P Security Policy
Policy of Security
For Public Release
Friday, April 5, 2019
Effective: Monday, October 1, 2018
Whereas to safeguard the security of all data, persons, property and systems, the “User” willfully and voluntarily enters into with Colletti Tech LLC, herein the “Company”, “Host” or “Service Provider”, this Policy of Security; hereinafter “Security Policy”, “InfoSec”, “Policy” and “Agreement”. The definition of a “User” for this agreement, shall hereinafter be all “Persons”, “Entities”, “Customers”, “Affiliates”, “Employees” and “Members” with or without an user account; who accesses information from the technology systems of Colletti Tech LLC or such related data. This Domain (“Colletti-Tech.com”), Website (the “Site”), Tenant (the “Root”, “Domain” or “Domain Controller”), Electronic Access Device (“Device”, “Workstation”, “Server” or “Systems”) and electronic services (the “Services”) is offered by Colletti Tech LLC (“Colletti Tech”) to you, strictly conditioned on your acceptance without modification of the terms, conditions, policies, notices and legal regulations contained herein (the “Terms and Conditions”). Your use of the domain, website, tenant, systems and services constitutes your agreement to all such Terms and Conditions. Under this Agreement, the “User” agrees to the binding terms and conditions as follows:
Section 1: Guarantee of Use
Whereas unconditional and without modification, the “User” hereby issues a Guarantee of Use (“Guarantee”), which hereinafter shall include acceptable use within the Terms of Service and lawful use to Colletti Tech LLC. Herein, this Guarantee shall be effective for all Services and Products offered by Colletti Tech including our affiliates, distributors, vendors and partners. In addition, this policy shall govern all domains, devices, websites, tenants, systems and services managed or owned by Colletti Tech LLC.
Section 2: Warranty against Unlawful Use
Whereas the User, under no duress and voluntarily warrants to Colletti Tech LLC against actions and usage which is Abusive, Fraudulent or Unlawful. Defined by policy and pursuant to the statues of the Computer Fraud and Abuse Act (18 U.S.C. § 1030), the following use of services or products shall hereinafter be classified as prohibited at all times:
(a) Credit, Currency, Transmitter, Money and Investment services;
(b) Crypto, Digital, Virtual or any currency that is not legal tender, including the use and storage hereof;
(c) Copyright, Intellectual Property, Trademark and Service Mark infringement hereof;
(d) Confidential, Personal, Protected, Proprietary or Rights Reserve breach, infringement and violation;
(e) Counterfeit or Fraudulent items, goods, products, sales and services;
(f) Gambling, Betting or Bribing in any capacity including personal, business and professional;
(g) Regulated Items, Goods, Practices and Services by exporting regulations, jurisdiction laws;
(h) Indecent Exposer, Pornography, Nudity and Obscene content, items, photos, products and services of any person regardless of age;
(i) Schemes to Defraud, Deceive, Scam, “Get-Rich Quick” or No Value Added services;
(j) Alcohol, Drug, Narcotic, Pseudo, Pharmaceutical and Paraphernalia goods and/or items;
(k) Discriminatory, Harassing, Vulgar, and/or Sexual;
(l) Export, Import, Trade or Transportation of Animals, Alcohol, Currency, Drugs;
(m) Unless stated in writing from the Duly Authorized, use by an unaffiliated Information Technology company;
(n) Use of authorized, distributed and sold third-party Services or Products from Affiliates, Distributors, Manufacturers, Partners, Vendors and Suppliers approved by Colletti Tech LLC, in such manner inconsistent with its intended usage, expressed purpose, terms, conditions, unlawful in any jurisdiction or prohibited from said third-party;
(o) Use of Services or Products from Colletti Tech LLC, in such manner inconsistent with its intended usage, expressed purpose or that is unlawful in any jurisdiction shall be prohibited.
Hereof any breach of prohibited uses as classified, it shall result in the immediate Termination for Cause of such Client or User account by willful act of negligence, with possible prosecution for criminal negligence within a Court of Law; to the fullest extent of all applicable laws and governing statues.
Section 3: Monitoring of Activities
Whereof accessing any Electronic Access Device (“Computer”, “Device”, “Network”, “System” or “Server”) within control of Colletti Tech LLC, all activities conducted by a Person shall be subject to monitoring pursuant to the Privacy Act (5 U.S.C. § 552). As permitted by law, such activities hereinafter shall be audited, logged and placed into retention between five to ten years.
