Sales: (713) 804-6859

Customer Support: (713) 490-5000

Request A Quote

CITOC Service Statement

This Service Statement contains provisions that define, clarify, and govern the services described in the quote provided to you (the “Quote”).  If you do not agree with the terms of this Service Statement, you should not sign the Quote and you must contact us for more information.

This Service Statement is our “owner’s manual” that generally describes all managed services provided or facilitated by CITOC, Inc. (“CITOC”); however, only those services specifically described in the Quote will be facilitated and/or provided to you (collectively, the “Services”).  Activities or items that are not specifically described in the Quote will be out of scope and will not be included unless otherwise agreed to by us in writing. 

 

This Service Statement contains important provisions pertaining to the auto-renewal of the Services in your Quote, as well as fee increases that may occur from time-to-time.  Please read this Service Statement carefully and keep a copy for your records.

 

Ongoing / Recurring Services

Ongoing/recurring services are services that are provided to you on an ongoing basis and, unless otherwise indicated in a Quote, are billed to you monthly. Ongoing services generally begin upon the completion of onboarding services; therefore, any delays or interruptions to the onboarding services may delay the commencement of ongoing/recurring services.  

Managed Services

The following Services, if listed in the Quote, will be provided to our client.

SERVICES GENERAL DESCRIPTION
Remote Monitoring and Management  

Software agents installed in Covered Equipment (defined below) report status and events on a 24×7 basis; alerts are generated and responded to in accordance with the Service Levels described below.  
 

Backup and Disaster Recovery

  

  • If no backup system exists or if the existing system is inadequate a new system will be quoted.
  • 24/7 monitoring of backup system, including offsite backup, offsite replication, and an onsite backup appliance (“Backup Appliance”) 
  • Troubleshooting and remediation of failed backup disks
  • Preventive maintenance and management of imaging software
  • Firmware and software updates of backup appliance
  • Problem analysis by the network operations team
  • Monitoring of backup successes and failures
  • Daily recovery verification

 

Backup Data Security:  All backed up data is encrypted in transit and at rest in 256-bit AES encryption.  All facilities housing backed up data implement physical security controls and logs, including security cameras, and have multiple internet connections with failover capabilities.

 

Backup Retention:  Backed up data will be retained for one year unless stated otherwise in a quote.

 

Backup Alerts: Managed servers will be configured to inform of any backup failures.

 

Recovery of Data: If you need to recover any of your backed up data, then the following procedures will apply:

  • Service Hours: Backed up data can be requested during our normal business hours, which are currently 8:00 a.m. to 5:00 p.m. CST.
  • Request Method.  Requests to restore backed up data should be made through one of the following methods:
  • Restoration Time: We will endeavor to restore backed up data as quickly as possible following our receipt of a request to do so; however, in all cases data restoration services are subject to technician availability.  Generally, we can restore between 0 and 100MB of data within 4 hours of your request, and 100 MB to 500 MB within 8 hours of your request.  Data restoration exceeding 500 MB will be handled in accordance with technician availability.  This is also dependent on the bandwidth of the internet service provided to the client.

 
Updates & Patching  

  • Deploy updates (e.g., x.1 to x.2), as well as bug fixes, minor enhancements, and security updates as deemed necessary on all managed hardware.
  • Perform minor hardware and software installations and upgrades of managed hardware.
  • Perform minor installations (i.e., tasks that can be performed remotely and typically take less than thirty (30) minutes to complete).
  • Deploy, manage, and monitor the installation of approved service packs, security updates and firmware updates as deemed necessary on all applicable managed hardware.
Firewall Solution  

  • If a FIPS 140-2 compliant firewall exists then it will be configured for your organization’s specific bandwidth, remote access, and user needs if necessary.  If not, a firewall will be quoted.
  • Helps to prevent hackers from accessing internal network(s) from outside the network(s), while providing secure and encrypted remote network access; provides antivirus scanning for all traffic entering and leaving the managed network; provides website content filtering functionality.
Email Threat Protection  

