Acceptable Use Policy

1. Purpose

This Acceptable Use Policy exists to keep CSC aligned with lawful, defensive, and responsible cybersecurity use. It applies to all use of CSC's public pages, tools, accounts, local agent features, APIs, professional service request channels, and related infrastructure.

2. Who may use CSC

You may use CSC only if you are acting lawfully and only for systems, websites, networks, services, devices, or data that you own or are explicitly authorised to assess. If you are using CSC on behalf of an organisation, you must have authority to do so.

3. What is allowed

CSC may be used for general awareness, educational review, defensive self-assessment, passive website review, lawful account use, local network visibility for your own private network, and professional service enquiries made in good faith.

CSC may also be used to help understand suspicious links, website exposure signals, connectivity and provider information, and local environment observations, provided that the use remains lawful and authorised.

4. What is prohibited

You must not use CSC for attacks, exploitation, brute force, credential abuse, malware delivery, denial-of-service behaviour, disruption, interference, phishing, malicious automation, or any unlawful or harmful purpose.

You must not target third-party systems without permission, impersonate ownership or authorisation, bypass safety controls, evade restrictions, manipulate scan flows to simulate unsupported capabilities, or use CSC as a substitute for offensive tooling.

5. Website and network tools restrictions

The website and link tools are designed for passive or lightweight defensive checks. The website security review is passive-only in the current product version. The local network scan is for your own local/private network and depends on the local agent and your environment.

You must not use CSC to carry out intrusive tests, broad unauthorised scans, exploit validation, SQL injection testing, credential attacks, or probing beyond the tool's intended safe scope.

6. Professional service request restrictions

You must not misuse CSC's request or contact channels, including by submitting false claims of urgency, deceptive ownership claims, malicious content, spam, abusive messages, or requests intended to facilitate unlawful activity.

Any professional engagement would require separate review and agreement. Submission of a request form does not create an entitlement to services.

7. Monitoring and enforcement

CSC may monitor usage, log requests, rate-limit activity, preserve evidence, verify patterns of misuse, and block or suspend access where necessary to protect the service, users, and compliance obligations. This may include IP-based controls, account/session controls, consent logging, and review of abuse indicators.

8. Cooperation with authorities

Where legally required or otherwise lawfully permitted, CSC may cooperate with law enforcement, regulators, courts, or other competent authorities. That may include preserving and disclosing relevant records relating to misuse, fraud, or unlawful activity.

9. Consequences of breach

If you breach this policy, CSC may warn you, restrict features, block requests, suspend or terminate access, revoke sessions, preserve evidence, and take other protective steps. CSC may also refuse to process future requests or enquiries linked to misuse.

10. Changes

CSC may update this Acceptable Use Policy as the platform, legal landscape, or risk controls change. The current version and effective date will be shown on this page, and renewed acceptance may be required where appropriate.

11. Contact

If you need to ask about this policy, contact CSC through the public contact route published on the site, including the assessment request page at /assessment-request/.