Annex B - Acceptable Use Policy (AUP)

• Legal >
• Terms >
• Master Services Agreement - Cloud >
• Annex B - Acceptable Use Policy (AUP)

This Annex forms part of the Cloud Master Services Agreement and describes the scope, responsibilities and limitations relating to the Acceptable Use Policy.

If you become aware of a breach of this Policy, you must tell us as soon as reasonably possible.

1. Lawful use

1. You must not use the Cloud Services for any unlawful, fraudulent or malicious activity.
2. You must comply with all applicable laws and regulations relating to the content you store, process or transmit via the Cloud Services.
3. You must not host or transmit content that is illegal, defamatory, obscene, incites violence or hatred, or infringes third-party intellectual property rights.

2. Security and access

1. You must:
   • keep login details and other credentials secret and secure;
   • use strong, unique passwords and multi-factor authentication where available;
   • promptly revoke access for users who leave your organisation or change role; and
   • notify us promptly if you suspect any compromise of accounts or systems hosted on the Cloud Platform.
2. You must not:
   • attempt to bypass or weaken security controls on the Cloud Platform;
   • probe, scan or test the vulnerability of the Cloud Platform or another customer’s environment without our explicit written permission; or
   • attempt to gain unauthorised access to any system or data.

3. Network and resource usage

1. You must not:
   • run open mail relays, anonymous proxies or services designed to hide identity for unlawful purposes;
   • send spam or unsolicited bulk messages;
   • launch denial-of-service attacks or participate in them, knowingly or unknowingly; or
   • use the Cloud Services for crypto-mining or similar resource-intensive activities unless explicitly agreed in writing.
2. You must ensure that your use of compute, storage and network resources is reasonable and consistent with any Fair Use Policy that applies. Excessive or sustained use that adversely affects other customers may require you to upgrade your service or change how you use it.

4. Content and data

1. You are responsible for the content, applications and data you host on the Cloud Platform.
2. You must not host or distribute:
   • malware, ransomware, viruses or other malicious code;
   • tools intended primarily for unauthorised hacking or intrusion; or
   • content that violates third-party licence terms or copyright.
3. If we receive a legitimate complaint or legal notice relating to content you host, we may:
   • ask you to modify or remove the content; or
   • in serious cases, restrict access to the content or suspend part of the service while the issue is investigated.

5. Fair use and platform environment

1. Many Cloud Services run on shared infrastructure. Where your services run on shared infrastructure, your use of resources must not unreasonably affect other customers or workloads on the same platform.
2. Where your services run on dedicated or “private cloud” infrastructure, your use of resources must still be consistent with the intended purpose of the service and any design and capacity assumptions we have agreed with you.
3. Examples of unreasonable use include:
   • continuous high CPU or I/O usage that causes degradation for others on shared infrastructure;
   • massive data transfers over long periods that consume a disproportionate share of available bandwidth; or
   • running workloads clearly outside the intended purpose of the service (for example high-volume video streaming or file-sharing nodes on a general business hosting plan).
4. If we believe your usage is breaching Fair Use thresholds, we will:
   • discuss the issue with you;
   • propose adjustments or an appropriate service upgrade; and
   • as a last resort, apply reasonable technical limits to protect the platform if no agreement can be reached.

6. Enforcement

1. If you breach this Policy, we may:
   • ask you to take corrective action;
   • temporarily restrict or suspend specific services or features;
   • block certain traffic, users or applications; or
   • in serious or repeated cases, terminate the affected Cloud Service or the Agreement.
2. Where legally required, we may cooperate with law enforcement or regulators and share relevant information about suspected unlawful activity.