Compliance
Responsible AI Governance in NZ & Australia: A Board-Ready Guide
Artificial intelligence (AI) is no longer a futuristic concept. It is embedded in everyday operations across health, disability, Māori/iwi, community and creative sectors — from automated scheduling tools to generative platforms like ChatGPT and Copilot. For boards and managers, this shift brings both opportunity and risk. The challenge is clear: how do we harness AI responsibly while ensuring compliance, equity, and defensibility?
In Aotearoa New Zealand and Australia, the governance of AI is rapidly becoming a board-level priority. Regulators, funders, and communities expect organisations to demonstrate not only efficiency but also accountability. For New Zealand boards, this means aligning AI use with the Privacy Act, Te Tiriti o Waitangi obligations, and Māori data sovereignty principles. In Australia, boards must consider the AI Ethics Principles, NDIS and other health and human service compliance requirements, and emerging state-level procurement signals. Across both jurisdictions, the expectation is the same: AI governance must be practical, transparent, and audit-ready.
Why AI Governance Matters
AI tools promise efficiency gains, cost savings, and new ways of engaging with clients. Yet without governance, they also introduce significant risks:
- Compliance breaches: Using AI without clear policies can expose organisations to regulatory violations and penalties in areas like privacy, discrimination and copyright.
- Reputational harm: A poorly managed AI incident can erode trust with funders, clients, and communities.
- Cybersecurity vulnerabilities: AI platforms often rely on cloud-based data processing, creating new attack surfaces for malicious actors.
Boards cannot afford to treat AI as a technical issue delegated to IT teams or worse, to staff self-management. Governance is about oversight, accountability, and ensuring that every tool deployed aligns with organisational values and legal obligations. Responsible AI governance is not optional — it is a strategic necessity.
The Legal and Regulatory Landscape
Aotearoa/New Zealand
Boards must ensure AI use complies with the Privacy Act 2020, which sets clear expectations around data collection, storage, and use. Te Tiriti o Waitangi obligations require respect and protection for rangatiratanga, iwi/Māori rights and active steps to address historical and ongoing impacts of bias. The principles of Te Mana Raraunga emphasise that Māori data is a taonga, requiring governance frameworks to respect tikanga and intergenerational inclusion.
Australia
The Australian Government has released AI Ethics Principles, encouraging organisations to adopt fairness, transparency, and accountability in AI deployment. For disability providers, NDIS compliance adds another layer of responsibility, requiring defensible policies that protect vulnerable clients. In Queensland, procurement signals increasingly favour organisations that can demonstrate responsible AI governance as part of their compliance frameworks.
Boards operating across both jurisdictions must recognise that AI governance is not just about technology — it is about embedding defensibility, dignity, and cultural safety into every decision.
Board Responsibilities in AI Governance
Boards play a critical role in setting the tone for responsible AI use. Their responsibilities include:
- Oversight: Ensuring risk registers and vendor matrices are in place to track AI tools and their compliance obligations.
- Accountability: Embedding equity, dignity, and cultural safety into AI policies and practices.
- Practical tools: Approving compliance checklists, defensibility matrices, and audit-ready frameworks that staff can apply in daily operations.
By taking ownership of AI governance, boards signal to funders, regulators, and communities that their organisation is prepared, proactive, and principled.
Operationalising AI Governance
Responsible AI governance requires operational tools that staff and boards can apply daily. The following tools help make governance defensible and practical:
- Tool-by-tool compliance matrices: Each AI platform (ChatGPT, Gemini, Copilot, Otter, Fireflies, Read.ai) should be assessed against NZ and Australian legal requirements. For example, ChatGPT may raise privacy concerns under Privacy legislation in both countries, while Copilot’s integration with Microsoft tools requires careful vendor risk evaluation.
- Risk registers: Boards should maintain a live register of AI risks, to assess, monitor and help manage risk categories of data privacy, cybersecurity, reputational impact, and bias/equity. (For risks check out Policies in the Age of Hallucinations).
- Vendor matrices: Potential AI provider should be evaluated against organisations’ compliance obligations, transparency of data use, and cultural safety standards.
- Policy & Procedure Oversight: All organisations need policies to guide safe and responsible use of AI. Boards don’t need to write them but need to ensure that all staff have access to good policy advice that is regularly reviewed and updated as AI use in an organisation evolves. Training as well as user-friendly resources like charts and forms, will help staff understand and adhere to the policy guidance.
Embedding Māori Governance Principles
For New Zealand organisations, AI governance must reflect Te Tiriti o Waitangi and Māori data sovereignty. Governance must therefore incorporate human monitoring and oversight of AI outputs for western bias and alignment with Te Mana Raraunga data principles. In this way AI governance will not only be legally defensible but also culturally grounded and equitable.
