Technology works best when everyone uses it responsibly. This policy sets out what that looks like in practice.

This Acceptable Use Policy ("AUP") defines the rules for using services, networks, systems, and platforms provided or managed by Harrby Pty Ltd ("Harrby", "we", "our", "us"). It exists to protect our customers, their users, our infrastructure, and the broader internet community.

Read this alongside our Privacy Policy, Terms & Conditions, and any applicable Service Level Agreement (SLA).

1. Introduction

By accessing or using any Harrby-managed service — cloud environment, network, support channel, or otherwise — you agree to comply with this AUP.

This policy applies to everyone who interacts with services we deliver or manage: employees, contractors, and third parties alike. If you have access to a Harrby-managed environment, this policy applies to you.

2. Purpose

This AUP exists for three reasons:

To promote responsible use. Technology is a tool. This policy helps ensure it's used securely, lawfully, and in ways that support your organisation's goals.

To protect systems and data. Misuse — whether intentional or accidental — creates risk for everyone. Clear boundaries help prevent incidents before they happen.

To set shared expectations. Security is a partnership. Knowing what's acceptable and what isn't makes that partnership work.

3. Scope

This AUP covers all use of:

  • Managed IT services — Microsoft cloud environments, security solutions, and any other services operated by Harrby on your behalf
  • Network infrastructure — VPNs, firewalls, remote access solutions, and related network management services managed by Harrby
  • Devices, accounts, and identities — Any device, user account, or identity managed or integrated as part of a Harrby service
  • Support channels — Portals, email, chat, and any other channel used to access Harrby support

If you're using it and Harrby manages it, this policy applies.

4. Authorised Use

Harrby services are provided for legitimate business purposes — authorised by your organisation and consistent with applicable laws, contracts, and policies.

Reasonable personal use may be permitted where your organisation allows it, provided it doesn't:

  • Interfere with business operations or degrade service performance
  • Breach security controls, licensing terms, or legal obligations
  • Contravene this AUP or your organisation's internal policies

When in doubt, default to business use. If your organisation has a specific policy on personal device or service use, follow it.

5. Prohibited Activities

Some activities are never acceptable on Harrby-managed services. This list is not exhaustive — if something feels wrong, it probably is.

You must not:

  • Send spam, phishing emails, or unsolicited bulk communications of any kind
  • Host, transmit, or access unlawful, offensive, or malicious content
  • Attempt to gain unauthorised access to systems, accounts, or data — whether inside or outside your organisation
  • Introduce malware, ransomware, or any other malicious software into managed environments
  • Bypass, disable, or tamper with security controls, monitoring tools, or compliance configurations
  • Use services for illegal file sharing, copyright infringement, or unlicensed software installation
  • Conduct network scanning, exploitation, or penetration testing without prior written approval from Harrby

A violation puts your organisation at risk and can affect every customer and environment we manage. We take this seriously.

6. Accounts & Credentials

Your credentials are your responsibility. Protecting them is one of the most important things you can do for your organisation's security.

When using Harrby-managed services:

  • Use strong, unique passwords and enable multi-factor authentication (MFA) wherever it's required — and wherever it's available
  • Never share passwords, tokens, or authentication devices with other users, regardless of convenience
  • Report suspected credential compromise immediately to your internal IT or security team — don't wait to be sure

Compromised credentials are one of the leading causes of security incidents. Fast reporting is the fastest path to containment.

7. Security Responsibilities

Security is something Harrby and customers do together. Clear responsibilities on both sides make the whole system stronger.

As a customer or end user, you agree to:

  • Follow security policies, guidelines, and technical standards communicated by Harrby or your organisation
  • Keep devices patched, protected by anti-malware, and physically secure — wherever they're under your control
  • Avoid installing unauthorised software or browser extensions on managed devices

Harrby's commitment:

We implement reasonable security controls aligned with vendor guidance and industry best practice, as defined in your Agreement. When the threat landscape changes, our controls evolve with it.

