Policies and Procedures

A policy is a deliberate system of principles to guide decisions and

achieve rational outcomes. A policy is a statement of intent, and is
implemented as a procedure or protocol. Policies are generally
adopted by a governance body within an organization. Policies can
assist in both subjective and objective decision making. Policies to
assist in subjective decision making usually assist senior
management with decisions that must be based on the relative
merits of a number of factors, and as a result are often hard to test
objectively, e.g. work-life balance policy. In contrast policies to
assist in objective decision making are usually operational in
nature and can be objectively tested, e.g. password policy.
Procedure :- A fixed, step-by-step sequence of activities or course
of action (with definite start and end points) that must be followed
in the same order to correctly perform a task. Repetitive
procedures are called routines. See also method.
Privacy PolicyDevise a clear, concise statement of your privacy policy. This practice,
as well as the following one, may be subject to legal requirements and you need to
ensure that you are in compliance. Even if there are no legal considerations to keep in
mind, however, you will still need to adequately address consumer concerns about
providing personal information. To do that, your privacy policy should answer the
following questions:
What customer information is collected.
With whom the information is shared.
How customers can opt out.
Make your privacy statement easily available to visitors to your website through
links on your website. Your customers should be able to quickly locate your privacy
statement. Consider placing a link to your policy into your website’s header or footer
which, in most cases, will make it accessible from every page of your website.
Register with a privacy organization and post a “seal of approval” on your
website. Many new visitors to your website will want to check your customer service
record and typically that involves searching for customer reviews online and checking
out your profile with the Better Business Bureau. You should facilitate the due diligence
process by providing a “seal of approval” from a major privacy program and assure
consumers that you are serious about protecting their personal information and are
taking the necessary measures to do so. In addition to the Better Business Bureau’s
BBBOnLine Privacy, you can look at programs such as TRUSTe.
Information SecurityDetail your website’s information
security practices and controls in a separate page of
your website and make it available to everyone. In
particular:
Explain how card information is protected:
 During transmission
 While on your server, and
 At your physical site
Place a link to your information security page in the header or
footer of your website.
Provide visitors to your website with information on
how they can protect themselves when shopping
online. For example you can create a list of “7 tips for a
safe online shopping” (which you can also use in your
information security disclosure) that includes the following
suggestions:
  Secure your PC by keeping your operating system and browsers updated and use a good and up-to-date
security program.
 Do not click on links in promotional emails, but enter the URLs manually instead.
 Get to know the merchant before you make a purchase. Look for customer reviews and seller ratings on
websites such as Eopinions.com.
 Pay by credit card to get the additional protection against fraud that most credit cards provide. Federal
law limits cardholder liability for misuse of a credit card to $50 but many credit card companies will
waive that limit.
 Make sure you know what the actual price of your purchase is, including cost of the item, shipping,
handling, and sales tax.
 Read the privacy policy to understand what information the merchant is gathering, how it is using it, and
whether you can opt out of it.
 Understand the return and refund policies. These policies can vary significantly from merchant to
merchant. Some stores have adopted a “no questions asked” approach, while others make it more
difficult for consumers to return products.
 If you are using Verified by Visa or MasterCard SecureCode, you should
display their logos on your home page, security information pages, order and 
checkout pages.
 Do not use email for transactions and advise customers against using it. Email is
in most cases an unsecured way of transmitting information. You should strongly
recommend to your customers that they do not send any sensitive information to you
via email. You can communicate these warnings in both automated email responses
to customer inquiries and regular email exchanges.