Policies and procedures for protecting IT data and systems
Business owners have legal obligations to secure data and protect the privacy of their customers' information. Learn more about your legal obligations to protect privacy and information.
To safeguard your online customers you need policies that comply with the laws on privacy, spam and electronic transfers. Policies can cover:
- privacy of customer data
- code of conduct
- business procedures.
Unsolicited commercial emails are illegal, so develop a policy to ensure you have permission to send messages to contacts.
Electronic transaction laws
Legally there is no difference between electronic financial transactions and cash transactions, and your online security must comply with national and state laws.
Procedures for using IT systems
You must have defined procedures about using and accessing IT data and systems, backing up data and data protection. Such procedures define how employees and contractors behave. For example, IT procedures could instruct staff to always delete spam without opening attachments, which can contain viruses.
IT risk management and business continuity planning
You need to identify risks to your IT data and systems and put in place measures, such as SSL certificates, firewalls, passwords and anti-virus software, to protect you and your customers. A risk management plan can help you identify and manage risks to IT data and systems.
Read more about preparing a risk management plan for your business.
A business continuity plan can minimise the damage, interruption and loss of business, and identify which critical business functions, equipment and data need to be restored first. This practical strategy:
- identifies and prevents risks where possible
- prepares for risks you can't control
- includes all the information vital for a quick recovery in case of an incident or crisis.
Learn how to develop a business continuity plan.