Section 4: Classification of Data
Pursuant to the statues and laws of the Commonwealth of Pennsylvania and the United States of America, including adherence to the regulations of the Information Technology industry, Colletti Tech LLC shall hereinafter place into full effect the following Classification of Data (“Data Classification” or “Classification”). Whereas an interest in this subject matter exists, all interested Parties agree without modification that all communication, data or information shall be issued a classification level. Herein of such related items is pertained, all digital, electronic, handwritten, oral or physical communication, data, documents, information, records shall hereby be classified within one or more levels:
(a) Secret: Pursuant to the statues of 18 U.S.C. § 1832, herein is trade secrets, processes, operations, style of works, or apparatus, or to the production, sales, shipments, purchases, transfers, identification of persons, inventories, accounts, or amount or source of any income, profits, losses, or expenditures of any person, firm, partnership, corporation, or other organization, or other commercial value, the disclosure of which would have substantial harm and irreplicable damages of impairing the ability to obtain such information as is necessary to perform its statutory functions, or causing substantial harm to the competitive position of the person, firm, partnership, corporation, or other organization from which the information was obtained. Whereas data or information is classified as “Secret”, such shall be strictly controlled by the Managing Member and elected Members of Colletti Tech LLC as the duly authorized to safeguard the records;
(b) Confidential: Pursuant to 19 C.F.R. § 201.6, concerns or relates to the trade secrets, processes, operations, style of works, or apparatus, or to the production, sales, shipments, purchases, transfers, identification of customers, inventories, or amount or source of any income, profits, losses, or expenditures of any person, firm, partnership, corporation, or other organization, or other information of commercial value, the disclosure of which is likely to have the effect of either impairing the ability to obtain such information as is necessary to perform its statutory functions, or causing substantial harm to the competitive position of the person, firm, partnership, corporation, or other organization from which the information was obtained;
(c) Proprietary: Pursuant to 15 U.S.C. § 5308, shall be any trade secrets or commercial or financial information that is privileged or confidential, which is obtained from a company;
(d) Health Record: Colletti Tech LLC as defined under the security rule of business associates within the Health Insurance Portability and Accountability Act (“HIPAA” ), therefore all such Protected Health Information (“PHI”) pursuant to 45 C.F.R. §§ 160-164, protects all “individually identifiable health information” held or transmitted by a covered entity or its business associate within the statues of 45 C.F.R. § 164.502(e), 45 C.F.R. § 164.504(e) and 45 C.F.R. § 164.532(d) in any form or media, whether electronic, paper, or oral;
(e) Personal: Also known as Personally Identifiable Information (“PII”) is any information about an individual person, maintained by an agency, including information that can be used to distinguish or trace an identity. Set forth, the name, social security number, date of birth, place of birth, mother’s maiden name, biometric records and information that is linked or linkable to an individual, such as medical, educational, financial, and employment information;
(f) Public Release: Data or Information that is considered not to cause harm, including reclassified and unrestricted releases, to a person, firm, partnership, corporation, or other organization from which the information was obtained.
Section 5: Transmission of Data
Hereof transmitting, monitoring or receiving any form of data, Colletti Tech LLC shall enforce the necessary encryption and security protocols on such traffic communications and electronic access systems. Herein as mandated, the following protocols shall hereby be placed into production:
(a) Standard X.509 Certificates;
(b) Symmetric 256-bit encryption;
(c) RSA public and private tokens;
(d) SHA-2 algorithm (hash functions: 256, 384, 512);
(e) ECC cryptography (hash functions: 256, 384);
(f) SSL 2048-bit public key encryption.
Notwithstanding the necessary controls, protocols or standards, all rights to refuse the transmission of data shall be reserved by Colletti Tech LLC and such affiliates.
