{"title":"INFORMATION AND TECHNOLOGY","description":"\u003cp class=\"MsoNormal\" style=\"margin-bottom: 10.0pt;\"\u003eTechnology enables modern service delivery but brings risks that must be managed. This collection provides the IT and cyber security policy templates community organisations need to protect their data, systems and reputation.\u003c\/p\u003e\n\u003cp class=\"MsoNormal\" style=\"margin-bottom: 10.0pt;\"\u003eThese templates address HSQF indicators 1.3 (Resource Management) and 1.4 (Records Management) as they relate to digital systems and information security. Documents reference the Privacy Act 1988, Criminal Code Act 1995, Copyright Act 1968, Telecommunications (Interception and Access) Act 1979 and Australian Cyber Security Centre guidelines.\u003c\/p\u003e\n\u003cp class=\"MsoNormal\" style=\"margin-bottom: 10.0pt;\"\u003eThe collection covers information technology acceptable use, email and internet use standards, social media guidelines for staff and organisational accounts, mobile device management, data backup and recovery procedures, software licensing compliance, and bring your own device policies.\u003c\/p\u003e\n\u003cp class=\"MsoNormal\" style=\"margin-bottom: 10.0pt;\"\u003eThese templates are essential for any community organisation using computers, email, cloud services or social media. With increasing cyber threats targeting the not for profit sector, having clear policies and procedures protects your organisation, your staff and the sensitive client information you hold.\u003c\/p\u003e\n\u003cp class=\"MsoNormal\" style=\"margin-bottom: 10.0pt;\"\u003eThe social media policy is particularly important for organisations where staff may have contact with clients online, ensuring appropriate professional boundaries are maintained across digital channels.\u003c\/p\u003e\n\u003cp class=\"MsoNormal\" style=\"margin-bottom: 10.0pt;\"\u003eSuitable for organisations of all sizes, from small community groups through to large service providers with complex IT environments. Each policy can be scaled to match your technology footprint and risk profile.\u003c\/p\u003e\n\u003cp class=\"MsoNormal\" style=\"margin-bottom: 10.0pt;\"\u003eAll templates include staff acknowledgment forms and are provided in editable Word format with 12 months of updates as the digital landscape evolves.\u003c\/p\u003e","products":[{"product_id":"interpretor","title":"INTERPRETER \u0026 TRANSLATION SERVICES","description":"\u003cp\u003eLanguage must never be a barrier to accessing services. For community sector organisations serving culturally and linguistically diverse communities, providing appropriate interpreter and translation services is both a legal obligation and a fundamental standard of quality care.\u003c\/p\u003e\n\u003cp\u003eThis policy template and implementation guide gives your organisation everything it needs to meet its obligations under the Racial Discrimination Act 1975 (Cth) and the Disability Discrimination Act 1992 (Cth), and to satisfy Human Services Quality Framework Standards 2.2 and 2.4.\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eWhat is included:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003eThe policy template is ready to customise to your organisation in one to two hours. The accompanying implementation guide walks your Service Manager or compliance lead through every practical step required to embed the policy into daily operations, from registering with a provider and updating intake forms, to training staff and budgeting for services.\u003c\/p\u003e\n\u003cp\u003e\u003cem\u003e*This is a template for guidance only and requires customisation to your specific organisational context, structure and compliance obligations. The template does not constitute legal or professional advice.\u003c\/em\u003e\u003c\/p\u003e","brand":"neat.","offers":[{"title":"Default Title","offer_id":47010158313666,"sku":null,"price":149.0,"currency_code":"AUD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0707\/8173\/1010\/files\/Translator_and_Interpretor_Service_Policy_Tile_6b06da61-d0b4-411e-8afb-24818e4f1a7c.jpg?v=1772587432"},{"product_id":"data-breach-response","title":"DATA BREACH RESPONSE","description":"\u003cp class=\"font-claude-response-body break-words whitespace-normal leading-[1.7]\"\u003eA data breach can happen to any organisation — a misdirected email, a lost device, a ransomware attack or an employee accessing records without authorisation. \u003c\/p\u003e\n\u003cp\u003eFor community services organisations, the stakes are particularly high. The people whose information you hold are often among the most vulnerable in the community. A breach involving their health information, safety disclosures or financial details can cause serious, lasting harm.