Scribd
Upload
11 views3 pages

SITXGLC002 Information Management Services Policy and Procedures Template

Blue Healer Restaurant Catering Services has established a comprehensive information management policy that emphasizes data privacy, security, and compliance with Australian laws. The policy outlines procedures for information classification, access control, confidentiality, and data security, while assigning specific roles and responsibilities within the organization. Additionally, it includes guidelines for managing inquiries, handling customer feedback, and maintaining supporting documents to ensure effective information governance.

Uploaded by

Jaspreet Sidhu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
11 views3 pages

SITXGLC002 Information Management Services Policy and Procedures Template

Blue Healer Restaurant Catering Services has established a comprehensive information management policy that emphasizes data privacy, security, and compliance with Australian laws. The policy outlines procedures for information classification, access control, confidentiality, and data security, while assigning specific roles and responsibilities within the organization. Additionally, it includes guidelines for managing inquiries, handling customer feedback, and maintaining supporting documents to ensure effective information governance.

Uploaded by

Jaspreet Sidhu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

DOCPROPERTY StreetAddress Level 11,

190 Queen St, Melbourne, 3000


DOCPROPERTY PhoneNumber Tel: 03

Blue Healer Information Management


Service Policy and Procedures
Policy
Broadly describe best practice approaches to these areas.
We at Blue Healer Restaurant Catering Services are dedicated to handling data in a safe, private, and effective way.
Our policy guarantees that all records—whether pertaining to clients, staff, vendors, or business operations—are
gathered, kept, accessed, and destroyed in compliance with legal requirements and industry best practices. Privacy
protection, company continuity, providing high-quality customer service, and compliance with regulations all depend
on effective information management. Our goal is to create an environment at work where managing all kinds of
information—digital or physical—is done with precision, openness, and confidentiality.
1. Information Classification:
- All information will be classified based on its sensitivity and importance to the organization.
Classification levels will include categories such as public, internal use, confidential, and restricted.
2. Access Control:
- Access to information will be restricted based on the principle of least privilege.
- User accounts and access permissions will be regularly reviewed and updated.
3. Confidentiality:
- Employees are obligated to maintain the confidentiality of sensitive information.
- Confidential information should not be disclosed to unauthorized parties without proper authorization.
4. Data Security:.
- Adequate security measures will be implemented to protect information from unauthorized access, alteration, or
destruction.
- This includes the use of firewalls, encryption, and secure access controls.

Compliance with legislation


We adhere closely to all applicable laws that control how information is handled in Australia, such as the
Australian Privacy Principles (APPs) and the Privacy Act 1988 (Cth). These regulations regulate the gathering,
use, storage, and disclosure of personal data. We also follow workplace relations rules, anti-discrimination laws,
and data retention laws that mandate the safe and proper handling of sensitive information. Employees receive
frequent training on their legal responsibilities as well as the proper procedures for protecting information security
and confidentiality.

Roles and responsibilities


Throughout the organization, particular roles are allocated to information management, which is a group
obligation. The operations manager is in charge of managing compliance, security procedures, and the use of
digital tools, among other facets of information governance. The administration and human resources team is in
charge of keeping track of employees, overseeing customer databases, and making sure that private data is

Document: SITXGLC002 Customer Services Policy and Procedures Template | Version: 1.1 | Page 1 of 3
DOCPROPERTY StreetAddress Level 11,
190 Queen St, Melbourne, 3000
DOCPROPERTY PhoneNumber Tel: 03
safely preserved and accessible only by authorized individuals. Supervisors are in charge of making sure that
frontline employees comprehend the value of data privacy and that records like rosters, reservations, and shift
reports are handled appropriately. When accessing or sharing information internally or externally, all employees
must adhere to corporate policies, report data breaches or suspicious activity, and preserve sensitive information.

Procedures
Managing Telephone Enquiries
Before revealing any specifics, staff members must verify the caller's identification when responding to phone inquiries
involving private or sensitive information. Verifying a booking number, client name, or other reference is one way to do
this. Employees must always communicate discreetly and refrain from sharing client information in public places. In
accordance with corporate policies, all notes made during calls must be documented or safely retained.

Managing Written Enquiries


Care must be used while responding to written inquiries, especially letters or forms containing private information. If
these papers are on paper, staff members must make sure they are kept in locked cabinets; if they are on electronic
media, they must be kept in password-protected folders. Only pertinent information should be included in the
response, and care should be made to verify the recipient's identity. Never divulge sensitive information without
permission.

Emails
Professional writing and secrecy are essential when sending emails containing client or employee information. To
prevent transmitting personal information to the incorrect individual, staff members should verify the recipient's email
address twice. If required, attachments ought to be password-protected or encrypted. When sending out invoices,
confirmations, or responses containing sensitive information, utilize templates that have been approved by the
company.

Dealing with difficult customers


Employees must maintain composure and professionalism while safeguarding data privacy when challenging or upset
clients ask for information. Confidential information shouldn't be shared until identification has been adequately
confirmed. A staff worker should bring up the matter with a supervisor if a customer becomes combative or insists on
anything. For accountability and monitoring purposes, all interactions should be documented in accordance with
corporate protocols.

Complaints and Feedback


Any customer feedback or concerns pertaining to the management of personal data must be looked into carefully and
discreetly. The company's feedback register should be used to record these complaints, and the answers should
specify the actions that will be taken to resolve the matter. If there is a data breach, it needs to be reported to
management and handled in accordance with the organization's data breach response strategy, which can involve
informing the authorities and impacted parties.
Document: SITXGLC002 Customer Services Policy and Procedures Template | Version: 1.1 | Page 2 of 3
DOCPROPERTY StreetAddress Level 11,
190 Queen St, Melbourne, 3000
DOCPROPERTY PhoneNumber Tel: 03

Supporting documents and templates


To ensure consistent and secure information management, Blue Healer uses a range of standardised tools and
templates. These include a Privacy Policy Statement, Confidentiality Agreement, Customer Data Handling Guidelines,
Data Breach Incident Report Form, Staff Access Log, Employee Record Checklist, and Information Disposal Log.
These documents support regulatory compliance, staff training, and quality control in all areas of information
management.

Document: SITXGLC002 Customer Services Policy and Procedures Template | Version: 1.1 | Page 3 of 3

You might also like