Book meeting

Acceptable Use Policy

Acceptable Use Policy

Acceptable Use Policy

This Acceptable Use Policy (“AUP”) sets out the rules governing the use of IT systems, networks, software, and services provided or managed by Popa Consultants Pty Ltd (“we”, “us”). Last Updated: 18 December 2025.

This AUP forms part of our Terms and Conditions and applies to all clients, their employees, contractors, and any other individuals who access systems or services we manage. Breach of this AUP constitutes a breach of your service agreement.

Section 1

Purpose

The purpose of this AUP is to:

  • Protect the security, integrity, and availability of the IT systems and networks we manage
  • Ensure compliance with Australian law including the Privacy Act 1988, the Cybercrime Act 2001, and the Spam Act 2003
  • Define the standards of acceptable behaviour expected of all users
  • Set out the consequences of misuse or non-compliance
Section 2

Scope

This AUP applies to:

  • All hardware, software, networks, and cloud services provided, managed, or supported by Popa Consultants
  • All client employees, contractors, visitors, and third parties who access managed systems
  • Access occurring on-site, remotely, or via any device connected to a managed network

This AUP applies regardless of the device used to access systems and whether the device is owned by the client or personally owned.

Section 3

Permitted Use

Managed IT systems and services may only be used for:

  • Legitimate business purposes within the scope of the client’s operations
  • Activities expressly authorised by the client organisation
  • Communication and collaboration tools in accordance with organisational policies

Incidental personal use is permitted provided it does not interfere with business operations, consume excessive resources, or breach any provision of this AUP.

Section 4

Prohibited Activities

The following activities are strictly prohibited on any system or network managed by Popa Consultants:

  • Illegal activity — any act that violates Australian law, including the Cybercrime Act 2001, Criminal Code Act 1995, or applicable state and territory laws
  • Unauthorised access — accessing systems, accounts, or data without authorisation, or attempting to bypass security controls
  • Malware distribution — introducing, transmitting, or facilitating viruses, ransomware, spyware, or any other malicious code
  • Data theft or exfiltration — copying, transferring, or disclosing confidential or proprietary data without authorisation
  • Spam and phishing — sending unsolicited commercial messages in breach of the Spam Act 2003, or impersonating another person or organisation
  • Harassment and abuse — using systems to bully, threaten, harass, or discriminate against any individual
  • Intellectual property infringement — downloading, copying, or distributing software, media, or content in breach of copyright or licensing agreements
  • Cryptocurrency mining — using managed infrastructure to mine cryptocurrency or conduct other unauthorised resource-intensive activities
  • Circumvention of security controls — disabling antivirus, firewall, or monitoring software; using VPNs or proxies to bypass content filters without authorisation
  • Doxxing — publishing personal information about any individual with intent to harm, which is a criminal offence under the Privacy and Other Legislation Amendment Act 2024
Section 5

Password and Access Management

All users of managed systems must comply with the following access requirements:

  • Use strong, unique passwords of at least 12 characters for all accounts
  • Enable multi-factor authentication (MFA) on all accounts where available
  • Never share passwords, credentials, or access tokens with other individuals
  • Report lost, stolen, or compromised credentials to Popa Consultants immediately
  • Log off or lock workstations when leaving them unattended
  • Not install or remove software without authorisation from the client organisation or Popa Consultants
Section 6

Device and Endpoint Security

All devices used to access managed systems or networks must:

  • Have current, licenced, and Popa Consultants-approved endpoint protection software installed
  • Be kept up to date with operating system and application security patches
  • Be encrypted at rest where the device stores or accesses sensitive business data
  • Not be used to access managed systems if the device is known to be compromised or infected
  • Be reported to Popa Consultants immediately if lost, stolen, or compromised

Personally-owned devices (BYOD) used to access managed systems must meet the same minimum security standards and may be subject to mobile device management (MDM) enrolment.