Five Steps to Audit-Ready AI Governance
Boards can adopt a simple, repeatable framework:
- Identify AI tools in use across the organisation.
- Map risks and compliance obligations for each tool.
- Develop defensible policies and registers aligned with NZ and Australian standards.
- Train staff/kaimahi with accessible materials that translate complex compliance into plain language.
- Review and refine regularly, ensuring board oversight and audit readiness.
This framework will ensure that governance is proactive, practical, and defensible.
Case Study: Disability Service in Practice
A disability service in Aotearoa New Zealand introduced AI scheduling tools to manage staff rosters. Initially, the tool raised privacy concerns around client data. By applying a risk register, vendor matrix, and staff training, the board ensured compliance with the NZ Privacy Act 2020 and embedded cultural safety principles. The outcome was improved efficiency, reduced audit risk, and stronger trust with funders and clients.
Conclusion & Next Steps
AI governance is no longer optional. Boards in New Zealand and Australia must lead with defensibility, dignity, and cultural safety. By adopting practical tools — risk registers, vendor matrices, and training resources — organisations can harness AI responsibly while meeting compliance obligations.
Next Steps:
- Download our AI Governance Checklist to get started.
- Book your free consultation with The Policy Place to discuss your AI governance and other policy needs.
Best System for Keeping Policies Up to Date in NZ
Keeping policies current isn’t just about compliance — it’s about protecting your organisation, your staff, and the people you serve. In social and health care agencies, outdated policies can expose you to risk, compromise care, and weaken trust (see here for our blog about risks of outdated policies).
So, what’s the best system for keeping policies updated? Let’s compare four common approaches.
📄 Using General Templates
Pros:
- Low upfront cost (often free or cheap).
- Quick to access and download.
Cons:
- Too generic & often inappropriate for social or health care.
- Rarely updated with legislation changes.
- High audit risk.
Verdict: Suitable only as a temporary fix.
🛠 Doing It Yourself
Pros:
- Full control and tailoring.
- Embeds your values and sector priorities.
Cons:
- Time‑intensive, requires specialist knowledge (expensive when costed).
- Risk of missing updates.
- Vulnerable if staff leave.
Verdict: Works if you have governance expertise, but risky for most agencies. (DIY v Expert)
💼 Expensive HR Software
Pros:
- Automated updates and reminders.
- Integrated with HR systems.
Cons:
- Very high subscription costs (based on per user).
- Designed for corporate HR, not social care & not-for-profits.
- Policies don’t cover all operational and governance areas.
Verdict: Reliable for HR, but poor fit for human services and sector‑specific compliance.
🌐 The Policy Place Online Policies
Pros:
- Tailored for social, health, disability, iwi, and creative sectors.
- Audit‑ready and aligned with NZ law, regulations (eg Ngā Paerewa) and Te Tiriti.
- Regularly updated for legislative and sector changes.
- Affordable compared to HR software and the cost of time and effort with DIY.
Cons:
- Requires subscription or purchase.
- Best for organisations valuing defensibility and cultural safety.
Verdict: Balanced option for agencies needing reliable, sector‑specific policies.
Comparison
| Option | Cost | Suitability (Social/Health Services) | Reliability |
| General Templates | Low | Poor-too generic | Low |
| Do It Yourself (DIY) | Hidden/high | Moderate- depends on expertise | Variable |
| Expensive HR Software | Very high | Low- corporate focus; narrow focus | High (for HR) |
| Policy Place Online | Moderate/fair | High – sector specific | High |
❓ FAQs
Q: How often should policies be updated in social and health care agencies?
At least annually for any fast-moving area, or whenever legislation or sector standards change.
Q: Are free policy templates safe to use?
They can be a starting point, but they rarely meet audit or compliance standards.
Q: What makes The Policy Place different from HR software?
Policy content is specifically designed for the human services – ie social services, health and a range of community services It’s aligned with NZ regulatory frameworks without the high corporate charges. Covers policies in Governance, Health and Safety, Quality Assurance, Service Delivery, Integrity, HR, Cybersecurity and more.
✅ Conclusion
For agencies in social and health care, the real question isn’t just “how do we keep policies up to date?” but “how do we keep them defensible, sector‑specific, and practical?” General templates and DIY approaches often fall short. HR software is costly and misaligned. The Policy Place offers a middle ground: affordable, reliable, and tailored to the realities of your sector.
👉 Explore The Policy Place online policies today — designed for agencies like yours.