  • If no email threat protection exists or if the existing systems are inadequate a new system will be quoted.
  • Managed email protection from phishing, business email compromise (BEC), SPAM, and email-based malware.
  • Friendly Name filters to protect against social engineering impersonation attacks on managed devices.
  • Protection against social engineering attacks like whaling, CEO fraud, business email compromise or W-2 fraud.
  • Protects against newly registered and newly observed domains to catch the first email from a newly registered domain.
  • Protects against display name spoofing.
  • Protects against “looks like” and “sounds like” versions of domain names.
End User Security Awareness Training  

  • If no security awareness training exists a quote will be generated to provide it.
  • Online, on-demand training videos (multi-lingual).
  • Online, on-demand quizzes to verify employee retention of training content.
  • Baseline testing to assess the phish-prone percentage of users; simulated phishing email campaigns designed to educate employees about security threats.
Two Factor Authentication  

  • If two factor authentication does not exist a quote for it will be provided.
  • Advanced two factor authentication with advanced admin features.
  • Secures on-premises and cloud-based applications.
  • Permits custom access policies based on role, device, location.
  • Identifies and verifies device health to detect “risky” devices
Labor for New / Replacement Workstations  

Includes all labor charges for setup of new workstations, or replacement of existing workstations. 

  • Labor covers:
    • New computers / additional computers added during the term of the Quote.
    • Existing computers to be re-configured for new users

 

The following restrictions apply:

  • Upgrades or installs of new or replacement computers or reconfiguring of existing  systems are limited to a total of three (3) devices per month unless otherwise approved in advance by CITOC.
  • New/replacement computers must be business-grade machines (not home) from a major manufacturer like Dell, HPE, or Lenovo

 

 

Covered Equipment / Hardware / Software

Managed Services will be applicable to servers, pc’s, firewalls, backup devices, switches, routers and wireless access points to the extent that the client agrees to.  

We will provide support for any software applications that are licensed through us. Such software (“Supported Software”) will be supported on a “best efforts” basis only, and any support required beyond Level 2-type support will be facilitated with the applicable software vendor/producer.  Coverage for non-Supported Software is outside of the scope of this SOW. Should our technicians provide you with advice concerning non-Supported Software, the provision of that advice should be viewed as an accommodation, not an obligation, to you.

 

Physical Locations Covered by Services

Services will be provided remotely unless, in our discretion, we determine that an onsite visit is required.  Onsite visits will be scheduled in accordance with the priority assigned to the issue (below) and are subject to technician availability.  Unless we agree otherwise, all onsite Services will be provided at Client’s primary office location listed in the Quote.  Additional fees may apply for onsite visits: Please review the Service Level section below for more details.

Term; Termination

The Services will commence, and billing will begin, on the date indicated in the Quote (“Commencement Date”) and will continue through the initial term listed in the Quote (“Initial Term”). We reserve the right to delay the Commencement Date until all onboarding/transition services (if any) are completed, and all deficiencies / revisions identified in the onboarding process (if any) are addressed or remediated to CITOC’s satisfaction.  

The Services will continue through the Initial Term until terminated as provided in the Agreement, the Quote, or as indicated in this section (the “Service Term”).

Auto-Renewal.  After the expiration of the initial Service Term, the Service Term will automatically renew for contiguous terms equal to the initial Service Term unless either party notifies the other of its intention to not renew the Services no less than thirty (30) days before the end of the then-current Service Term.

Microsoft NCE Licensing: Regardless of the reason for the termination of the Services, you will be required to pay for all NCE Licenses that we acquire on your behalf. Please see “Microsoft Licensing Fees” in the Fees section below for more details.