\u003c\/p\u003e\n\u003cp\u003eThe regulatory environment has never been more demanding. The Privacy and Other Legislation Amendment Act 2024 (Cth), which took effect on 11 December 2024, significantly strengthened privacy obligations and OAIC enforcement powers.\u003c\/p\u003e\n\u003cp\u003e Organisations that cannot demonstrate adequate technical and organisational measures to protect personal information now face tiered civil penalties, compliance notices and the risk of individual damages claims.\u003c\/p\u003e\n\u003cp\u003eThis bundle gives you a legally current, HSQF-aligned framework to implement before you need it.\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eWhat Is Included\u003c\/strong\u003e\u003c\/p\u003e\n\u003cul\u003e\n\u003cli\u003eData Breach Response Policy Template covering the four-step response framework (contain, assess, notify, review), when notification to the OAIC and affected individuals is required under the Notifiable Data Breaches scheme, responsibilities across governance, management and worker levels, breach register requirements, the 30-day notification deadline and its correct application, related legislation including the Privacy Act 1988 (Cth) as amended, and a clarifying note on the scope of the Information Privacy Act 2009 (Qld) as it applies to community sector organisations\u003c\/li\u003e\n\u003cli\u003eData Breach Response Policy Implementation Guide covering how to determine whether the Privacy Act applies to your organisation, step by step customisation instructions, conditional sections for NDIS providers, health service providers and Queensland Government contracted organisations, organisation size adaptations, implementation timeline, common questions including a plain English explanation of eligible data breaches and serious harm, and practical tips including guidance on tabletop testing\u003c\/li\u003e\n\u003cli\u003e12 months of updates included from the date of purchase\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp\u003e\u003cstrong\u003eKey Features\u003c\/strong\u003e\u003c\/p\u003e\n\u003cul\u003e\n\u003cli\u003eReflects the Privacy and Other Legislation Amendment Act 2024 (Cth) in force from 11 December 2024, including strengthened APP 11 obligations requiring both technical and organisational measures, enhanced OAIC enforcement powers and the introduction of a statutory tort for serious invasions of privacy\u003c\/li\u003e\n\u003cli\u003eFour-step breach response framework: contain, assess, notify, review — structured to meet the 30-day assessment and notification deadline under the Notifiable Data Breaches scheme\u003c\/li\u003e\n\u003cli\u003eCorrectly scopes the Information Privacy Act 2009 (Qld), clarifying that it applies to Queensland public sector agencies and not directly to community sector organisations, with a conditional section for organisations whose funding contracts impose Queensland Privacy Principles obligations by reference\u003c\/li\u003e\n\u003cli\u003eCovers the full range of breach types relevant to community services, including misdirected communications, lost or stolen devices, cyber-attacks, ransomware, phishing, and improper record disposal\u003c\/li\u003e\n\u003cli\u003eRisk assessment matrix distinguishing factors indicating higher and lower risk of serious harm to support the eligible data breach determination\u003c\/li\u003e\n\u003cli\u003eConditional sections for NDIS registered providers, health service providers and Australian Government contracted service providers\u003c\/li\u003e\n\u003cli\u003eResponsibilities table covering Board, CEO, Privacy Officer and all workers with clearly defined accountability at each level\u003c\/li\u003e\n\u003cli\u003eAligned to HSQF Standard 1.4 (Records management) and Standard 4.5 (Risk management) with a compliance mapping table\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp\u003e\u003cem\u003e*This is a template for guidance only and requires customisation to your specific organisational context, structure and compliance obligations. The template does not constitute legal or professional advice.\u003c\/em\u003e\u003c\/p\u003e","brand":"neat.","offers":[{"title":"Default Title","offer_id":47010162639042,"sku":null,"price":149.0,"currency_code":"AUD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0707\/8173\/1010\/files\/Data_Breach_Response_Policy_Tile_b8f6a08e-664d-43fa-9adb-a7170dc6d0aa.jpg?v=1772587939"}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0707\/8173\/1010\/collections\/neat_Information_and_Technology.jpg?v=1764302611","url":"https:\/\/www.neatco.com.au\/collections\/information-and-technology.oembed","provider":"neat. ","version":"1.0","type":"link"}