Policy of Security

Monday, May 1, 2020
Effective: Monday, October 1, 2018

Whereto safeguard security of all data, persons, property and systems, the “User” willfully and voluntarily enters into with Colletti Tech LLC (herein “Colletti Tech”, “Company”, “Host”, or “Service Provider”), this Policy of Security; hereinafter “Security Policy” and “Policy”. The definition of a “User” for this agreement, hereinafter all “Persons”, “Entities”, “Customers”, “Affiliates”, “Employees” and “Members” who accesses data from technology systems of Colletti Tech. This domain (“colletti-tech.com”), website (collectively all “sites”, “pages”, “websites”), Electronic Access Devices, solutions, on-premise service and remote service (collectively the “services rendered”) is offered by Colletti Tech to you, strictly conditioned on your acceptance without modification of the agreements, terms, conditions, policies, notices and laws within contained herein (the “Terms and Conditions”). Your use of the domain, website, tenant, systems and services constitutes your agreement to all such Terms and Conditions. Under this policy, the User agrees without modification to the binding terms and conditions as follows:

Section 1: Guarantee of Use
Whereas strictly conditioned on your acceptance and without modification, you the “User” (“individual” or “entity”) hereinafter issues to Colletti Tech LLC, your binding Guarantee of Use (“Guarantee”). Your guarantee and consent is hereby binding, to our Terms of Service and all relevant laws within the jurisdiction. Herein, this Guarantee shall be effective for all Services and Products offered by Colletti Tech including our affiliates, distributors, vendors and partners. In addition, this policy shall govern all domains, devices, websites, tenants, systems and services managed or owned by Colletti Tech.

Section 2: Warranty against Unlawful Use
Whereas the User, under no duress and voluntarily warrants to Colletti Tech against actions and usage which is abusive, deceptive, fraudulent or unlawful. Defined by policy and pursuant to the statues of the Computer Fraud and Abuse Act (18 U.S.C. § 1030), the following use of services or products shall hereinafter be classified as prohibited at all times:

(a) Credit, Currency, Transmitter, Money and Investment services;
(b) Crypto, Digital, Virtual or any currency that is not legal tender, including the use and storage hereof;
(c) Copyright, Intellectual Property, Trademark and Service Mark infringement hereof;
(d) Confidential, Personal, Protected, Proprietary or Rights Reserve breach, infringement and violation;
(e) Counterfeit or Fraudulent items, goods, products, sales and services;
(f) Gambling, Betting or Bribing in any capacity including personal, business and professional;
(g) Regulated Items, Goods, Practices and Services by exporting regulations, jurisdiction laws;
(h) Indecent, Pornography, Nudity and Obscene content, items, photos, products and services of any person regardless of age;
(i) Schemes to Defraud, Deceive, Scam, “Get-Rich Quick” or No Value Added services;
(j) Alcohol, Drug, Narcotic, Pseudo, Pharmaceutical and Paraphernalia goods and/or items;
(k) Discriminatory, Harassing, Vulgar, and/or Sexual;
(l) Export, Import, Trade or Transportation of Animals, Alcohol, Currency, Drugs;
(m) Unless stated in writing from the Duly Authorized, use by an unaffiliated Information Technology company;
(n) Use of authorized, distributed and sold third-party Services or Products from Affiliates, Distributors, Manufacturers, Partners, Vendors and Suppliers approved by Colletti Tech, in such manner inconsistent with its intended usage, expressed purpose, terms, conditions, unlawful in any jurisdiction or prohibited from said third-party; and
(o) Use of Services or Products from Colletti Tech, in such manner inconsistent with its intended usage, expressed purpose or that is unlawful in any jurisdiction shall be prohibited.

Hereof any breach of prohibited uses as classified, it shall result in the immediate Termination for Cause of such account by willful act of negligence, with possible prosecution for criminal negligence within a court of law; to the fullest extent of all applicable laws and governing statues.

Section 3: Monitoring of Activities
Whereas accessing any Electronic Access Device (“Computer”, “Device”, “Network”, “System” or “Server”) within control of Colletti Tech, all activities conducted shall be subject to monitoring pursuant to the Privacy Act (5 U.S.C. § 552). As permitted to the fullest extent of the law, all permitted activities shall hereinafter be logged, audited and replicated as necessary; not limited to archive retention as required by law.

Section 4: Classification of Data
Pursuant to the statues and laws of the Commonwealth of Pennsylvania and the United States of America, including adherence to the regulations of the Information Technology industry, Colletti Tech shall hereinafter place into full effect the following Classification of Data (“Data Classification” or “Classification”). Whereas an interest in this subject matter exists, all interested Parties agree without modification that all communication, data or information shall be issued a classification level. Herein of such related items is pertained, all digital, electronic, handwritten, oral or physical communication, data, documents, information, records shall hereby be classified within one or more levels:

