Internal SOPs for abuse & SLA handling

Effective Date: 26/01/2026.

PART A — ABUSE HANDLING SOP

1. PURPOSE

To ensure abuse complaints are:

• Handled quickly and professionally

• Investigated fairly

• Resolved with minimum service disruption

• Fully compliant with legal, upstream, and policy obligations

2. SCOPE

This SOP applies to all abuse reports involving:

• Spam

• Malware

• Phishing

• Copyright infringement (DMCA)

• Network abuse (DDoS, scanning)

• Illegal content

• Resource abuse

3. ABUSE INTAKE CHANNELS

Abuse reports may arrive via:

• [email protected]

• [email protected]

• Data center / upstream provider

• Automated monitoring systems

• Law enforcement agencies

All abuse tickets must be created in the ticketing system immediately.

4. ABUSE SEVERITY CLASSIFICATION

Level 1 – Critical Abuse

Examples:

• Malware distribution

• Phishing

• Spam campaigns

• Child sexual abuse material (CSAM)

• Active hacking or botnet activity

⏱ Action Time: Immediate (0–120 minutes)

Level 2 – High Abuse

Examples:

• Copyright infringement

• Proxy misuse

• Repeated resource abuse

• Open relays

⏱ Action Time: Within 1–2 hours

Level 3 – Medium Abuse

Examples:

• Policy violations

• Misconfigured scripts

• Non-malicious excessive usage

⏱ Action Time: Within 24 hours

5. ABUSE HANDLING WORKFLOW

Step 1: Validate Report

• Confirm IP, domain, timestamp

• Verify server ownership

• Cross-check logs

❌ Do NOT act on incomplete or fake reports

Step 2: Immediate Mitigation (if required)

For Level 1 abuse:

• Suspend service instantly

• Block outgoing traffic

• Preserve logs and evidence

No prior notice required.

Step 3: Customer Notification

Send abuse notice including:

• Nature of abuse

• Evidence summary

• Required corrective action

• Deadline for response

Use clear, non-accusatory language.

Step 4: Customer Response Review

• Validate customer explanation

• Check corrective actions

• Re-scan system if needed

Failure to respond = escalation.

Step 5: Resolution

Possible outcomes:

• Service restored

• Service restricted

• Permanent termination

• Report to authorities (if legally required)

6. ZERO-TOLERANCE ABUSE

Immediate termination without restoration:

• CSAM

• Terrorism-related content

• Financial fraud

• Repeated spam offenses

No refunds. No appeals.

7. EVIDENCE RETENTION

• Logs retained for minimum 30–90 days

• Legal requests override retention limits

• Access restricted to senior staff only

8. UPSTREAM & DATACENTER COMMUNICATION

• Respond within upstream SLA

• Maintain professional tone

• Provide action taken summary

• Never disclose customer PII unless legally required

9. ABUSE APPEALS

• Appeals allowed only for non-critical abuse

• Reviewed by senior admin

• Decision is final

PART B — SLA HANDLING SOP

10. PURPOSE

To ensure:

• Accurate uptime tracking

• Fair SLA credit processing

• Consistent customer communication

• Controlled financial exposure

11. SLA MONITORING

Monitoring Sources

• Internal monitoring systems

• Data center alerts

• Network monitoring tools

All outages must be logged with:

• Start time

• End time

• Root cause

• Resolution details

12. INCIDENT CLASSIFICATION

SLA-Relevant Incidents

✔ Hardware failure
✔ Network outage
✔ Power failure

Non-SLA Incidents

❌ Maintenance
❌ Customer misconfiguration
❌ Abuse suspension
❌ DDoS beyond mitigation scope

13. INCIDENT RESPONSE WORKFLOW

Step 1: Incident Detection

• Auto alert or customer report

• Validate issue immediately

Step 2: Incident Declaration

• Declare incident severity

• Notify internal team

• Start incident log

Step 3: Resolution

• Assign technical owner

• Apply fix

• Monitor stability

Step 4: Incident Closure

• Record downtime duration

• Identify root cause

• Document preventive steps

14. SLA CREDIT REQUEST HANDLING

Eligibility Check

Confirm:

• Valid service

• No policy violation

• Downtime exceeded SLA threshold

Credit Calculation

• Use monthly uptime formula

• Apply correct credit tier

• Credits = hosting fee only

No cash refunds.

Approval Flow

• Tier 1 support → Verification

• Tier 2 admin → Approval

• Billing → Credit applied

15. CUSTOMER COMMUNICATION

• Acknowledge SLA request within 24 hours

• Provide transparent explanation

• Clearly state approval or rejection reason

Never promise credits verbally.

16. SLA ABUSE PREVENTION

Red flags:

• Repeated false claims

• Downtime outside monitoring window

• Customer-caused outages

Escalate repeat abuse cases.

17. REPORTING & REVIEW

Monthly internal review:

• Abuse cases count

• SLA incidents

• Credit issued

• Repeat offenders

Used for:

• Capacity planning

• Policy updates

• Staff training

18. ROLES & RESPONSIBILITIES