Assumptions / Minimum Requirements / Exclusions

The scheduling, fees and provision of the Services are based upon the following assumptions and minimum requirements: 

  • Server hardware must be under current warranty coverage.
  • All equipment with Microsoft Windows® operating systems must be running then-currently supported versions of such software and have all of the latest Microsoft service packs and critical updates installed.
  • All software must be genuine, licensed and vendor supported.
  • Server file systems and email systems (if applicable) must be protected by licensed and up-to-date virus protection software.
  • The Environment must have a currently licensed, vendor-supported server-based backup solution that can be monitored.
  • All wireless data traffic in the environment must be securely encrypted.
  • There must be an outside static IP address assigned to a network device, allowing VPN/RDP control access. 
  • All servers must be connected to working UPS devices.
  • Recovery coverage assumes data integrity of the backups, or the data stored on the backup devices.  We do not guarantee the integrity of the backups, or the data stored on the backup devices.  Server restoration will be to the point of the last successful backup. 
  • Client must provide all software installation media and key codes in the event of a failure.
  • Any costs required to bring the Environment up to these minimum standards are not included in this Service Statement.
  • Client must provide us with exclusive administrative privileges to the Environment.
  • Client must not affix or install any accessory, addition, upgrade, equipment, or device on to the firewall, server, or NAS appliances (other than electronic data) unless expressly approved in writing by us. 

 

Exclusions:  Services that are not expressly described in the Quote will be out of scope and will not be provided to Client unless otherwise agreed, in writing, by CITOC.  Without limiting the foregoing, the following services are expressly excluded, and if required to be performed, must be agreed upon by CITOC in writing:

  • Customization of third-party applications, or programming of any kind.
  • Support for operating systems, applications, or hardware no longer supported by the manufacturer.
  • Data/voice wiring or cabling services of any kind.
  • Service and repair made necessary by the alteration or modification of equipment.
  • Rebuilding of computers due to files or programs that have been downloaded from inappropriate, non-business-related sites.  File types include but are not limited to, streaming media, music downloads, peer file sharing, and pornographic sites.
  • Training services of any kind.
  • Battery backup replacement.
  • Equipment relocation.
  • The cost to bring the Environment up to the Minimum Requirements (unless otherwise noted in “Scope of Services” above).
  • The cost of repairs to hardware or any supported equipment or software, or the costs to acquire parts or equipment, or shipping charges of any kind.

 

Service Levels

Automated monitoring is provided on an ongoing (i.e., 24x7x365) basis; response, repair, and/or remediation services (as applicable) will be provided only during business hours unless otherwise specifically stated in the Quote.  We will respond to problems, errors, or interruptions in the provision of the Services in the timeframe(s) described below.   Severity levels will be determined by CITOC in our discretion after consulting with the Client.  All remediation services will initially be attempted remotely; CITOC will provide onsite service only if remote remediation is ineffective and, under all circumstances, only if covered under the Service plan selected by Client.

 

 

Issue Priority

Level

 Response

Time

 Resolution

Plan

 Target

Resolution
 

All Functionality Unavailable or VIP Issue

  • Primary server or system is down
  • Network switching is offline
  • ISP is offline
  • Major interruption in WAN Infrastructure
  • Executive level interruption (CEO, President, VIP (list to be provided by Client)
  • Major line of business application offline
  • Systems are in failover mode
  

1

 Within

30 Minutes

 1 Hour 4 Hours or

Less
 

Work Stoppage – Limited to an individual or department

  • Important application or system id down, but is limited to a single department or area
  • Branch office systems are offline, or WAN system link is down to Corporate HQ
  • Major network latency or switching issue that is isolated to a segment of the network
  • Primary application is offline, but not essential
  • Minor system wide latency or ISP issue
  • Backup systems are repeatedly reporting issues or failures
  • User is locked out of their PC or Laptop
 2  

Within

1 Hour

 2 Hours  

8 Hours or

Less
 

Medium Issue or Limited Stoppage

  • Small section of network switching is down or suffering minor isolated latency
  • Backup Systems are reporting issues or failures for the first time
  • Issue is important, but can wait up to 2 business days for resolution
  • Issues is isolated to one person experiencing a business interruption
  • No network-based issues are associated with the problem, or it is not causing workflow issues
  • Possible issue with hardware or application, but alternative hardware of software will serve client needs for a short period of time – less than one week
  

