Quality Control Policy


Preamble HEZIO Technology Limited Company, "The Company", "Company" is committed to providing a Quality service, which consistently & continuously meets the requirements of its customers whilst protecting assets under its care, its employees and the environment in general.

This is achieved by establishing a culture of quality, security and customer-focus. Employees, contractors, suppliers and contributors ("stakeholders") are required to adhere to this program.

Quality Principals

We have enacted the following principals in our operations:

Roles and Responsibilities

All Company employees, contractors and suppliers are responsible for implementing the Company’s Quality Policy.

The Company’s management is responsible for monitoring and reviewing the Quality Policy at regular intervals in order to ensure that it remains relevant and effective.

Security Program

Reporting Abuse Please submit all abuse complaints to abuse at hostez dot i o.

Submitting a vulnerability If you would like to report a vulnerability or have a security concern regarding, please contact us at noc at hostez dot io. So that we may more effectively respond to your report, please provide any supporting material (proof-of-concept code, tool output, etc.) that would be useful in helping us understand the nature and severity of the vulnerability.

If you wish to protect the contents of your submission, you may use our PGP key:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBGIKtL0BCACR3q5lsLaK4vdWxvMSqiuQqjB+8FaSf52FtkZtabIvLbZ62bQe y3/GuSgYk4rkeU51GAUCYjW6HqquPLmOExyNTYrf2GkP5K+a1jVnFA/lT1CcgHgd NIqNMxbkL1NFXAqXklea0OGLWNN+1sZi6ToC35r0jGwIQFCmE8n8HMmQigJ3Z7Dx AfQOfIsdi/aPuHsWKY2gBYe/791ZYP1Gw3l1TBDn4rAQISiHi7P7EJMu4qE2cXvp vi8Lg0HevE8+Q4E73THCSZLP7k2TuOIcFbEBeK8p3UOCZU7tSYjLondF95vfKbq5 8OyX7yBWStFuNIF4czo8t6ICQtSTryR2Wy09ABEBAAG0DW5vY0Bob3N0ZXouaW+J ARwEEAECAAYFAmIKtL0ACgkQWo5GYxXfr1WfnAf/Yg2Yg5Y7SWAMB0G3mUwIYQUK cWfXUqOFXR2OtloilYHjn+r7TJ4SDKFIL1S3FJ0nodiRgXWBJlmEeKr/GxGPUx0A Qe3vsJTFiSWNmglMIHstvKZK8EGTS06F+0xV/QChOzgCKOfkMsKK4lzh6JdV2ZE2 oLd9cGsHOJR9ACSsIh78Zd+KNPtb0DTnSq8colPOaphytN2M5NAF01GzwWLeAuXW /Id8PFCEbQjj6O+aStmMB/GSG5nv6DrQuuxdRon9527gmsFDt3gEMKlBELWUwx0d ziRD9kxGFt1awlx9BOpiwlEhkKHsdVdzuzKSPOakLjdZc4NUGKFig/CSiT/yZA== =luiM

-----END PGP PUBLIC KEY BLOCK-----

Disclosure Policy and Guidelines

The information you share with us as part of this process is kept confidential, except that we will share information with a third party if the vulnerability you report is found to affect a third-party product, in which case we will share this information with the third-party product's author or manufacturer. Otherwise, we will only share this information as permitted by you.

In order to protect our customers, we request that you not post or share any information about a potential vulnerability in any public setting until we have researched, responded to, and addressed the reported vulnerability, and informed customers if needed. Also, we respectfully ask that you do not post or share any data belonging to our customers. Addressing a valid reported vulnerability will take time, and the timeline will depend upon the severity of the vulnerability and the affected systems.

The following activities are out of scope for our Vulnerability Reporting program. Conducting any of the activities below will result in disqualification from the program:

  1. Targeting assets of customers or non-customers hosted on our infrastructure
  2. Any vulnerability obtained through the compromise of customer or employee accounts
  3. Any Denial of Service (DoS) attack against us or our customers
  4. Physical attacks against our employees, offices, and data centers
  5. Social engineering of employees, contractors, vendors, or service providers
  6. Knowingly posting, transmitting, uploading, linking to, or sending malware
  7. Pursuing vulnerabilities which send unsolicited bulk messages (spam)

Pen Testing Customers are welcome to carry out security assessments or penetration tests against their infrastructure within reasonable limits and subject to the HostEZ service agreements, acceptable use policy and all other applicable policies.

Power and Physical Security

The data center electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, and seven days a week. Uninterruptible Power Supply (UPS) units provide back-up power in the event of an electrical failure for critical and essential loads in the facility. Data centers use generators to provide backup power for the entire facility.

Data center staff monitor electrical, mechanical and life support systems and equipment so issues are immediately identified. Preventative maintenance is performed to maintain the continued operability of equipment.

Use of third party communications tools for SLA

Use of third party services such as Discord, Whatsapp to transact sensitive customer information i.e. during the support process from HostEZ is prohibited by this policy. Customers must use approved means such as the Client portal and all supporting staff from HostEZ must only utilized the official supported tools to conduct support.