What Policies Do We Need? A Simple Guide for NZ Agencies
One of the most common questions we get asked especially from small teams, community and social services is “what policies do we need.” Organisations want to be compliant with the law and regulatory standards but don’t want to drown in paperwork and needless policies.
In this post, we look at some of the “must-have” policies that every organisation needs, plus service-specific policies that depend on what you do. Our focus is on policies for Aotearoa New Zealand that reflect local legal and contractual requirements.
Why Having the Right Policies Matters
We’ve written before about the need for current and relevant policies in your workplace. (See here –The Risks of Outdated Policies; The Policy Place: Audit Ready Policies for Health and Social Services)
But just to recap – having the right policies in place is important because it helps you:
- Meet your legal and regulatory obligations (eg Social Sector Accreditation Standards; Ngā Paerewa Health and Disability Services Standard; Performance Standards for Registered Community Housing Providers )
- Comply with contracts – this is important for contracts with agencies like Health NZ & Disability Support Services contracts that include quality requirements to be met
- Maintain your kaupapa and protect those you service, as well as staff, volunteers, and the interests of your organisation
- Reduce risk and support good governance and leadership
Poorly designed or missing policies are one of the most common findings in audits, accreditation processes, and investigations. Getting the right policies in place is one of the simplest ways to strengthen your organisation and keep your agency compliant with the law and relevant regulations.
Core Policies Every NZ Community or Social Service Organisation Needs
There are a few “must-have” policies. If nothing else, make sure these are in place and up to date.
-Health and Safety Policy
Covers your obligations under the Health and Safety at Work Act 2015. It will include how you identify hazards, manage risks, protect staff/kaimahi, manage incidents and emergency preparedness.
– Privacy and Confidentiality Policy
Required under the Privacy Act 2020 and the Health Information Privacy Code 2020 for any organisation that collects and deals with personal or health information. It covers information safeguards, information sharing and breach of privacy management.
– Code of Conduct
Outlines expected behaviour for governance, management and staff. It supports values in action, organisational standards and disciplinary processes.
– Complaints and Feedback Policy
This is a must-have for transparency and ongoing learning and improvement in an agency. It supports client rights, and is required in most funding arrangements. The staff version – Grievance and Disputes – encourages early resolution of workplace issues guiding how concerns should be raised and addressed in the workplace.
– Conflict of Interest Policy
For charitable and NFPs, a conflict of interest policy is essential. It supports transparency and integrity of board decisions and processes and ensures process and for governance entities like boards and trusts and for organisations where whānau and community relationships overlap.
– Equity/Diversity Policy
This supports an organisation to give effect to Te Tiriti o Waitangi and comply with the Human Rights Act 1993 and Employment Relations Act 2000. It is a cornerstone for an inclusive and equitable culture.
– Recruitment, Safety Checking, and Police Vetting Policy
This is a legal and regulatory requirement for services working with children/rangatahi and vulnerable people.
Operational Policies Most Organisations Need
This next group of policies are not necessarily required by law but can be critical for smooth operations, audit readiness, and consistency.
-Information Technology and Cyber Security Policy
Covers safe and responsible use of devices, access control, cyber risks, management of data breaches, and secure disposal of equipment.
-Records Management Policy
Guides how documents are stored, accessed, retained, and destroyed.
-Finance and Delegated Authority Policy
Sets financial limits, outlines controls and steps to prevent and detect fraud.
-Child Protection/Safeguarding Policy
Guides the identification and reporting of child abuse concerns and is mandatory for children’s services.
-Professional Development Policy
This isn’t mandatory but will help organisations maintain standards and workers to maintain competence and professional requirements.
Service-Specific Policies You May Need
The policies you need depend on the activities and services you provide. Examples include:
– Work with children/tamariki or rangatahi
- Child Protection Policy
- Safer Recruitment
- Incident Reporting and Escalation
-Health and Disability Services
- Informed Consent
- Medication Management
- Infection Prevention and Control
- Use of Restraint/Enablers
- Behaviour Support
- Crisis or Critical Incident Management
- Emergency Preparedness
-Digital or remote services
- Telehealth or Teleconferencing
- Lone Working
-Home-based support or mobile services
- Home Visiting Safety
- Lone Worker Safety
- Travel and Transport
Governance Policies for Boards and Trusts
Good governance depends on having a few key policies:
- Guidance on Roles and Responsibilities
- Board Procedures
- Conflict of Interest
- Financial/Risk Management
- Trustee Responsibilities
How to Work Out What Your Organisation Needs
A simple checklist:
- Do we have legal obligations that require specific policies?
- Do our funders or accreditation standards specify required policies?
- Do we deliver services that involve safety risks or vulnerable people?