3

 Within

1 Hour

  

4 Hours

 24 Hours or

Less
 

Low Priority Issue

  • General usage question
  • Future product enhancement, modification, or recommendation
 4  

Within

1 Hour

 8 Hours  

48 Hours or

Less
 

Request

  • Issues which have no impact on the quality, performance or functionality of any product or service at the customer site
  • Requests for new service or product requests
  • Issue can be addressed through scheduling
  

5

 Within

1 Hour

  

3 days

 5 Days or

Less

 

* All time frames are calculated as of the time that CITOC is notified of the applicable issue / problem by Client through CITOC’s email ticketing system, help desk, or by telephone at the telephone number listed in the Quote.  Notifications received in any manner other than described herein may result in a delay in the provision of remediation efforts. Help desk support provided outside of our normal support hours will be billed to Client at the hourly rate of$187.50 per hour, 1 hour minimum applies.

FEES

The fees for the Services will be as indicated in the Quote.

 

Changes to Environment.  Initially, you will be charged the monthly fees indicated in the Quote.  Thereafter, if the managed environment changes, or if the number of authorized users accessing the managed environment changes, then you agree that the fees will be automatically and immediately modified to accommodate those changes.  

Minimum Monthly Fees. The initial Fees indicated in the Quote are at or above the minimum monthly fees (“MMF”) that will be charged to you during the term.  The minimum monthly fee is $1,950 which covers up to fifteen (15) seats.  You agree that the amounts paid by you under the Quote will not drop below the MMF regardless of the number of users or devices to which the Services are directed or applied, unless we agree to the reduction.  All modifications to the amount of hardware, devices, or authorized users under the Quote (as applicable) must be in writing and accepted by both parties.  

Increases.  In addition, we reserve the right to increase our monthly recurring and data recovery fees; provided, however, if an increase is more than five percent (5%) of the fees charged for the Services in the prior calendar year, then you will be provided with a sixty (60) day opportunity to terminate the Services by providing us with written notice of termination. You will be responsible for the payment of all fees that accrue up to the termination date and all pre-approved, non-mitigatable expenses that we incurred in our provision of the Services through the date of termination.  Your continued acceptance or use of the Services after this sixty (60) day period will indicate your acceptance of the increased fees.

Travel Charge.  If onsite services are provided, we will travel inside Beltway 8 at no charge.  Travel outside of the Beltway 8 will incur a travel charge.

Automated Payment.  You may pay your invoices by credit card and/or by ACH, as described below.  If you authorize payment by credit card and ACH, then the ACH payment method will be attempted first.  If that attempt fails for any reason, then we will process payment using your designated credit card. 

    • ACH.  When enrolled in an ACH payment processing method, you authorize us to electronically debit your designated checking or savings account, as defined and configured by you in our payment portal, for any payments due under the Quote.  This authorization will continue until otherwise terminated in writing by you.  We will apply a $35.00 service charge to your account for any electronic debit that is returned unpaid due to insufficient funds or due to your bank’s electronic draft restrictions.
  • Credit Card.  When enrolled in a credit card payment processing method, you authorize us to charge your credit card, as designated by you in our payment portal, for any payments due under the Quote.  For the use of a credit card there will be a three percent (3%) uplift fee to pay for the expenses incurred in credit card payments to CITOC.
  • Check. You may pay by check provided that your check is delivered to us prior to the commencement of Services.  Checks that are returned to us as incorrect, incomplete, or “not sufficient funds” will be subject to a $50 administration fee and any applicable fees charged to us by your bank or financial institution.  

