Pomeroy logo

Cloud Acceptable Use Policy

This Cloud Acceptable Use Policy (CAUP) outlines the acceptable use, behavior, and security expectations for accessing and utilizing Pomeroy Technologies, LLC’s cloud-based services and systems. It is intended to ensure the confidentiality, integrity, and availability of our systems, data, and resources, in alignment with the NIST Cybersecurity Framework (CSF).

This policy applies to all external vendors, clients, partners, and contractors who access Pomeroy’s cloud environments, websites, or data.

Scope

This policy applies to access and usage of Pomeroy’s cloud infrastructure, software-as-a- service (SaaS) platforms, APIs, and associated services, including but not limited to:

  • Cloud-based storage and collaboration platforms
  • Email and communication systems
  • Application hosting environments
  • Customer and partner data repositories

Acceptable Use

Users and Guests must:

  • Use services only for authorized business
  • Protect authentication credentials (e.g. passwords, MFA tokens) and never share
  • Ensure all connections to cloud resources are secured via encrypted channels (e.g. HTTPS, VPN).
  • Follow the principle of least privilege: access is granted only to data and systems necessary for the role or engagement.
  • Acknowledge and comply with all legal, regulatory, and contractual obligations applicable to cloud data use.

Prohibited Use

Users and Guests may not:

  • Use cloud resources to transmit, store, or process any illegal, harmful, or offensive
  • Attempt unauthorized access, scanning, or exploitation of systems, networks, or
  • Use company cloud services for personal, non-business-related
  • Circumvent security controls or logging mechanisms implemented on cloud
  • Introduce malware, ransomware, or unapproved third-party

Data Handling and Security

Users are responsible for ensuring that data uploaded to Pomeroy complies with all data protection laws (e.g. GDPR, HIPAA).

Sensitive data or regulated data (e.g. PII, PHI, PCI) must only be stored or transmitted through Pomeroy’s services if:

  • Explicitly permitted under contract
  • Properly encrypted in transit and at rest
  • Compliant with all applicable laws and regulations

Monitoring & Audit

Pomeroy continuously monitors usage of its cloud services to detect anomalous behavior and potential threats. Activities may be logged and reviewed as part of ongoing security and compliance efforts. Monitoring is in accordance with legal and regulatory frameworks.

Incident Reporting

Any suspected or actual security incident involving cloud services must be reported immediately to Pomeroy’s Security team via ServiceNow incident reporting or services owner. Response and mitigation are conducted in accordance with NIST CSF Respond & Recover guidelines, which include but are not limited to:

  • Incident Response Planning
  • Incident Coordination and Communication
  • Incident Analysis
  • Incident Recovery

Compliance

Failure to comply with this policy may result in access termination, contractual penalties, or legal action, depending on the nature and severity of the violation.

Policy Review

This Cloud Acceptable Use Policy is reviewed annually or upon major infrastructure changes. Pomeroy Technologies, LLC reserves the right to update this policy without prior notice.

Contact/Address for Legal Notice

All questions, comments and legal notices should be submitted to: Pomeroy General Counsel –

Pomeroy
1050 Elijah Creek Rd Hebron, Kentucky 41048
Telephone: 859-586-0600 Facsimile: 859-586-4414

Pomeroy Logo
Linkedin Youtube Facebook

© 2025 Pomeroy Technologies. All rights reserved.

Pomeroy logo
Linkedin Youtube Facebook

Add Your Heading Text Here

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.