A policy is a deliberate system of principles to guide decisions and
achieve rational outcomes. A policy is a statement of intent, and is implemented as a procedure or protocol. Policies are generally adopted by a governance body within an organization. Policies can assist in both subjective and objective decision making. Policies to assist in subjective decision making usually assist senior management with decisions that must be based on the relative merits of a number of factors, and as a result are often hard to test objectively, e.g. work-life balance policy. In contrast policies to assist in objective decision making are usually operational in nature and can be objectively tested, e.g. password policy. Procedure :- A fixed, step-by-step sequence of activities or course of action (with definite start and end points) that must be followed in the same order to correctly perform a task. Repetitive procedures are called routines. See also method. Privacy PolicyDevise a clear, concise statement of your privacy policy. This practice, as well as the following one, may be subject to legal requirements and you need to ensure that you are in compliance. Even if there are no legal considerations to keep in mind, however, you will still need to adequately address consumer concerns about providing personal information. To do that, your privacy policy should answer the following questions: What customer information is collected. With whom the information is shared. How customers can opt out. Make your privacy statement easily available to visitors to your website through links on your website. Your customers should be able to quickly locate your privacy statement. Consider placing a link to your policy into your website’s header or footer which, in most cases, will make it accessible from every page of your website. Register with a privacy organization and post a “seal of approval” on your website. Many new visitors to your website will want to check your customer service record and typically that involves searching for customer reviews online and checking out your profile with the Better Business Bureau. You should facilitate the due diligence process by providing a “seal of approval” from a major privacy program and assure consumers that you are serious about protecting their personal information and are taking the necessary measures to do so. In addition to the Better Business Bureau’s BBBOnLine Privacy, you can look at programs such as TRUSTe. Information SecurityDetail your website’s information security practices and controls in a separate page of your website and make it available to everyone. In particular: Explain how card information is protected: During transmission While on your server, and At your physical site Place a link to your information security page in the header or footer of your website. Provide visitors to your website with information on how they can protect themselves when shopping online. For example you can create a list of “7 tips for a safe online shopping” (which you can also use in your information security disclosure) that includes the following suggestions: Secure your PC by keeping your operating system and browsers updated and use a good and up-to-date security program. Do not click on links in promotional emails, but enter the URLs manually instead. Get to know the merchant before you make a purchase. Look for customer reviews and seller ratings on websites such as Eopinions.com. Pay by credit card to get the additional protection against fraud that most credit cards provide. Federal law limits cardholder liability for misuse of a credit card to $50 but many credit card companies will waive that limit. Make sure you know what the actual price of your purchase is, including cost of the item, shipping, handling, and sales tax. Read the privacy policy to understand what information the merchant is gathering, how it is using it, and whether you can opt out of it. Understand the return and refund policies. These policies can vary significantly from merchant to merchant. Some stores have adopted a “no questions asked” approach, while others make it more difficult for consumers to return products. If you are using Verified by Visa or MasterCard SecureCode, you should display their logos on your home page, security information pages, order and checkout pages. Do not use email for transactions and advise customers against using it. Email is in most cases an unsecured way of transmitting information. You should strongly recommend to your customers that they do not send any sensitive information to you via email. You can communicate these warnings in both automated email responses to customer inquiries and regular email exchanges.