Microsoft Licensing Fees. The Services require that we purchase certain “per seat” licenses from Microsoft (which Microsoft refers to as New Commerce Experience or “NCE Licenses”) in order to provide you with one or more of the following applications: Microsoft 365, Dynamics 365, Windows 365, and Microsoft Power Platform (each, an “NCE Application”). To leverage the discounts offered by Microsoft for these applications and to pass those discounts through to you, we will purchase NCE Licenses for one (1) year terms for the NCE Applications required under the Quote. As per Microsoft’s requirements, NCE Licenses cannot be canceled once they are purchased and cannot be transferred to any other customer. Each NCE License that we purchase may require a one (1) or three (3) year term. For that reason, you understand and agree that regardless of the reason for termination of the Services, you are required to pay for all applicable NCE Licenses in full for the entire term of those licenses. Provided that you have paid for the NCE Licenses in full, you will be permitted to use those licenses until they expire, even if you move to a different managed service provider.

Additional Terms

Authenticity

Everything in the managed environment must be genuine and licensed including all hardware, software, etc. If we ask for proof of authenticity and/or licensing, you must provide us with such proof. All minimum hardware or software requirements as indicated in a Quote or this Services Statement (“Minimum Requirements”) must be implemented and maintained as an ongoing requirement of us providing the Services to you. 

 

Monitoring Services; Alert Services

Unless otherwise indicated in the Quote, all monitoring and alert-type services are limited to detection and notification functionalities only.  Monitoring levels will be set by CITOC, and Client shall not modify these levels without our prior written consent.

Remediation

Unless otherwise provided in the Quote, remediation services will be provided in accordance with the recommended practices of the managed services industry.  Client understands and agrees that remediation services are not intended to be, and will not be, a warranty or guarantee of the functionality of the Environment, or a service plan for the repair of any particular piece of managed hardware or software.

 

Configuration of Third-Party Services

Certain third-party services provided to you under this Service Statement may provide you with administrative access through which you could modify the configurations, features, and/or functions (“Configurations”) of those services.  However, any modifications of Configurations made by you without our knowledge or authorization could disrupt the Services and/or or cause a significant increase in the fees charged for those third-party services. For that reason, we strongly advise you to refrain from changing the Configurations unless we authorize those changes. You will be responsible for paying any increased fees or costs arising from or related to changes to the Configurations.

 

Dark Web Monitoring

Our dark web monitoring services utilize the resources of third-party solution providers.  Dark web monitoring can be a highly effective tool to reduce the risk of certain types of cybercrime; however, we do not guarantee that the dark web monitoring service will detect all actual or potential uses of your designated credentials or information.  

 

Modification of Environment

Changes made to the Environment without our prior authorization or knowledge may have a substantial, negative impact on the provision and effectiveness of the Services and may impact the fees charged under the Quote. You agree to refrain from moving, modifying, or otherwise altering any portion of the Environment without our prior knowledge or consent.  For example, you agree to refrain from adding or removing hardware from the Environment, installing applications on the Environment, or modifying the configuration or log files of the Environment without our prior knowledge or consent.

 

Co-Managed Environment

In co-managed situations (e.g., where you have designated other vendors or personnel, or “Co-managed Providers,” to provide you with services that overlap or conflict with the Services provided by us), we will endeavor to implement the Services an efficient and effective manner; however, (a) we will not be responsible for the acts or omissions of Co-Managed Providers, or the remediation of any problems, errors, or downtime associated with those acts or omissions, and (b) in the event that a Co-managed Provider’s determination on an issue differs from our position on a Service-related matter, we will yield to the Co-Managed Provider’s determination and bring that situation to your attention

 

Anti-Virus; Anti-Malware

Our anti-virus / anti-malware solution will generally protect the Environment from becoming infected with new viruses and malware (“Viruses”); however, Viruses that exist in the Environment at the time that the security solution is implemented may not be capable of being removed without additional services, for which a charge may be incurred.  We do not warrant or guarantee that all Viruses and malware will be capable of being detected, avoided, or removed, or that any data erased, corrupted, or encrypted by malware will be recoverable.  In order to improve security awareness, you agree that CITOC or its designated third-party affiliate may transfer information about the results of processed files, information used for URL reputation determination, security risk tracking, and statistics for protection against spam and malware. Any information obtained in this manner does not and will not contain any personal or confidential information. 