(a) Secret: Pursuant to the statues of 18 U.S.C. § 1832, herein is trade secrets, processes, operations, style of works, or apparatus, or to the production, sales, shipments, purchases, transfers, identification of persons, inventories, accounts, or amount or source of any income, profits, losses, or expenditures of any person, firm, partnership, corporation, or other organization, or other commercial value, the disclosure of which would have substantial harm and irreparable damages of impairing the ability to obtain such information as is necessary to perform its statutory functions, or causing substantial harm to the competitive position of the person, firm, partnership, corporation, or other organization from which the information was obtained. Whereas data or information is classified as “Secret”, such shall be strictly controlled by the duly authorized to safeguard the records;
(b) Confidential: Pursuant to 19 C.F.R. § 201.6, concerns or relates to the trade secrets, processes, operations, style of works, or apparatus, or to the production, sales, shipments, purchases, transfers, identification of customers, inventories, or amount or source of any income, profits, losses, or expenditures of any person, firm, partnership, corporation, or other organization, or other information of commercial value, the disclosure of which is likely to have the effect of either impairing the ability to obtain such information as is necessary to perform its statutory functions, or causing substantial harm to the competitive position of the person, firm, partnership, corporation, or other organization from which the information was obtained;
(c) Proprietary: Pursuant to 15 U.S.C. § 5308, shall be any trade secrets or commercial or financial information that is privileged or confidential, which is obtained from a company;
(d) Health: Pursuant to 45 C.F.R. §§ 160-164, 45 C.F.R § 164.502(e), 45 C.F.R. § 164.504(e) and 45 C.F.R. § 164.532(d) as the security rule of business associates in the Health Insurance Portability and Accountability Act (“HIPAA”), all Protected Health Information (“PHI”) shall hereby be defined as any “individually identifiable health information” held or transmitted by a covered entity or its business associate within the statues of in any form or media, whether electronic, paper, or oral;
(e) Personal: Pursuant to 2 C.F.R. § 200.79,  information with the subject matter regarding “identification of an individual person that can be used to distinguish or trace an identity” shall be defined as Personally Identifiable Information (“PII”). Additionally, the legal name, social security number, date of birth, place of birth, mother’s maiden name, biometric records and information that is linked to an individual, such as medical, educational, financial, and employment information; or
(f) Public Release: Data or Information that is considered not to cause harm, including reclassified and unrestricted releases, to a person, firm, partnership, corporation, or other organization from which the information was obtained.

Section 5: Transmission of Data
Hereof transmitting, monitoring or receiving any form of data, Colletti Tech shall enforce the necessary encryption and security protocols on such traffic communications and electronic access systems. Herein as mandated, the following protocols shall hereby be placed into production:

(a) Standard X.509 Certificates;
(b) Symmetric 256-bit encryption;
(c) RSA public and private tokens;
(d) SHA-2 algorithm (hash functions: 256, 384, 512);
(e) ECC cryptography (hash functions: 256, 384);
(f) TLS 4096-bit public key encryption;
(g) SSL 2048-bit public key encryption; and
(h) SHSH 4096-bit algorithm-blob encryption.

Notwithstanding the necessary controls, protocols or standards, all rights to refuse the transmission of data shall be reserved by Colletti Tech and such affiliates.

Section 6: Protocols for Security
All persons who are authorized with valid credentials, shall hereinafter conform without modification to security protocols as enforced. Such protocols as defined shall include, however not limited to acceptable use of Usernames, Email Addresses and Passwords (“Credentials”). Pursuant to jurisdiction statutes, Affiliates, Distributors, Manufacturers, Partners, Vendors, Suppliers and Colletti Tech, all Users hereby grant their consent to adhere to protocol. Furthermore, if the privilege of elevated-rights (e.g. “Root”, “Administrator”, “System” & etc) has been granted to an User, they shall have the responsibility to configure and be within compliance of relevant Multi-Factor Authentication (“MFA”). Set forth, to protect all established accounts, the following protocols shall hereinafter be mandatory:

(a) Email Address shall be required in place of Display Name for User Login;
(b) Display Name may not be identical to Email Address;
(c) Password may not be identical nor similar to Display Name or Email Address;
(d) Passwords shall require a minimum of eight or more alphanumeric characters (collectively “UTF8 encoding in en-US”) composed with one capital-letter, lowercase-letter, number and special character;
(e) Identifiable personal information on record, such that is unique to the account holder:

(i) Date of Birth;
(ii) Tax Identification Number;
(iii) Physical Address;
(iv) Phone Number; or
(v) Payment Information.

(f) Multi-Factor Authentication shall require a generated token, supporting SHA-256 with a six-digit numerical sequence timed at thirty seconds as hereinafter defined:

(i) Hard-Token via USB key or SMART key;
(ii) Soft-Token via Authentication application by an approved vendor; or
(iii) Generated-Token via SMS by an approved cellular carrier.

(g) Soft, Hard or Static Token(s) for User Backup, Emergency, Offline and Recovery access; and
(h) Any protocol as it may exist from time-to-time by the duly authorized of Colletti Tech with Affiliates, Distributors, Manufacturers, Partners, Vendors and Suppliers.

Strictly prohibited, no one person (“User”) shall disclose, exchange or offer their credentials to another person. Upon a request to modify or reset user account credentials, Colletti Tech reserves all rights to require such user to provide valid identification or refuse the request. Hereof any agreement breach, security violation or unauthorized access of an account and data shall result in the immediate Termination for Cause of such Client Account and all associated user accounts. Therefore a Termination for Cause shall be considered a willful act of negligence of protocol and may result in possible criminal prosecution within a Court of Law to the fullest extent of all applicable laws and governing statues.

Section 7: Enforcement of Policy
This written Security Policy shall be enforced by Colletti Tech LLC, which includes on the information surrendered by subsidiaries, affiliates, successors, vendors, distributors and assigns. Upon a breach with or without damages of this agreement, Colletti Tech shall reserve all rights to pursue civil relief in the courts. To the fullest extent of the law, Colletti Tech shall reserve all rights to pursue criminal, unlawful and negligent acts within a court of law.