- Do we have areas that create confusion or inconsistency?
- Do staff ask for clarity around key processes?
If you answer yes to any of these, you likely need a policy to cover it.
Common Mistakes Organisations Can Make
- Having too many policies nobody reads
- Copying policies from larger organisations
- Outdated policies that don’t match current law and regulatory standards
- Missing core policies required for audits or accreditation
How The Policy Place Can Help
We provide a one-stop shop for all your policy needs whether in HR, employment, health and safety, privacy, cybersecurity, complaints etc. Our service is particularly effective for SMEs and community, health, and social service organisations across Aotearoa if you are wanting:
-
Policies to support compliance
- Policies spanning all areas of governance and operations
- Monthly reviews and updates to keep policies compliant
- Policies you can customise
- Full policy suites aligned with NZ law, standards, and contracts
If you’re unsure what policies your organisation needs, we can help you figure it out quickly and painlessly.
Policies in the age of AI Hallucinations
In our everyday life, we wouldn’t rely on a person for advice who is known to hallucinate from time to time in their advice-giving. For the same reason, we cannot solely rely on generative AI tools for policy advice and development.
In this post, we focus particularly on the AI risk of “hallucination” and error and how best to manage these risks.
Hallucinations
Hallucinations are a well-known risk of using generative AI. They occur when an AI model makes up facts to respond to a prompt. They reflect that AI models are predictive systems designed to produce the most probable and plausible answer, not necessarily the most accurate or truthful answer.
It can be hard to identify an AI hallucination because they are typically framed in a convincing way.
Why are AI outputs so convincing when they are wrong?
I asked ChatGPT this question.
In its own words, the chatbot explained that “it was trained to sound convincing, not to be right.” In other words, the chatbot’s hallucinating is due to its training that a confident answer is more likely to be viewed as helpful than a hesitant answer; likewise that an answer that has the indicators of expertise (like tone and terms) is more likely to be seen as credible and reliable. AI has learned and reflects the shape and appearance of expertise without necessarily having the expertise itself.
This is quite a different scenario from how AI is sold – see, for example, the description of ChatGPT5 by the CEO of OpenAI as like having a “team of Ph.D. level experts in your pocket.” (NBC News Aug. 8, 2025)
AI at The Policy Place
At the Policy Place we use AI to assist our policy development and review work. We treat it like a junior policy assistant who can help us with a range of tasks like initial drafts, summaries etc We use other sources too like legislation, regulations, government websites, academic research and court and tribunal decisions for the development, reviews and updating of policies and procedures.
We have previously posted about the highly publicised Deloitte case where AI-generated citations used in a report for the Australian Government were found to be wrong and included fictitious citations. There have also been a number of legal cases reported overseas of AI used in cases and found to have produced fictional case citations and other inaccuracies. See here for a good list of Australian examples.
We understand how easily mistakes like this could happen. Unlike other sources we use, we find that checking AI outputs for hallucinations and errors is hugely time-consuming.
It is not only hard to spot hallucinations. When using AI, we have noticed that more data is generated by our prompting than if we did the whole task by hand. Sometimes, this is helpful and right on point. Other times, it can be completely superfluous and tie us needlessly up in checking and re-checking processes.
So we’re still a work in progress, striving for the productivity and efficiency gains of AI use while wanting to maintain our high standards for accuracy and quality in our policies.
Can AI check and verify?
If only we could rely on AI to do this. But we can’t.
At best we can ask AI to verify its outputs against its own training data. It cannot check and verify its outputs against sources like legislation, organisational documents, academic databases and expert reports. It cannot assess the truth or veracity of something.
With RAG – Retrieval-Augmented Generation – things are better. Hallucination risks are significantly reduced because AI answers are grounded in authorised content. AI outputs are also more consistent. But the truth and reliability of AI outputs depends on the authorised content/data.
Thinking about AI for policies?
If you’re thinking about using AI for your policies, think beyond the promises and “sell” of AI. Ensure you have the expertise and knowledge to check the AI outputs for quality, accuracy and hallucinations. Be pro-active about managing the risks of hallucinations and errors and ensure you have good policy guidelines for effective governance and management of AI.
Wanting to outsource your policies and procedures and the assurance of relevant policy expertise? Contact us NOW at The Policy Place.
Call us now
The Policy Place: Audit‑Ready Policies for Health, Disability, and Social Service Organisations
If you’ve searched for “The Policy Place” and landed somewhere unexpected, you’re not alone. We’ve recently discovered that a large HR company is paying to appear first in search results when people look for us. So let’s set the record straight — here’s who we are, what we offer, and why our work matters.
