Small Business Policies And Procedures: Essential Compliance Guide

Running a small business in Australia is exciting - you get to build something meaningful, serve customers, and shape your future. But long-term success also relies on structure and compliance. That’s where small business policies and procedures come in.

If you’re starting out or tightening your operations, you might be asking: Do I really need formal policies? What’s legally required, and what’s simply best practice? In this guide, we walk through what policies and procedures are, which ones matter most for small businesses in Australia, what the law actually requires, and how to build a practical, lightweight framework that grows with you.

Whether you’re a solo founder or growing a team, getting your policies right helps you manage risk, set clear expectations, and operate with confidence.

Why Do Policies And Procedures Matter (And What’s Legally Required)?

Policies and procedures are the rules and step-by-step processes for how you run your business. Policies set the “what and why” (your position or rules), and procedures set the “how” (the steps people follow). Together, they help you work consistently, train faster, and reduce avoidable mistakes.

They also support legal compliance - but it’s important to be clear about what’s mandatory and what’s recommended. Here’s the practical breakdown for Australian small businesses:

• Work Health and Safety (WHS): If you conduct a business or undertaking, you must provide a safe workplace and manage risks so far as reasonably practicable. While the law doesn’t always require a fully documented WHS manual for every small business, you do need effective systems to identify hazards, consult workers, and respond to incidents. In higher-risk industries, written procedures or Safe Work Method Statements may be expected.
• Employment law: You must comply with the Fair Work system (e.g. National Employment Standards, awards where applicable) and anti-discrimination laws. A written Employment Contract for each employee is strongly recommended and often essential in practice to set clear terms. Policies on conduct, leave and performance are not always legally mandated, but they help you comply and reduce disputes.
• Privacy law: The Privacy Act 1988 (Cth) and the Australian Privacy Principles generally apply to businesses with annual turnover of more than $3 million. Many small businesses are exempt - unless an exception applies (for example, you provide health services, trade in personal information, handle tax file numbers, or are a contractor to the Commonwealth). Even if exempt, having a clear, tailored Privacy Policy is still a smart way to build trust, manage risk, and prepare for growth.
• Australian Consumer Law (ACL): If you sell goods or services, the ACL applies - regardless of your size. This covers things like fair advertising, consumer guarantees, refunds, and misrepresentations. Clear customer-facing terms and internal processes help you meet these obligations.

In short: some policies are legally required in certain contexts, while many are best practice that make compliance easier. The key is to match the depth of your policies to your risks, industry, and size - and keep them practical so your team actually uses them.

What Policies Are Most Useful For Small Businesses In Australia?

You don’t need a binder of documents to be compliant. Start with essentials that reflect how your business really works. Build from there as you grow or as your risks change.

1) Workplace Health And Safety (WHS)

At a minimum, outline how you identify hazards, manage risks, report incidents, and consult with workers. If you operate in higher-risk environments, add specific procedures (e.g. equipment handling, contractor management, fatigue, or manual handling). Keep it simple and action-focused so people can follow it day to day.

2) Employment And HR

• Employment contracts: Set role, pay, hours, IP ownership, confidentiality, and termination terms in writing. A robust Employment Contract is the backbone of your HR setup.
• Code of conduct and respectful workplace: Not always mandatory, but setting expected behaviours (including anti-bullying and anti-discrimination) and a simple complaints process promotes a safe, fair workplace. Good policies and training can also reduce the risk of vicarious liability.
• Leave and attendance: Explain entitlements, evidence requirements, and how to request or approve leave in line with the Fair Work framework.
• Performance and grievances: Outline a fair process for feedback, performance improvement, and resolving issues. This helps ensure consistency and defensibility if disputes arise.

3) Privacy And Data Protection

Even if you fall under the small business exemption, it’s sensible to explain how you collect, use, store, and secure personal information (including customer and employee data). State how people can contact you about privacy concerns, and how you handle data incidents. For incident readiness, consider a Data Breach Response Plan so your team knows how to respond quickly and lawfully if something goes wrong.

4) Customer Experience And ACL Compliance

Set clear procedures for enquiries, complaints, refunds and warranties so your team applies the Australian Consumer Law consistently. Pair those internal processes with suitable customer-facing terms or a Customer Contract so expectations are clear from the start.

5) IT, Systems And Social Media

• Systems and security: An Acceptable Use Policy helps prevent misuse, security incidents, and reputational damage. Spell out password standards, device use, and access controls in plain English.
• Website and marketing: If you operate online, set Website Terms and Conditions and ensure your marketing follows Australia’s email marketing laws and the ACL’s rules on truthful, not misleading, promotions.