 

Breach/Cyber Security Incident Recovery

Unless otherwise expressly stated in the Quote, the scope of the Services does not include the remediation and/or recovery from a Security Incident (defined below).  Such services, if requested by you, will be provided on a time and materials basis under our then-current hourly labor rates.  Given the varied number of possible Security Incidents, we cannot and do not warrant or guarantee (i) the amount of time required to remediate the effects of a Security Incident (or that recovery will be possible under all circumstances), or (ii) that all data impacted by the incident will be recoverable.  For the purposes of this paragraph, a Security Incident means any unauthorized or impermissible access to or use of the Environment, or any unauthorized or impermissible disclosure of Client’s confidential information (such as user names, passwords, etc.), that (i) compromises the security or privacy of the information or applications in, or the structure or integrity of, the Environment, or (ii) prevents normal access to the Environment, or impedes or disrupts the normal functions of the Environment.

 

Environmental Factors 

Exposure to environmental factors, such as water, heat, cold, or varying lighting conditions, may cause installed equipment to malfunction.  Unless expressly stated in the Quote, we do not warrant or guarantee that installed equipment will operate error-free or in an uninterrupted manner.

 

Fair Usage Policy

Our Fair Usage Policy (“FUP”) applies to all Services that are described or designated as “unlimited.”  An “unlimited” service designation means that, subject to the terms of this FUP, you may use the service as reasonably necessary for you to enjoy the use and benefit of the service without incurring additional time-based or usage-based costs.  However, unless expressly stated otherwise in the Quote, all unlimited services are provided during our normal business hours only and are subject to our technicians’ availabilities, which cannot always be guaranteed.  In addition, we reserve the right to assign our technicians as we deem necessary to handle issues that are more urgent, critical, or pressing than the request(s) or issue(s) reported by you.  Consistent with this FUP, you agree to refrain from (i) creating urgent support tickets for non-urgent or non-critical issues, (ii) requesting excessive support services that are inconsistent with normal usage patterns in the industry (e.g., requesting support in lieu of training), (iii) requesting support or services that are intended to interfere, or may likely interfere, with our ability to provide our services to our other customers.  

Hosted Email

You are solely responsible for the proper use of any hosted email service provided to you (“Hosted Email”).  

Hosted Email solutions are subject to acceptable use policies (“AUPs”), and your use of Hosted Email must comply with those AUPs. In all cases, you agree to refrain from uploading, posting, transmitting or distributing (or permitting any of your authorized users of the Hosted Email to upload, post, transmit or distribute) any prohibited content, which is generally content that (i) is obscene, illegal, or intended to advocate or induce the violation of any law, rule or regulation, or (ii) violates the intellectual property rights or privacy rights of any third party, or (iii) mischaracterizes you, and/or is intended to create a false identity or to otherwise attempt to mislead any person as to the identity or origin of any communication, or (iv)  interferes or disrupts the services provided by CITOC or the services of any third party, or (v) contains Viruses, trojan horses or any other malicious code or programs.  In addition, you must not use the Hosted Email for the purpose of sending unsolicited commercial electronic messages (“SPAM”) in violation of any federal or state law.  CITOC reserves the right, but not the obligation, to suspend Client’s access to the Hosted Email and/or all transactions occurring under Client’s Hosted Email account(s) if CITOC believes, in its discretion, that Client’s email account(s) is/are being used in an improper or illegal manner.  

 

Patch Management

We will keep all managed hardware and managed software current with critical patches and updates (“Patches”) as those Patches are released generally by the applicable manufacturers.  Patches are developed by third party vendors and, on rare occasions, may make the Environment, or portions of the Environment, unstable or cause the managed equipment or software to fail to function properly even when the Patches are installed correctly.  We will not be responsible for any downtime or losses arising from or related to the installation or use of any Patch.  We reserve the right, but not the obligation, to refrain from installing a Patch if we are aware of technical problems caused by a Patch, or we believe that a Patch may render the Environment, or any portion of the Environment, unstable.  In order for clients systems to be patched their systems must be left on and connected to the environment for patching to occur in an overnight windows of time so as not to interfere with your employees daily work.

