At mccloudCo Technologies, protecting client systems, data, and privacy is fundamental to how we operate. Remote access is sometimes necessary to deliver efficient IT support, CRM consulting, and system administration. This policy defines how remote access is authorized, secured, monitored, governed, and protected under contractual and legal standards.

Our goal is to provide fast, effective service while maintaining the highest standards of security, confidentiality, and accountability.

Purpose of Remote Access

Remote access may be used to:

• Diagnose and resolve technical issues
• Configure HubSpot and Salesforce environments
• Install updates and security patches
• Perform preventative maintenance
• Support users in real time
• Monitor managed IT environments
• Implement system improvements

Remote access is strictly limited to legitimate business support functions.

Client Authorization & Consent

Remote access occurs only under authorized circumstances.

Consent may be established through:

• Signed service agreements
• Managed services contracts
• Support requests or tickets
• Written or verbal authorization
• Pre-approved maintenance windows

Clients may observe remote sessions whenever feasible and may revoke access at any time.

No remote access occurs without valid authorization.

Confidentiality, NDA & Privacy Protection

All remote support activities are governed by strict confidentiality obligations.

mccloudCo Technologies personnel operate under:

• Non-Disclosure Agreements (NDAs)
• Contractual confidentiality clauses
• Professional ethics standards
• Privacy protection commitments

Client information accessed during sessions:

• Is treated as confidential business data
• Is accessed only as necessary to complete support
• Is not retained outside approved systems
• Is not shared with unauthorized parties

We follow a minimum necessary access principle.

Security Controls

All remote sessions are protected by enterprise safeguards:

• End-to-end encrypted connections
• Multi-factor authentication
• Role-based access permissions
• Secure credential vaulting
• Session logging and monitoring
• Time-limited access privileges

Access is granted only to authorized technicians assigned to the client.

Cyber Insurance Coverage

mccloudCo Technologies maintains commercial cyber liability insurance and professional liability coverage appropriate for managed IT and consulting operations.

This coverage is designed to protect:

• Client data confidentiality
• Service delivery risks
• Technology errors and omissions
• Cybersecurity incident exposure

Insurance coverage supplements — but does not replace — client security responsibilities.

Legal Protections

Remote access services are governed by contractual agreements that define:

• Scope of work
• Service limitations
• Acceptable use boundaries
• Shared security responsibilities
• Support procedures

mccloudCo Technologies provides services in good faith and in accordance with industry best practices but does not guarantee immunity from cyber threats, third-party failures, or client-side vulnerabilities.

Security is a shared responsibility between provider and client.

Client Liability Boundaries

Clients remain responsible for:

• Internal access controls
• User behavior and credentials
• Endpoint security posture
• Compliance with internal policies
• Backup verification
• Data classification and governance

mccloudCo Technologies is not liable for damages resulting from:

• Client negligence
• Unauthorized third-party access
• Pre-existing vulnerabilities
• Unsupported systems
• Failure to follow security recommendations

Liability limitations are defined in formal service agreements.

Data Retention Policy

Remote access logs and support documentation may be retained for:

• Security auditing
• Quality assurance
• Compliance documentation
• Incident investigation
• Operational improvement

Retention periods follow internal security standards and contractual obligations.

Client data is not stored beyond what is necessary for service delivery.

Sensitive data is never retained outside secure, approved systems.

Audit, Monitoring & Compliance

To maintain operational integrity:

• Remote sessions may be logged
• Administrative actions may be audited
• Access records are retained
• Security controls are reviewed regularly
• Privileges are periodically reassessed

These controls support:

• Internal compliance standards
• Client contractual obligations
• Industry best practices
• Continuous service improvement

Audit data is used solely for accountability and security.

Incident Response & Breach Disclosure

If a suspected security incident occurs:

• Remote access is immediately terminated
• Internal investigation begins
• Impact is assessed
• Client stakeholders are notified
• Corrective actions are implemented

• Contractual obligations
• Applicable regulatory requirements
• Industry disclosure standards

mccloudCo Technologies cooperates fully with clients during incident response.

Session Transparency

Clients may request:

• Session summaries
• Work documentation
• Change logs
• Access records (where available)

Transparency is part of our service commitment.

Access Limitations

Remote access is restricted to professional support tasks.

We do not:

• Access personal accounts unrelated to business
• Browse unrelated files
• Transfer unauthorized data
• Share access with third parties without consent

All activity aligns with authorized scope.

Client Responsibilities

Clients should:

• Maintain strong passwords
• Enable MFA
• Keep systems updated
• Monitor user behavior
• Report suspicious activity

Security is a partnership.

Policy Updates

This policy may be updated to reflect:

• Security improvements
• Regulatory requirements
• Operational changes
• Industry standards

Material changes will be communicated to active clients.

Contact

For policy questions:

mccloudCo Technologies
info@mccloudco.com