1.1. Security is as important to LeaseWeb as it is to its Customers. For this reason, LeaseWeb has established standards and information security
requirements for all networks and Infrastructure deployed in a LeaseWeb Datacenter and the Network, including standards for the basic
configuration of Infrastructure, the use of passwords and the use of effective virus detection and prevention.
1.2. The Security Policy is intended to minimize the risk of unauthorized use of, loss of, or damage to Infrastructure, data or technology,
confidential information, or Intellectual Property Rights.
2.1. Customer is advised (i) to back‐up (critical) data and system configurations on a regular basis and store such data in a safe place, and (ii) not
to connect its Infrastructure via a wireless connection, (iii) to keep the Software operated or used on the Infrastructure is up to date, and
accordingly to install updates and patches on a regular basis without undue delay after becoming available, (iv) to operate and/or use
adequate anti‐Virus Software on the Infrastructure at regular intervals (at least on a daily basis).
2.2. Customer shall ensure that its Infrastructure cannot and does not operate from uncontrolled networks.
2.3. Customer is required to change its password the moment it starts using the Services or its Infrastructure is activated and Customer is
responsible for changing the password regularly. In general, secure passwords are at least eight (8) characters long, contain letters of mixed
case and non‐letter characters, and cannot be found in whole or in part, in normal or reverse order, in any dictionary of words or names in
3.1. Customer shall log all security‐related events on critical or sensitive systems, and save the related audit trails, for at least one (1) month.
3.2. Customer shall immediately report any security‐related event to LeaseWeb’s NOC and follow any directions given by LeaseWeb’s NOC as may
be required to contain or correct the event.
3.3. For the purpose of this section, security‐related events shall include, but not be limited to: (i) Port‐scan attacks; (ii) unauthorized access to
privileged accounts; and (iii) anomalous occurrences that are not related to specific applications on the host.