Section 6: Obligation to Protocol
All persons who are authorized Account Holders (“Client”), or obtained valid User Credentials (“User”), shall hereinafter conform without modification to security protocols as enforced. Such protocols as defined shall include, however not limited to acceptable use of Usernames, Email Addresses and Passwords (“Credentials”). Pursuant to jurisdiction statutes, Affiliates, Distributors, Manufacturers, Partners, Vendors, Suppliers and Colletti Tech LLC, all Clients and Users hereby grant their consent to adhere to protocol. Furthermore, if the privilege of elevated-rights (e.g. “Root”, “Administrator”, “System” & etc) has been granted to an User, they shall have the responsibility to configure and be within compliance of relevant Multi-Factor Authentication (“MFA”). Set forth, to protect all established User Accounts, the following protocols shall hereinafter be mandatory:
(a) Email Address shall be required in place of Display Name for User Login;
(b) Display Name may not be identical to Email Address;
(c) Password may not be identical nor similar to Display Name or Email Address;
(d) Passwords shall require a minimum of eight or more alphanumeric characters (encoding of “en-US” or “UTF8MB4”) composed with one capital-letter, lowercase-letter, number and special character;
(e) Identifiable personal information on record, such that is unique to the account holder:
(i) Date of Birth;
(ii) Tax Identification Number;
(iii) Physical Address;
(iv) Phone Number;
(v) Payment Information.
(f) Multi-Factor Authentication shall require a generated token, supporting SHA-256 with a six-digit numerical sequence timed at thirty seconds as hereinafter defined:
(i) Hard-Token via USB port or SMART Key;
(ii) Soft or Pushed-Token via Microsoft Authenticator or Google Authenticator;
(iii) Generated-Token via SMS by an approved cellular carrier.
(g) Soft, Hard or Static Token(s) for User Backup, Emergency, Offline and Recovery access;
(h) Any protocol as it may exist from time-to-time by the duly authorized of Colletti Tech LLC with Affiliates, Distributors, Manufacturers, Partners, Vendors and Suppliers.
Strictly prohibited, no one person (“User”) shall disclose, exchange or offer their credentials to another person. Upon a request to modify or reset the credentials of an user, Colletti Tech LLC reserves the legal authority to require such user to provide valid identification (e.g. “Drivers License”, “Identification Card”, “Passport” & etc). Hereof any agreement breach, security violation or unauthorized access of an User Account and Data shall result in the immediate Termination for Cause of such Client Account and all associated User Accounts. Therefore a Termination for Cause shall be considered a willful act of negligence of protocol and may result in possible criminal prosecution within a Court of Law to the fullest extent of all applicable laws and governing statues.
Section 7: Enforcement of Policy
This written Information Security Policy shall be enforced by Colletti Tech LLC as the service provider, which includes but not limited to subsidiaries, affiliates, successors, vendors, distributors and assigns. Upon a breach of this written document by a User, titled “Security Policy”, shall result in civil relief of damages with criminal prosecution for negligence within a Court of Law; to the fullest extent of all applicable laws and governing statues.
Section 8: Choice of Applicable Law
Conditions and terms written within this agreement, shall be interpreted pursuant to the laws and statues of the County of Montgomery in the Commonwealth of Pennsylvania of the United States of America.
Section 9: Severability of Provisions
In case any one or more of the provisions of this Agreement be held for any reason to be invalid, illegal, or unenforceable in any respect, that invalidity, illegality, or unenforceability shall not affect any other provisions of this Agreement, and this Agreement shall be construed as if the invalid provision(s) had never been contained in this Agreement, provided that those provision(s) shall be curtailed, limited, or eliminated only to the extent necessary to remove the invalidity, illegality, or unenforceability.
Section 10: Agreement to No Waiver
No waiver by Colletti Tech LLC of any breach by a User of any provision of this Agreement shall be deemed a waiver of any preceding or succeeding breach of this Agreement. No waiver shall be effective unless it is in writing, and then only to the extent expressly set forth in such writing.
Section 11: Entirety of Agreement
This instrument is the entire agreement, and no oral agreements have been entered. As mandated by the Duly Authorized Members of Colletti Tech LLC, this agreement may be altered and enforced by a written order signed by the Company and hereunto a notice provided to Users of such amendment. A printed version of this agreement, any notice issued in electronic form and binding documents electronically-signed then dated shall be admissible pursuant to federal statute 15 U.S.C. § 7001, in judicial or administrative proceedings based upon or relating to this agreement; whereas subject to the same conditions and extent as any binding documents and records originally generated, maintained in printed form and affixed with a handwritten signature. All agreements, communications, documents, records or any related documents shall be transmitted and written in the Language of English.
In witness whereof, the “User” electronically-acknowledges in agreement this document upon their use of this Domain, Website, Tenant, Systems, Services Provided and Rendered. With the acknowledgement as the electronic-signature hereunto affixed, it shall signify the binding, execution and receipt of this written-agreement hereinafter titled the “Policy of Security”.