 

Backup (BDR) Services

All data transmitted over the Internet may be subject to malware and computer contaminants such as viruses, worms and trojan horses, as well as attempts by unauthorized users, such as hackers, to access or damage Client’s data.  Neither CITOC nor its designated affiliates will be responsible for the outcome or results of such activities. 

BDR services require a reliable, always-connected internet solution.  Data backup and recovery time will depend on the speed and reliability of your internet connection.  Internet and telecommunications outages will prevent the BDR services from operating correctly.  In addition, all computer hardware is prone to failure due to equipment malfunction, telecommunication-related issues, etc., for which we will be held harmless.  Due to technology limitations, all computer hardware, including communications equipment, network servers and related equipment, has an error transaction rate that can be minimized, but not eliminated.  CITOC cannot and does not warrant that data corruption or loss will be avoided, and Client agrees that CITOC shall be held harmless if such data corruption or loss occurs.  Client is strongly advised to keep a local backup of all stored data to mitigate against the unintentional loss of data.

 

Procurement

Equipment and software procured by CITOC on Client’s behalf (“Procured Equipment”) may be covered by one or more manufacturer warranties, which will be passed through to Client to the greatest extent possible.  By procuring equipment or software for Client, CITOC does not make any warranties or representations regarding the quality, integrity, or usefulness of the Procured Equipment.  Certain equipment or software, once purchased, may not be returnable or, in certain cases, may be subject to third party return policies and/or re-stocking fees, all of which shall be Client’s responsibility in the event that a return of the Procured Equipment is requested.  CITOC is not a warranty service or repair center.  CITOC will facilitate the return or warranty repair of Procured Equipment; however, Client understands and agrees that (i) the return or warranty repair of Procured Equipment is governed by the terms of the warranties (if any) governing the applicable Procured Equipment, for which CITOC will be held harmless, and (ii) CITOC is not responsible for the quantity, condition, or timely delivery of the Procured Equipment once the equipment has been tendered to the designated shipping or delivery courier.

 

Quarterly Business Review; IT Strategic Planning

Suggestions and advice rendered to Client are provided in accordance with relevant industry practices, based on Client’s specific needs and CITOC’s opinion and knowledge of the relevant facts and circumstances.  By rendering advice, or by suggesting a particular service or solution, CITOC is not endorsing any particular manufacturer or service provider.  

 

vCIO Services

The advice and suggestions provided us in our capacity as a virtual chief information officer will be for your informational and/or educational purposes only.  CITOC will not hold an actual director or officer position in Client’s company, and we will neither hold nor maintain any fiduciary realtionship with Client.  Under no circumstances shall Client list or place the CITOC on Client’s corporate records or accounts.  

 

Sample Policies, Procedures

From time to time, we may provide you with sample (i.e., template) policies and procedures for use in connection with Client’s business (“Sample Policies”).  The Sample Policies are for your informational use only, and do not constitute or comprise legal or professional advice, and the policies are not intended to be a substitute for the advice of competent counsel.  You should seek the advice of competent legal counsel prior to using or distributing the Sample Policies, in part or in whole, in any transaction.  We do not warrant or guarantee that the Sample Policies are complete, accurate, or suitable for your (or your customers’) specific needs, or that you will reduce or avoid liability by utilizing the Sample Policies in your (or your customers’) business operations.

 

Penetration Testing; Vulnerability Assessment

You understand and agree that security devices, alarms, or other security measures, both physical and virtual, may be tripped or activated during the penetration testing process, despite our efforts to avoid such occurrences.  You will be solely responsible for notifying any monitoring company and all law enforcement authorities of the potential for “false alarms” due to the provision of the penetration testing services, and you agree to take all steps necessary to ensure that false alarms are not reported or treated as “real alarms” or credible threats against any person, place or property.  Some alarms and advanced security measures, when activated, may cause the partial or complete shutdown of the Environment, causing substantial downtime and/or delay to your business activities.  We will not be responsible for any claims, costs, fees or expenses arising or resulting from (i) any response to the penetration testing services by any monitoring company or law enforcement authorities, or (ii) the partial or complete shutdown of the Environment by any alarm or security monitoring device.  