🌿 Our Purpose: Equity, Accountability, and Practical Impact
The Policy Place provides an online policy platform for organisations and SMEs working across health, disability, community, and creative sectors in New Zealand — and now expanding into Australia. We’re known for:
- Audit‑ready, defensible policies and procedures that align with legal, ethical, and sector standards (see What’s so good about the Policy Place online policy service?)
- Accessible and user‑friendly policies that bridge board‑level strategy with frontline usability
- Person‑centred and culturally safe frameworks that reflect values and compliance obligations (eg see How Organisational Policies can Promote and Protect Rights)
- Broad policy coverage — governance, HR, service delivery, and other strategic and operational areas
We don’t offer generic templates or a one‑size‑fits‑all approach. All our clients receive some level of customisation in their policies. This is important for audit and essential to keep policies alive and usable — not dusty old relics.
🔍 Beyond HR: Audit‑Ready Policies for Accreditation and Compliance
We often work alongside HR consultants to help mutual clients get audit‑ready or address compliance problems.
But there are some HR providers who only offer employment‑related policies on long‑term, high‑cost contracts — sometimes locking agencies into paying large amounts over 3–5 years.
We are not like these providers. One big difference is that we don’t lock you in. Our clients pay an annual subscription and can leave at the end of it if they choose.
Other important points about us:
- HR policies plus everything else you need for accreditation, sector standards, and regulatory compliance — including clinical governance, financial controls, and service delivery frameworks
- Flexible, cost‑effective support — no time lock‑ins, and policy content can be added, removed, or edited at any time
- Deep sector knowledge — we understand the operational, cultural, and compliance realities of health, disability, community, and professional service organisations (including NZS8413: 2021; SSAS levels 1-4)
If your organisation is subject to national standards, accreditation audits, or sector‑specific obligations, you need more than just employment policies. You need a partner who understands the full compliance landscape — and that’s where we come in.
🛡️ Why Choose The Policy Place for Governance and Compliance
We’ve built trust by providing consistent, high‑quality service over the years. When someone searches for “The Policy Place,” they’re looking for:
- A specialist who can translate complex requirements into usable tools
- An expert in audit‑ready policies and procedures
- A values‑driven team that puts people, equity, and accountability first
- A service that regularly updates policies for audit and compliance purposes
- A future‑proof policy system
If you’ve landed on a site that doesn’t reflect this kaupapa, you’re not in the right place — but you are now.
📍 How to Find The Policy Place First
To make sure you’re connecting with the real Policy Place:
- Bookmark www.thepolicyplace.co.nz
- Follow us on LinkedIn for sector updates and resources
- Look for our name in your browser bar — not just the search result
We’re working to improve our visibility, but your support helps. If you’ve worked with us, consider leaving a Google review using our full name — it makes a real difference.
❓ Frequently Asked Questions
What makes The Policy Place different from HR policy providers?
We provide HR policies plus the full suite of governance, service delivery, and compliance policies required for accreditation and sector standards. Unlike some HR companies, we don’t lock clients into expensive long‑term contracts.
Do you provide policies for accreditation and compliance audits?
Yes. Our policies are designed to be audit‑ready and align with sector standards such as health and disability accreditation, community service compliance, and governance best practice.
Can The Policy Place support Australian organisations?
Absolutely. While we began in New Zealand, we are expanding into Australia and tailoring our frameworks to reflect Australian standards, values, and compliance requirements.
Are your policies customisable?
Yes. Every client receives policies that reflect some level of customisation. Clients can also customise their policies with their own documents, processes etc. This ensures policies are practical, defensible, and usable in day‑to‑day operations.
How does your subscription model work?
We offer an annual subscription that gives clients access to their own policy site and for regular reviews and updates of policy content we provide. Policies can be updated, added, or removed at any time — with no multi‑year lock‑ins.
🤝 Let’s Talk
Whether you need defensible policy, sector‑specific advice, or practical tools for your team, we’re here. Get in touch to kōrero about how we can support your mahi — in New Zealand, Australia, or wherever your organisation is making a difference
Are you a Health or Disability Service Provider Without Knowing it? Why it Matters.
Many community groups, charities, and small businesses provide services that support people with health needs or disabilities—without necessarily thinking of themselves as “health or disability service providers.” But under New Zealand law, it’s the nature of the service that counts, not whether you’re government-funded or operating in a clinical setting.
This means your organisation might have responsibilities under the Health and Disability Commissioner (HDC) Code of Rights and the Ngā Paerewa Health and Disability Services Standard—even if you don’t hold contracts with Health NZ/Te Whatu Ora or Whaikahai- Ministry of Disabled People.
