top of page

Fill Forms from here

Download Documentations

Privacy & Confidentiality Policy

5 February 2025

Disciplinary and Grievance Management Policy

5 February 2025

Cancellation of Support (by Client) Policy

5 February 2025

Respecting Participant Culture, Diversity, Values, and Beliefs Policy

5 February 2025

Pandemic Management Policy/Covid-19

5 February 2025

Prevention of Bullying, Harassment and Discrimination Policy

5 February 2025

Medication Management Policy

5 February 2025

Staff Equal Opportunity and Diversity Policy

5 February 2025

Service Agreement Management Policy

5 February 2025

Record Management Policy

5 February 2025

Duty of Care and Dignity of Risk Policy

5 February 2025

LCS Intake Policy

5 February 2025

Policies & Procedures

Information and  Communication Technology (ICT) Policies

1. Purpose This policy ensures the secure, ethical, and effective use of Information and Communication Technology (ICT) resources at Launnie Care Services (LCS). It aligns with General Data Protection Regulation (GDPR) principles, NDIS quality and safeguarding standards, and includes a robust incident management framework to safeguard data and ensure service continuity. 2. Scope This policy applies to all employees, contractors, and stakeholders who access, manage, or utilize ICT resources, including: Computers, servers, and mobile devices. Data storage and communication platforms. Applications and software used for NDIS services or client management. 3. GDPR Compliance 3.1 Data Collection Only necessary personal data will be collected from clients and staff. Consent must be obtained before processing personal data. 3.2 Data Processing Personal data must be processed lawfully, fairly, and transparently. Data processing for NDIS clients will comply with their individualized care plans. 3.3 Data Storage Personal data must be stored securely using encryption and access controls. Data retention will be minimized, with regular reviews to delete unnecessary information. 3.4 Data Subject Rights Clients and employees have the right to: Access their personal data. Request corrections or deletion of inaccurate data. Object to data processing where applicable. 3.5 Third-Party Data Sharing Personal data will only be shared with approved third parties, such as NDIS providers, and only with explicit consent. Data-sharing agreements will ensure compliance with GDPR standards. 4. NDIS Standards Compliance 4.1 Client Data Protection All ICT systems must ensure confidentiality, integrity, and availability of client data. Systems used for client documentation must meet NDIS data security standards. 4.2 Accessibility Digital resources will comply with accessibility standards for individuals with disabilities, including WCAG compliance for web-based platforms. 4.3 Incident Reporting for NDIS Services Any ICT issues affecting NDIS service delivery (e.g., data breaches or system failures) must be reported immediately to management and logged in the incident register. 5. Incident Management 5.1 Incident Identification and Reporting All security incidents, such as phishing attacks, unauthorized access, or data breaches, must be reported to the ICT team immediately. Staff will be trained to identify potential threats and follow the incident response protocol. 5.2 Response Procedure Upon identifying an incident, the ICT team will classify it (e.g., critical, high, medium, low). Immediate steps include isolating affected systems, mitigating damage, and restoring functionality. 5.3 Communication During Incidents Clients affected by a security incident will be informed promptly, outlining the impact and steps taken to address the issue. Regulatory bodies, such as the Office of the Australian Information Commissioner (OAIC), will be notified if required. 5.4 Post-Incident Review A full review will be conducted to identify root causes and improve security measures. Lessons learned will be documented and shared with staff to prevent recurrence. 6. Device Security All devices accessing client or organizational data must have up-to-date antivirus software. Multi-factor authentication (MFA) is mandatory for accessing critical systems. Personal devices used for work (BYOD) must comply with security standards and may be remotely wiped if lost or compromised. 7. Employee Responsibilities Employees must complete regular ICT training covering GDPR, NDIS standards, and incident management. Staff must immediately report lost or stolen devices containing organizational data. 8. Policy Review and Updates This policy will be reviewed annually or whenever there are significant changes to GDPR, NDIS requirements, or ICT infrastructure. 9. Contact Information For ICT-related inquiries, security concerns, or incident reporting: Email: admin@launniecareservices.com.au Phone: 0447 074 644

bottom of page