Section 7

Email and Communications

When using email and other communication tools provided or managed by Popa Consultants, users must:

  • Not send unsolicited bulk emails or messages in breach of the Spam Act 2003
  • Exercise caution with links and attachments, particularly from unknown senders
  • Report suspected phishing or social engineering attempts to Popa Consultants immediately
  • Not use managed email systems for personal business, commercial activity, or content that could expose the client to legal liability
  • Comply with the client organisation’s email retention and archiving policies
Section 8

Data Handling and Confidentiality

Users accessing managed systems must handle data in accordance with the following principles:

  • Access only the data necessary for your role and authorised duties
  • Store sensitive or confidential data only in approved, managed locations — not personal drives, personal cloud storage, or unmanaged devices
  • Do not transmit confidential data via unencrypted or unapproved channels
  • Comply with all applicable data protection obligations under the Privacy Act 1988 and the client organisation’s privacy policy
  • Immediately report any suspected data breach or accidental disclosure to Popa Consultants

Under the Notifiable Data Breaches (NDB) scheme, we are required to report eligible data breaches to the OAIC and affected individuals. Timely reporting by users is essential to our ability to meet these obligations.

Section 9

Cybersecurity Training

As part of our Managed IT Services, we may require users to complete Cybersecurity Awareness Training. This training:

  • Is mandatory for all users of managed systems unless otherwise agreed
  • Covers phishing awareness, password hygiene, data handling, and incident reporting
  • Must be completed within the timeframes specified by Popa Consultants or the client organisation
  • May be refreshed annually or following a significant security incident

Failure to complete mandatory training may result in restricted access to managed systems until training is completed.

Section 10

Monitoring and Audit

By using systems and networks managed by Popa Consultants, users acknowledge and consent to:

  • Monitoring of network traffic, system activity, and device usage for the purposes of security, performance, and compliance
  • Logging of access events, authentication attempts, and data transfers
  • Periodic security audits and vulnerability assessments
  • Review of logs and activity records in the event of a suspected breach or policy violation

Monitoring is conducted in accordance with our Privacy Policy and applicable Australian law. Users should have no expectation of privacy when using client-owned or managed systems for business purposes.

Section 11

Incident Reporting

Users must report the following to Popa Consultants as soon as practicable:

  • Suspected malware infections, ransomware, or other security incidents
  • Phishing attempts or suspicious emails received on managed accounts
  • Lost or stolen devices used to access managed systems
  • Unauthorised access to accounts or systems
  • Accidental disclosure of confidential or personal information

Reports should be made by logging a support ticket at www.popa.com.au/contact-us or by calling our support line. Prompt reporting enables us to limit the impact of any incident and meet our mandatory notification obligations under Australian law.

Section 12

Consequences of Breach

Breach of this Acceptable Use Policy may result in:

  • Immediate suspension of access to managed systems pending investigation
  • Termination of the service agreement in accordance with the Terms and Conditions
  • Recovery of costs associated with investigating or remediating the breach
  • Referral to law enforcement where the conduct constitutes a criminal offence under Australian law

Popa Consultants reserves the right to take any action necessary to protect the security and integrity of managed systems and the personal information they contain. We will notify affected parties and regulators as required by law.

Section 13

Contact and Reporting

For questions about this Acceptable Use Policy, to report a suspected breach, or to request an exemption, please contact:

This AUP is reviewed annually and updated as required to reflect changes in technology, law, and best practice. The current version is always available at www.popa.com.au.

Make Appointment

Book a 30 minutes free consultation

Not sure where to start? Our friendly team is here to help. Book a free 30-minute consultation and discover how Popa Consultants can simplify your IT and keep your business moving forward.

Get Started

We use successful strategies we’ve developed over the last 20 years to inspire, motivate and inovate your business on transforming, growing, and becoming more productive through better technology

Services

IT Management
Cybersecurity
IT Strategy
Cloud Computing

Quick Links

About Us
Services
Contact
Blog

Contact us

WeWork – 222 Exhibition Street,
Melbourne CBD 3000
+61 414 683 950
info@popa.com.au

Copyright © 2026 PopaConsultants All rights reserved.

Terms & Conditions
Privacy Policy
Acceptable Use Policy