At The Policy Place, we help community organisations and businesses like yours keep their policies current, compliant, and easy to manage—online and always up to date.
What Counts as a Disability Service Provider?
A recent HDC decision involving the New Zealand Disability Advisory Trust (NZDAT) is a helpful reminder of how broadly the term “disability service provider” is interpreted. In that case, NZDAT had no formal government contracts, but it was providing advocacy and assessment services for people with conditions such as autism and ADHD.
The HDC found that NZDAT was a disability service provider under the Health and Disability Commissioner Act 1994, because it:
- Held itself out as providing support to people with disabilities, and
- Delivered services that promoted their independence and access to entitlements.
As the HDC explained:
“A ‘disability services provider’ is any person who provides, or holds him- or herself out as providing, disability services.”
This includes services that:
- Support people with disabilities in their daily lives,
- Promote independence,
- Offer help with access to government services or health assessments,
- Provide advocacy or navigation support.
So even if your organisation isn’t in the business of medical care, your support services could bring you within the scope of the HDC Code of Rights.
Why This Matters for Your Policies
If your work involves health or disability support—even indirectly—it’s important that your policies are:
Clear about how you uphold the rights of the people you serve,
Aligned with the expectations of the HDC Code and Ngā Paerewa Standards,
Up to date with current legislation and best practice.
The Ngā Paerewa Health and Disability Services Standard (NZS 8134:2021) is now the benchmark for high-quality, person- and whānau-centred services. It reflects key values like partnership with Māori, equity, inclusion, and continuous improvement. These standards can apply to you even if you aren’t required to undergo certification.
Keeping your policies in line with these standards shows your commitment to quality, transparency, and the wellbeing of your clients, members, or service users.
How We Can Help
At The Policy Place, we specialise in:
- Creating tailored online policies that reflect your services and responsibilities,
- Ensuring alignment with the HDC Code and Standards,
- Keeping your policies current, accessible, and easy to manage online,
- Helping you demonstrate good governance, quality practice, and legal compliance.
Whether you’re a grassroots charitable trust, a national network, or a small social enterprise, we make it simple for you to stay on top of your obligations—without the stress of legal jargon or paper-based systems.
Time to Check: Could You Be a Health or Disability Service Provider?
If you support people with disabilities, mental health needs, chronic conditions, or social challenges, it’s worth taking a fresh look at how your services are described—and how your policies support those services.
Not sure where to start?
Get in touch with The Policy Place—we’ll help you review and update your policies so they’re practical, compliant, and ready for today’s standards.
How to Use AI for Writing Policies (Without Getting Burned)
Artificial Intelligence (AI) tools like ChatGPT and Gemini are changing the way we work — and policy writing is no exception. These tools can help you get started quickly, giving you draft content in seconds instead of days. But when it comes to policies and procedures for your business or organisation, speed alone isn’t enough.
At The Policy Place, we think AI can be useful — if you know how to use it safely. Here’s how to make the most of AI tools to draft policy content without putting your organisation at risk, and where expert support still matters.
Step 1: Use AI to Get a First Draft or Template
AI tools are great at producing a basic structure. You can ask something like:
“Write a policy on remote working for a small not-for-profit organisation in New Zealand.”
You’ll often get a reasonable starting point: a definition, purpose, roles, responsibilities, and maybe a few procedures. This can help overcome blank-page syndrome and give you something to work from.
Good use
-
Exploring structure and headings
-
Drafting general content
-
Brainstorming risks or responsibilities
BUT Warning
AI content is often vague, outdated, or based on generic international templates that don’t reflect NZ laws or your specific sector. Sometimes it’s wrong.
Step 2: Review the Content Critically
Just because something is well written doesn’t mean it’s accurate or compliant. You really have to review the content to check it is consistent with our law and othe regulatory criteria that applies to your organisation and that properly reflects your mission, values and purpose (kaupapa).
Remember, unless instructed, AI doesn’t know:
- Which New Zealand legislation applies to your organisation/business
- Your funding contracts or audit requirements
- Your operational needs
- Your kaupapa (mission, values, aims)
- Whether content is up to date with sector standards
That’s where the risks start. Many AI policies can look good but won’t hold up in an audit — or worse, if something goes wrong.
Step 3: Ask for Help to Make It Real
This is where we come in. At The Policy Place, we don’t throw out your AI-generated draft — we aim to get the most from AI to build faster and better policies for your organisation. We:
- Review and provide online policies to support compliance, clarity, and accuracy
- Enable you to tailor policies to your needs and legal obligations
- Check and monitor your online policies for quality and currency
- Update it as laws, contracts, and sector standards change
AI is a tool. It’s not an advisor, an auditor, have regulatory and quality expertise or the exertise of real-life management of diverse agencies.
