Company Policy: What To Include And How To Implement It

Clear company policies are one of the easiest ways to set standards, reduce risk and keep everyone on the same page. They make expectations visible, help managers act consistently and, importantly, show regulators you’re serious about compliance.

If you’re growing a team or tightening operations, this practical guide will walk you through the company policies most Australian small businesses need, how to draft and implement them, and the key laws your policies should align with.

What Is A Company Policy (And Why Does It Matter)?

A company policy is a written rule or guideline that explains how your business expects people to act in certain situations. Think of it as the “house rules” that help you manage risk, deliver a consistent customer experience and treat staff fairly.

Good policies are short, clear and practical. They tell people what to do, who’s responsible, and what happens if things go off track. They also support legal compliance across areas like Fair Work, work health and safety and privacy.

For many small businesses, policies live together in a single handbook so staff can find them quickly. If you’re starting from scratch, a structured Workplace Policy approach or a bundled Staff Handbook is a simple way to centralise your rules.

Which Company Policies Do Small Businesses Need?

Every business is different, but most Australian employers benefit from a core suite of policies that cover behaviour, safety, privacy and day‑to‑day operations. Start with the essentials below, then add specific policies based on your industry, risks and technology.

Foundational People & Culture Policies

• Code Of Conduct: Sets standards for professional behaviour, integrity, respect and conflicts of interest.
• Equal Employment & Anti‑Discrimination: Prohibits discrimination, harassment and victimisation, with examples of unacceptable conduct.
• Bullying, Harassment & Sexual Harassment: Defines bullying and sexual harassment, outlines reporting and investigation steps and states consequences.
• Grievance & Complaints: Explains how employees can raise issues and how they’ll be handled confidentially and fairly.
• Performance & Discipline: Covers feedback, performance improvement processes, warnings and termination pathways aligned to Fair Work requirements.

Work Health & Safety (WHS)

• WHS Policy: Confirms your duty to provide a safe workplace, hazard reporting and consultation processes.
• Incident Reporting: Step‑by‑step process to report incidents, near misses and notifiable events.
• Fatigue, Drugs & Alcohol: Standards for fitness for work and testing (if applicable), aligned with safety obligations.

Employment Conditions & Leave

• Hours, Breaks & Overtime: Clarifies rosters, breaks and overtime or time‑in‑lieu in line with awards and the National Employment Standards (NES).
• Leave: Explains annual, personal/carer’s, parental and other leave entitlements and notice requirements.
• Flexible Work & Remote Work: Sets expectations for flexibility, home office safety and availability.
• Expenses & Travel: Approval rules, what’s claimable, documentation and reimbursement timeframes.

Privacy, Data & Technology

• Privacy Policy: Tells customers and staff how you collect, use and secure personal information, which is critical under the Privacy Act. If you’re collecting personal data, ensure you publish a compliant Privacy Policy on your website.
• Information Security: Sets out password hygiene, access controls, incident response and vendor/third‑party security expectations. Many businesses formalise this as an Information Security Policy.
• Acceptable Use & IT: Defines how staff may use devices, networks, cloud tools and AI-powered systems. An Acceptable Use Policy helps you prevent misuse and data loss.
• Social Media & Communications: Outlines brand guidelines, personal vs work accounts and escalation/response rules.
• Email & Messaging: Clarifies tone, record‑keeping and confidentiality; an Email Disclaimer can support your position with external recipients.
• Mobile Phone Use: Safety and productivity expectations for calls, messaging and apps during work, including driving. If this is a pain point for your team, see our guide on a Mobile Phone Policy.

Governance & Integrity

• Whistleblower: Encourages reporting of serious misconduct and explains protections and investigation processes. Some businesses implement a formal Whistleblower Policy.
• Gifts & Benefits: Sets thresholds, approval steps and register requirements to manage conflicts of interest.
• Confidentiality & IP: Reinforces obligations to protect confidential information and company intellectual property.

Role‑Specific Or Industry Policies

Depending on your sector, you may need policies for food safety, safeguarding, licencing, client confidentiality, clinical governance or regulated advertising. If you operate in a high‑risk environment, build procedures for permits, inspections and training into your policy suite.

How To Create A Company Policy: Step‑By‑Step

You don’t need to write everything at once. Start with your top risks and add depth over time. Here’s a straightforward process you can follow.

1) Identify Your Risks And Priorities

• List your biggest operational and legal risks (e.g. safety incidents, data breaches, bullying complaints, brand damage).
• Map the policies that will control those risks and group them into a sensible handbook structure.
• Decide “must‑have now” vs “nice‑to‑have next” so you can move quickly without cutting corners.

2) Align With Your Legal Framework

Before drafting, check which laws apply to your business (we cover this more below). Your policies should reflect the National Employment Standards, any applicable award or enterprise agreement, WHS duties and privacy obligations.

3) Draft In Plain English

• Use short sentences, active voice and clear headings. Avoid legal jargon where possible.
• Be practical: explain how to report, who approves, and what happens next.
• Include definitions only where needed (e.g. what counts as “bullying” or “confidential information”).

4) Make Policies Work With Your Contracts

Your policies and contracts should reinforce each other. For example, link your Employment Contract to your handbook by clause, and make sure the contract lets you update policies from time to time with notice. This keeps you agile as laws or business practices change.

