Skip to content

Acceptable Use Policy

 

1.   Policy Application

 

1.1    Application of this Policy

This Acceptable Use Policy (“AUP”) applies to all Services provided by the Supplier to the Customer under the Agreement, including, but not limited to, any hosting, infrastructure, network, communications, security or managed services (collectively, the “Services”).

The Customer is responsible for:

  • its own use of the Services; and
  • all use of the Services by its Authorised Users or any third party who accesses the Services using Customer credentials or systems, whether authorised or not.
1.2    Purpose

This AUP is intended to ensure that:

  • the Services are used in a lawful, secure and responsible manner;

  • the integrity, availability and performance of the Services are maintained for all customers; and

  • the Supplier’s systems, networks and other customers are protected from misuse, disruption, or harm.

This AUP does not create any service level commitments, which are set out exclusively in the applicable Ordering Document. 

1.3    Service Scope Limitation 

This AUP governs the use of the Services but does not expand or modify the scope of Services described in the applicable Ordering Document.

Without limitation:

  • where Services are limited to infrastructure provision (such as Infrastructure as a Service), the Supplier’s responsibilities are limited to the infrastructure layer only; and
  • where Services include managed services, the Supplier’s responsibilities are limited to those expressly set out in the applicable Ordering Document.

The Customer retains all responsibilities not expressly assumed by the Supplier under the Agreement.

 

2.   Customer Responsibilities

 
2.1    General Compliance

The Customer must, and must ensure that its Authorised Users:

  • comply with all applicable laws, regulations, and industry codes of practice;

  • comply with this AUP and any reasonable directions issued by the Supplier in connection with the Services, including directions reasonably required to protect systems, networks or other customers;

  • ensure that access to the Services is limited to properly authorised users and promptly notify the Supplier of any changes to access or permissions;

  • take reasonable steps to prevent unauthorised access to the Services; and

  • ensure that all Incidents and Service Requests are logged via the Supplier’s prescribed process and are submitted only by duly authorised personnel in accordance with any applicable Ordering Document.

2.2    Use of Services

The Customer must:

  • use the Services in a manner consistent with normal business usage and notify the Supplier of any material change in use;

  • ensure that its use does not interfere with, degrade, or disrupt the Services or any other customer’s use of the Services; and

  • not, and must ensure its personnel and third parties do not, perform any act or omission that may cause degradation, failure, security vulnerability, or disruption to the Services, Supplier systems, or any Customer Environment.

2.3    Content Responsibility 

The Customer is solely responsible for:

  • all data, content, and materials stored, transmitted, or published using the Services;

  • ensuring it has all necessary rights, licences and permissions to use and distribute such content; and

  • ensuring such content complies with all applicable laws (including intellectual property, privacy, and defamation laws).

 

3.   Prohibited Use

 
3.1    Illegal or Harmful Activity

The Customer must not, and must not permit any person to use the Services to:

  • engage in any activity that breaches any law or regulation;

  • engage in fraud, misleading or deceptive conduct, or other unlawful activity;

  • infringe the intellectual property or other legal rights of any person;

  • publish or transmit material that is defamatory, offensive, abusive, obscene, or otherwise unlawful;

  • breach any person’s privacy, including through identity theft or phishing.

3.2    Security and System Misuse

The Customer must not, and must not permit any person to use the Services to:

  • gain or attempt to gain unauthorised access to any system, network, or account;

  • circumvent or attempt to circumvent authentication or security controls;

  • distribute tools designed to compromise security (e.g. password cracking tools);

  • introduce or propagate viruses, malware, or other harmful code;

  • monitor or intercept data not intended for the Customer.

3.3    Network Abuse and Disruption 

The Customer must not, and must not permit any person to use the Services to:

  • interfere with or disrupt the integrity or performance of the Services or any network;

  • conduct denial-of-service (DoS) attacks or similar activities;

  • engage in network misuse such as packet spoofing, sniffing, flooding, or forged routing;

  • interfere with another user’s access to or use of the Services;

  • perform excessive or abnormal usage that materially impacts the Services or other users.