Example: AI Draft vs Expert Review
AI version:
“All staff are expected to comply with data protection laws.”
Expert-reviewed version:
“Staff must comply with the Privacy Act 2020 and the Information Privacy Principles. The Privacy Officer is responsible for managing access requests, ensuring privacy training is completed annually, and reporting breaches to the Privacy Commissioner where required.”
Spot the difference? That’s the value of combining AI efficiency with real-world expertise.
Use AI — But Don’t Go It Alone
We encourage people to explore and use AI tools. They can be immensely helpful. They’re fast. But they don’t know your risks, obligations, or context. That’s why AI should be a starting point, not your final product.
If you want peace of mind knowing that your policies are developed, checked and reviewed against relevant standards by real lives humans with relevant expertise and experience, or if you want to build a system where AI and expert review work together, talk to us.
Ready to Future-Proof Your Policies?
Let’s work together to make your policies smart, practical, and compliant — with or without AI.
📩 Contact The Policy Place today — your policies are too important to leave to chance.
Sensitive Claims Suppliers – Are You Ready for the 2025 ACC Annual Declaration?
If you’re a Sensitive Claims Supplier, your Annual Declaration to ACC is due by 1 August 2025. This is an annual requirement under the Sensitive Claims contract, and it confirms that you continue to meet your contractual obligations as a Sensitive Claims Supplier.
It’s more than a simple form—this self-assessment requires you to verify that your business has the necessary governance, policies, procedures, and quality assurance systems in place.
At The Policy Place, we help Sensitive Claims Suppliers across Aotearoa meet these ACC compliance requirements quickly and confidently, with tailored online policies and procedures that are aligned with the Sensitive Claims contract (Service Schedule).
What You Must Confirm in Your 2025 Annual Declaration
As part of your submission to ACC, you must confirm that your business has quality assurance systems in place to monitor:
- Staff competency
- Supervision and training compliance
- Ongoing training and professional development needs.
You also have to verify that you have the following documents up-to-date and maintained:
- Contract Management Checklist
- Provider Operating Procedures
- Service Governance Operating Procedures
- Privacy Policy
- Conflict of Interest Policy
- Health and Safety Risk Management Plan
- Business Continuity Plan
- Working with Māori Strategy
- Transition Plan
These are not just box-ticking items—they are essential to demonstrating that you are operating a safe, professional, and culturally responsive service.
How The Policy Place Supports Sensitive Claims Suppliers
We can't do it all for you, but we can help with your policies and procedures so you can meet your contractual requirements with confidence.
We provide online, contract-ready policies and procedures. We:
- Provide and update ACC-related policy content
- Provide policy content to support your business functions
- Provide 24/7 access to your policies and procedures by your Providers
- Support your implementation of policies
- Help you evidence quality assurance and governance during audits or checks
- Save you time so you can focus on delivering care
Whether you're a sole provider or a larger practice, we simplify compliance so you’re never caught out by upcoming reviews or contract audits.
📆 Be Ready by 1 August 2025
With the deadline fast approaching, now is the time to review your policies and ensure your Annual Declaration can be completed with confidence.
We can:
- Review your existing documentation
- Connect you to core policy content we've developed to support Sensitive Claims requirements
- Connect you to other policies you may need to operate successfully as a business
- Provide an easy-to-maintain online system designed for Sensitive Claims Suppliers
- Review and update your policies
👉 Book a free 30-minute consult or explore our policy packages now
Already Trusted by Other Sensitive Claims Providers
We already support a range of services delivering trauma-informed care throughout Aotearoa. We also support agencies and businesses that have diverse compliance needs including in Employment, Privacy, Cultural Safety, Health and Safety, Health and Disability.
Join them now and ease your load by making compliance straightforward and stress-free.
Call us now
The Policy Place – Specialists in policies and procedures for ACC-funded health and community services.
Safeguarding Vulnerable Adults: How Organisations Can Act on the Royal Commission’s Findings
In light of the Royal Commission of Inquiry into Abuse in Care, the urgent need for systemic change is clear. The harrowing stories shared by abuse survivors highlight critical gaps in safeguarding policies that must be addressed. Organisations in Aotearoa now have an unprecedented opportunity to protect vulnerable individuals by implementing robust safeguarding measures, ensuring abuse, exploitation, and neglect are prevented and addressed effectively.