 

No Third Party Scanning

Unless we authorize such activity in writing, you will not conduct any test, nor request or allow any third party to conduct any test (diagnostic or otherwise), of the security system, protocols, processes, or solutions that we implement in the managed environment (“Testing Activity”).  Any services required to diagnose or remediate errors, issues, or problems arising from unauthorized Testing Activity is not covered under the Quote, and if you request us (and we elect) to perform those services, those services will be billed to you at our then-current hourly rates.

 

HaaS

You will use all CITOC-hosted or CITOC-supplied equipment and hardware (collectively, “Infrastructure”) for your internal business purposes only.  You shall not sublease, sublicense, rent or otherwise make the Infrastructure available to any third party without our prior written consent.  You agree to refrain from using the Infrastructure in a manner that unreasonably or materially interferes with our other hosted equipment or hardware, or in a manner that disrupts or that is likely to disrupt the services that we provide to our other clientele.  We reserve the right to throttle or suspend your access and/or use of the Infrastructure if we believe, in our sole but reasonable judgment, that your use of the Infrastructure is violates the terms of the Quote, this Service Statement, or the Agreement.

Obsolescence

If at any time any portion of the managed environment becomes outdated, obsolete, reaches the end of its useful life, or acquires “end of support” status from the applicable device’s or software’s manufacturer (“Obsolete Element”), then we may designate the device or software as “unsupported” or “non-standard” and require you to update the Obsolete Element within a reasonable time period.  If you do not replace the Obsolete Element reasonably promptly, then in our discretion we may (i) continue to provide the Services to the Obsolete Element using our “best efforts” only with no warranty or requirement of remediation whatsoever regarding the operability or functionality of the Obsolete Element, or (ii) eliminate the Obsolete Element from the scope of the Services by providing written notice to you (email is sufficient for this purpose).  In any event, we make no representation or warranty whatsoever regarding any Obsolete Element or the deployment, service level guarantees, or remediation activities for any Obsolete Element.  

 

Hosting Services

You agree that you are responsible for the actions and behaviors of your users of the Services. In addition, you agree that neither Client, nor any of your employees or designated representatives, will use the Services in a manner that violates the laws, regulations, ordinances, or other such requirements of any jurisdiction.  

 

In addition, Client agrees that neither it, nor any of its employees or designated representatives, will: transmit any unsolicited commercial or bulk email, will not engage in any activity known or considered to be “spamming” and  carry out any “denial of service” attacks on any other website or Internet service; infringe on any copyright, trademark, patent, trade secret, or other proprietary rights of any third party; collect, attempt to collect, publicize, or otherwise disclose personally identifiable information of any person or entity without their express consent (which may be through the person or entity’s registration and/or subscription to Client’s services, in which case Client must provide a privacy policy which discloses any and all uses of information that you collect) or as otherwise required by law; or, undertake any action which is harmful or potentially harmful to CITOC or its infrastructure.

Client is solely responsible for ensuring that its login information is utilized only by Client and Client’s authorized users and agents. Client’s responsibility includes ensuring the secrecy and strength of user identifications and passwords. CITOC shall have no liability resulting from the unauthorized use of Client’s login information.  If login information is lost, stolen, or used by unauthorized parties or if Client believes that any hosted applications or hosted data has been accessed by unauthorized parties, it is Client’s responsibility to notify CITOC immediately to request the login information be reset or unauthorized access otherwise be prevented. CITOC will use commercially reasonable efforts to implement such requests as soon as practicable after receipt of notice.

Licenses

If we are required to re-install or replicate any software provided by you as part of the Services, then it is your responsibility to verify that all such software is properly licensed. We reserve the right, but not the obligation, to require proof of licensing before installing, re-installing, or replicating software into the managed environment.  The cost of acquiring licenses is not included in the scope of the Quote unless otherwise expressly stated therein.