6) Governance And Decision-Making

Even micro businesses benefit from simple governance rules - who can approve spending, how conflicts of interest are handled, and where records are kept. If you’re a company, keep your constitution, share registers and board/minute practices in order, and update them as the business evolves.

How Do I Build Policies And Procedures That Fit My Business?

The best policies are short, practical, and tailored - and they live where your team can easily find and use them.

1) Map Your Legal Obligations And Risks

List the laws that apply to your operations (employment, WHS, ACL, privacy) and consider your industry-specific rules. Then identify your top risks (e.g. safety, data handling, refunds, reputational issues). Prioritise policies that address the highest risks first.

2) Start With The Essentials

Most small teams can start with four to six core documents: WHS basics, code of conduct, leave and performance procedures, a Privacy Policy (or privacy statement if exempt), and customer-facing terms. Add more only as needed to avoid “policy overload.”

3) Keep It Short And Actionable

Write in plain English. Use bullets and checklists. For procedures, focus on who does what, when and how. If a policy is hard to read, it won’t be followed.

4) Train And Communicate

Policies only work if people understand them. Onboard new hires with your key documents, refresh training periodically, and make it easy to ask questions. A centralised handbook or hub (digital is fine) makes access simple. Many businesses roll their core policies into a single, accessible staff handbook; Sprintlaw can help bundle this as a Staff Handbook if you prefer a consolidated approach.

5) Test And Iterate

Use your policies in real situations and refine them. After an incident, complaint or growth milestone, review and update. Aim for continuous improvement rather than a “set and forget” approach.

6) Get Tailored Legal Input Where It Counts

Templates can be a useful starting point, but gaps and outdated clauses can create risk. Consider legal input for higher-stakes areas (employment terms, ACL compliance, privacy and security, or when you start hiring). If you’re formalising your approach, a tailored Workplace Policy suite can save time and reduce exposure.

Which Legal Documents Support Your Policies?

Policies and procedures outline how you operate. Legal documents put the rules into binding form between you and others (employees, customers, suppliers). Most small businesses will benefit from the following:

• Employment Contract: Sets role, pay, hours, IP ownership, confidentiality, and termination terms with each employee. Start with a clear Employment Contract for every hire.
• Privacy Policy: Explains how you collect and handle personal information. Even if exempt from the Privacy Act, a practical, accurate Privacy Policy builds trust and prepares you for growth.
• Customer Contract or Terms: For service providers or product sellers, a written Customer Contract helps manage ACL obligations, payment terms, scope, and liability.
• Website Terms and Conditions: If you operate online, Website Terms and Conditions set the ground rules for users and help manage risk (IP, acceptable use, disclaimers).
• Non-Disclosure Agreement (NDA): Use an NDA when sharing sensitive information with partners, contractors, or potential investors.
• Data Breach Response Plan: A practical Data Breach Response Plan puts your team on the same page if you experience a security incident.

Depending on your setup, you might also need supplier agreements, independent contractor agreements, a simple procurement policy, or specialised terms for regulated industries. Not every business needs every document - select the ones that match your model and risk profile.

Staying Compliant As You Grow

Compliance isn’t a once-off task - it evolves with your business. A few simple habits will keep you on track.

• Review annually: Put a recurring reminder to review your policies each year, or sooner after major changes (new locations, new systems, new products).
• Monitor legal updates: Keep an eye on changes to Fair Work, WHS and consumer laws. If your marketing changes, revisit your approach to the ACL’s rules on misleading or deceptive conduct. For reference, Sprintlaw has a plain-English overview of Section 18 of the ACL.
• Capture training and incidents: Keep records of training, complaints, and incidents. This helps you improve and show your compliance efforts if ever challenged.
• Align your front-of-house and back-of-house: Make sure what your website, sales team and marketing promise matches your internal procedures. Misalignment is a common source of consumer complaints.
• Plan for scale: As you grow, expect to formalise more - for example, adding role-specific procedures, approvals matrices, or adding a lightweight governance calendar.

Key Takeaways

• Policies and procedures help your small business run consistently, train faster and manage risk - while supporting your legal obligations.
• What’s mandatory depends on your size, industry and activities: WHS systems, Fair Work compliance and the Australian Consumer Law apply broadly; the Privacy Act’s small business exemption may apply unless an exception is triggered.
• Start with essentials that fit your risks: WHS basics, code of conduct, leave and performance processes, privacy, and clear customer-facing terms.
• Keep policies short and practical, train your team, and review annually or when things change.
• Support your policies with the right contracts - an Employment Contract, Privacy Policy, customer terms, Website Terms and Conditions and an NDA are common building blocks.
• A tailored, lightweight framework beats generic templates - focus on clarity and what your team will actually use day to day.

If you’d like a consultation on setting up or reviewing your small business policies and procedures, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.