized  users and agents. Client’s responsibility includes ensuring the secrecy and strength of user identifications and  passwords. ITCubed shall have no liability resulting from the unauthorized use of Client’s login information. If login  information is lost, stolen, or used by unauthorized parties or if Client believes that any hosted applications or hosted  data has been accessed by unauthorized parties, it is Client’s responsibility to notify ITCubed immediately to request  the login information be reset or unauthorized access otherwise be prevented. ITCubed will use commercially  reasonable efforts to implement such requests as soon as practicable after receipt of notice. 

LICENSES 

If we are required to re-install or replicate any software provided by you as part of the Services, then it is your  responsibility to verify that all such software is properly licensed. We reserve the right, but not the obligation, to  require proof of licensing before installing, re-installing, or replicating software into the managed environment. The  cost of acquiring licenses is not included in the scope of the Quote unless otherwise expressly stated therein.