8. Data Protection & Privacy

Using Harrby services comes with an obligation to handle data lawfully and responsibly.

Your use must comply with applicable privacy and data protection laws — including the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) — as well as our Privacy Policy and any data processing terms in your Agreement.

You must not use Harrby services to:

  • Unlawfully collect, store, process, or share personal information
  • Circumvent regulatory requirements or compliance controls
  • Handle personal data in ways that conflict with the purposes for which it was collected

If your organisation has specific data handling obligations — sector-specific regulation, contractual requirements, or internal data governance policies — those obligations extend to how you use services we manage.

9. Monitoring & Logging

To maintain security, reliability, and compliance, Harrby and/or your organisation may monitor activity across managed systems and services.

This includes:

  • System and security logs, alerts, and telemetry from managed environments
  • Network traffic flowing through managed firewalls or gateways
  • Authentication activity, sign-in events, and administrative changes

Monitoring is conducted in accordance with applicable laws, your contractual terms, and privacy requirements. It exists to detect threats and respond to incidents — not to surveil individuals unnecessarily.

Where Harrby identifies activity that suggests a security incident or policy breach, we will act on it.

10. Third-Party Services & Cloud Platforms

Many of the platforms we manage — including Microsoft 365, Azure, Dynamics 365, and third-party security tools — come with their own acceptable use and licensing terms.

When you use these platforms through Harrby-managed services, you're bound by those terms too. Compliance with this AUP alone does not satisfy your obligations under the relevant third-party policies.

Harrby is not responsible for breaches arising from a user's failure to comply with third-party acceptable use terms. If you're unsure what applies to a specific platform, ask us.

11. Reporting Incidents & Breaches

If something looks wrong, say something. Early reporting is the single most effective way to limit the impact of a security incident.

You must promptly report:

  • Any suspected security incident, compromise, or unauthorised access
  • Misuse of Harrby-managed services by any user
  • Any suspected breach of this AUP or related policies

Report to your internal IT or security team, or contact Harrby directly via your agreed support channels. Don't wait until you're certain something has happened — if you suspect it, report it.

The difference between a contained incident and a serious breach is often how quickly it was escalated.

12. Consequences of Breach

Breaches of this AUP are taken seriously. Depending on the nature and severity of the breach, Harrby may take one or more of the following actions:

  • Suspend or restrict access for the affected user or account
  • Remove offending content or configurations from managed environments
  • Notify your organisation's management or security teams
  • Terminate services in line with the terms of your Agreement
  • Refer to law enforcement where unlawful activity is suspected or confirmed

These measures exist to protect every organisation that relies on Harrby's services. A breach in one environment can create risk across many.

14. Relationship to Other Policies

This AUP doesn't stand alone. It works alongside:

  • Your organisation's internal policies and procedures — Your employer's rules still apply
  • Harrby's Terms & Conditions — The commercial framework for our relationship
  • Harrby's Privacy Policy — How we handle personal information
  • Your applicable SLA — Performance and service commitments specific to your engagement

Where there's any inconsistency between this AUP and your Agreement with Harrby, the Agreement will generally take precedence. If you're unsure which policy governs a specific situation, contact us.

15. Updates to This Policy

This AUP will be updated as laws, technologies, and our services evolve.

Updated versions will be published on this page with a revised "Last updated" date. Continued use of Harrby-managed services after changes are published constitutes acceptance of the updated AUP.

We'll make material changes easy to identify. If a change significantly affects your obligations, we'll communicate it proactively.

16. Contact Us

Questions about this policy or how it applies to your environment?

Legal & Compliance Harrby Pty Ltd Email: legal@harrby.com

This policy applies to all users of Harrby-managed services. It forms part of the broader framework of agreements, policies, and standards that govern how we work together. For service-specific obligations, refer to your Agreement and applicable SLA.