5) Consult, Train And Collect Acknowledgements

• Consult affected staff on substantial workplace changes where required, and seek leadership input on tone and practicality.
• Provide training for high‑risk policies (e.g. WHS, sexual harassment, privacy/data handling).
• Record acknowledgement (e.g. e‑signature or LMS tick‑box) so you can show who received, read and understood the policy.

6) Review And Update On A Schedule

• Set a review cadence (e.g. every 12 months or when laws change) and assign an owner for each policy.
• Track incidents and feedback to improve clarity and close process gaps.
• Version‑control your documents and keep old copies archived.

What Laws Should Your Policies Align With In Australia?

Policies don’t exist in a vacuum. They’re there to help you comply with the law and manage risk in a practical way. Here are the key legal touchpoints most small businesses should build into their policy suite.

Fair Work Act, NES And Modern Awards

Your employment policies should reflect the National Employment Standards and any applicable modern award or enterprise agreement. This includes rules for hours of work, breaks, overtime, leave, consultation and termination processes. If an award applies, make sure your policy wording doesn’t undercut minimum entitlements.

Work Health And Safety (WHS)

All employers have a primary duty to provide a safe workplace. Your WHS policies should address hazard management, consultation, training, incident reporting and emergency response. If your team works offsite or from home, include guidance for remote work risk assessments and communication.

Discrimination, Harassment And Sexual Harassment

Australian law prohibits discrimination and harassment in the workplace. Policies should define unacceptable conduct, provide multiple reporting channels and outline fair investigation procedures. Reinforce confidentiality and anti‑victimisation protections for people who raise concerns.

Privacy And Data Protection

If you collect personal information from staff or customers, your business will need robust privacy and IT policies. A compliant Privacy Policy tells people what you collect and why; internal procedures and an Information Security Policy guide your team on how to protect it. Acceptable use and access control rules help prevent accidental leaks and unauthorised sharing.

Consumer Law (If You Sell Goods Or Services)

Your marketing, refunds and complaint handling should align with the Australian Consumer Law (ACL). A clear customer‑facing policy for refunds and guarantees can reduce disputes and support your frontline team when issues arise.

Record‑Keeping And Governance

Policies that require you to keep appropriate records (e.g. training logs, complaint files, risk assessments) help demonstrate due diligence if a regulator comes knocking. That paper trail matters.

Rolling Out Policies: Training, Acknowledgement And Enforcement

Great policies only help if people know about them and use them. A simple rollout plan will save you headaches later and build a strong culture from day one.

Make Policies Easy To Find

Host policies in a single source of truth (intranet, HRIS or shared drive) with intuitive folders and search. Keep one “master” copy to avoid confusion and version drift.

Train For The Risks That Matter Most

Prioritise training in areas where a mistake could cause real harm-safety, harassment, privacy and cybersecurity. Make it practical with real‑world examples and refreshers at least annually.

Capture Acknowledgements

Ask staff to acknowledge policies when they join and whenever you update them. Include policy acceptance in your onboarding checklist so nothing slips through the cracks.

Enforce Consistently And Fairly

Apply policies consistently across the team, document decisions and follow your investigation and disciplinary process. Consistency builds trust and reduces legal risk.

Keep Contracts, Policies And Procedures In Sync

When your business evolves-new products, tools, safety hazards or customer channels-update both your procedures and your policy suite. If you centralise rules in a Staff Handbook, it’s much easier to roll out changes with clear versioning and team notifications.

Practical Tips To Make Policies Stick

• Write for your audience. If your team works on site, keep policies short and practical with checklists or flowcharts.
• Link policies to your values. People are more likely to follow rules they understand and believe in.
• Use plain headings and examples. Show what “good” looks like as well as what to avoid.
• Embed policies into processes. For example, integrate your privacy procedures into onboarding, CRM setup and vendor selection.
• Review near misses and complaints. Update policies where patterns emerge and close gaps with targeted training.
• Give managers tools. Provide template scripts, investigation checklists and escalation pathways so they can act confidently.

What Should Live Outside Your Policies?

Policies set the “what” and “why.” Detailed, step‑by‑step instructions (the “how”) often work better as procedures or playbooks that you can iterate quickly without formal policy changes. For example, a cyber incident playbook can evolve as your stack changes while the core IT security policy remains stable.

How Policies Fit With The Rest Of Your Legal Foundation

Policies are most effective when they sit alongside the right contracts and governance documents. Pair your handbook with strong employment agreements, clear customer terms and appropriate data and IP protections. If you’re formalising your legal foundation, consider starting with an overall workplace policy framework, your core Employment Contract, a public‑facing Privacy Policy and internal IT controls like an Acceptable Use Policy. You can then add role‑specific and risk‑specific policies over time.

Key Takeaways

• Company policies translate your legal duties and business values into practical rules your team can follow every day.
• Start with a core set-conduct, WHS, leave, privacy, IT, social media and grievance-then add industry‑specific policies as your risks evolve.
• Draft in plain English, align with the Fair Work framework, WHS duties and privacy rules, and keep policies consistent with your contracts.
• Train for high‑risk areas, capture acknowledgements and enforce policies fairly to build trust and reduce disputes.
• Review at least annually and when laws or operations change, using version control and a clear owner for each policy.
• A centralised handbook and complementary documents like an Information Security Policy and Email Disclaimer create a strong, scalable foundation.

If you’d like a consultation on creating or updating your company policy suite, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no‑obligations chat.