3.4    Communication Misuse

The Customer must not, and must not permit any person to use the Services to:

  • send unsolicited bulk communications (spam) in breach of applicable laws (including the Spam Act 2003 (Cth));

  • send harassing, abusive, or threatening communications;

  • falsify or alter message headers or origin information;

  • engage in mass messaging, posting, or similar disruptive behaviour.

3.5    Content and Publishing Restrictions

The Customer must not, and must not permit any person to use the Services to:

  • distribute or publish content that is unlawful or prohibited under applicable classification or content laws;

  • conduct unlawful advertising, solicitation, or pyramid schemes;

  • host or distribute content without appropriate legal rights or permissions.

3.6    Shared Environment Protections 

Where the Services involve shared infrastructure, platforms, or networks, the Customer must:

  • ensure its use does not adversely affect other customers or users;

  • promptly comply with any reasonable direction from the Supplier to mitigate service impacts;

  • not use the Services in any way that could jeopardise system stability, security, or availability; and

  • comply with any configuration, access, and operational requirements notified by the Supplier to protect the integrity and stability of the Services.

 

4.   Shared Environment Protections 

Where the Services involve shared infrastructure, platforms, or networks, the Customer must:

  • ensure its use does not adversely affect other customers or users;

  • promptly comply with any reasonable direction from the Supplier to mitigate service impacts;

  • not use the Services in any way that could jeopardise system stability, security, or availability; and

  • comply with any configuration, access, and operational requirements notified by the Supplier to protect the integrity and stability of the Services.

 

5.   Incident Management 

 
5.1    Allocation of Responsibility 

Responsibility for incident management is determined by the scope of Services in the applicable Ordering Document. The Supplier will perform incident management activities only to the extent expressly included in the applicable Ordering Document.  

5.2    Customer Obligations

To the extent

  • promptly notify the Supplier of any Incident or suspected Incident affecting the Services;

  • comply with all reasonable directions issued by the Supplier to mitigate risks to the Services; and

  • provide all access, information, and cooperation reasonably required.

5.3    Data Incidents

For the purposes of the Agreement and this AUP, a “Data Incident” means any actual or reasonably suspected unauthorised access to, disclosure of, loss of, alteration of, or inability to access Customer data in connection with the Services.

To the extent a Data Incident relates to Services within the scope of the Supplier’s responsibilities:

  • the Supplier will respond in accordance with applicable law and the Agreement to the extent required by the Services and the Agreement;
  • the Customer must provide all reasonable assistance.

For clarity, the Supplier has no responsibility for Data Incidents arising from systems, applications, or data that are outside the scope of the Services.


6.   Enforcement

 
6.1    Supplier Rights

If the Supplier reasonably believes that a breach of this AUP has occurred, it may, without limiting its other rights:

  • investigate the suspected breach;

  • remove or restrict access to content;

  • require the Customer to take remedial action;

  • suspend or limit the Services (in whole or in part) in accordance with the Agreement; or

  • initiate termination of the affected Services in accordance with clause 12 of the Agreement.

6.2    Urgent Action 

The Supplier may take immediate action (including suspension) where necessary to:

  • Protect the Services, its systems, or other customers;

  • comply with law; or

  • prevent material harm or disruption.

6.3    No Liability for Enforcement

To the extent permitted by law, and subject to the liability framework set out in the Agreement, the Supplier is not liable for any loss arising from actions reasonably taken to enforce this AUP.


7.   Monitoring and Investigation

The Supplier is not obliged to monitor use of the Services; however, it may monitor, investigate, or review usage where reasonably necessary to ensure compliance with this AUP, respond to complaints, or comply with legal obligations, provided that any such activities are conducted in accordance with the Supplier’s confidentiality obligations under the Agreement.


8.     Updates to this Policy

The Supplier may update this AUP from time to time on reasonable notice. Continued use of the Services constitutes acceptance of the updated AUP.

Last updated: June 10th, 2026