It is allowed for external parties to perform a security scan or penetration test on one or more of your VPS-services.
We do have the policy that this test is only allowed to have impact on the VPS that is being tested. Checking for and trying to abuse specific (possible) exploits on your VPS is no problem, as long as it doesn't have impact on other customers using the same physical hardware.
Should the test however generate a lot of data traffic and or data packages to your VPS (similar to a (D)DoS-attack),we will be forced to intervene in able to keep guaranteeing the stability and reachability for other customers.