At The Policy Place Ltd, we have recently reviewed and updated Abuse and Protection policies for our online clients to respond to the recommendations of the Royal Commission of Inquiry into Abuse in Care (“Royal Commission”) and Te Aorerekura National Strategy to Eliminate Family Violence and Sexual Violence. In our last post, we discussed how our policies align with the National Strategy. This post focuses on the “why” and “what” of coverage for a policy on safeguarding vulnerable adults.
Key Findings from the Royal Commission
The Royal Commission’s final report, Whanaketia – Through Pain and Trauma, From Darkness to Light, reveals the systemic failures that allowed pervasive abuse and neglect in state and faith-based care from 1950 to 1999. Nearly 3,000 survivors shared their experiences, underscoring the urgency for change.
Factors that Enabled Abuse:
- Lack of Oversight: Insufficient monitoring and accountability within care institutions allowed abuse to go unchecked.
- Power Imbalances: Significant power disparities made it difficult for victims to speak out or be believed.
- Cultural and Systemic Discrimination: Discrimination against Māori, Pacific Peoples, Deaf people, disabled people, and those experiencing mental distress contributed to vulnerability.
- Inadequate Training and Resources: Caregivers often lacked the skills and knowledge to recognise and address abuse.
- Isolation of Victims: Many victims were cut off from family and community, increasing their susceptibility to abuse.
Why Safeguarding Policies Are Crucial Today
The findings of the Royal Commission are not only of historical importance; they offer vital lessons for how care is provided today. Safeguarding policies must reflect these lessons to protect disabled people, kaumātua, and other vulnerable adults who rely on care and support services.
Vulnerability in Care Relationships
Those who depend on others for support face heightened risks due to:
- Dependency Risks: Reliance on caregivers for basic needs creates power imbalances that can be exploited.
- Communication Barriers: Disabilities and mental health challenges can hinder reporting and recognising abuse.
- Isolation: Being cut off from support networks makes individuals more susceptible to exploitation.
- Cultural and Economic Influences: Marginalised communities often face additional barriers to seeking help.
- Incompetency in Care Settings: Staff may lack awareness and skills to address abuse effectively.
Guiding Principles for Safeguarding Vulnerable Adults
The Royal Commission proposed principles that organisations can embed in safeguarding policies to prevent abuse:
- Diligent and Skilful Care: Provide care with professionalism and competence.
- Safe and Insightful Care: Tailor care to individual needs and circumstances, including proactive risk assessments.
- Caring and Compassionate Relationships: Foster trust and encourage open communication.
- Empowering and Timely Support: Empower individuals to understand their rights and access support.
- Mana-Enhancing: Recognise and uphold the dignity (mana) and wellbeing (mauri) of every person.
- Person-Centred: Build care strategies around each person’s unique strengths and needs.
- Participation and Voice: Support individuals to participate in decisions that affect them.
- Prevention and Safety: Implement diverse prevention strategies and awareness initiatives.
- Whānau and Community: Involve family, whānau, and community in decision-making.
- Cultural Responsiveness: Ensure responses address cultural needs and preferences.
Practical Safeguarding Procedures
To operationalise these principles, safeguarding policies should include:
- Awareness and Training: Regular training sessions for kaimahi and volunteers on recognising and addressing abuse.
- Proactive Monitoring: Routine checks on care relationships and environments to identify risks early.
- Supportive Culture: Create safe reporting channels, such as in-person, email, or formal complaints systems.
- Empowerment: Equip individuals with knowledge of their rights and self-protection strategies.
- Feedback and Complaints: Encourage feedback and address complaints transparently.
- Continuous Improvement: Use feedback to enhance services and prevent future issues.
Conclusion
Safeguarding policies extend beyond child protection to ensure that the gross abuses of the past are never repeated. By implementing these measures, organisations can provide safe, culturally responsive care that empowers vulnerable adults and upholds their dignity.
At The Policy Place, we have developed a comprehensive Safeguarding policy grounded in the Royal Commission’s recommendations. This policy is now available to all our online policy members and, like all our policies, will be regularly reviewed and updated to stay relevant. Interested in implementing a safeguarding policy? Contact us to learn more.
Onboarding staff to your policies and procedures
When onboarding staff you need introduce them to some key policies. But can you do that without boring them to death? And can you do it in a meaningful way?
Including policies in your onboarding process is important for many reasons. One, because policies and procedures help you manage risks and guide best practices in your organisation. Secondly, because staff have to know the policies and procedures in order to implement them. Thirdly, because when and if “crunch time” comes, you won’t be able to rely on your policies and procedures if you’ve never taken the trouble to bring them to your staff’s attention.
At the Policy Place, we deal with many clients who talk about the difficulty of getting staff to read and apply policies and procedures. So be assured, you’re not alone with this challenge.
In this post, we’re going to look at two ways staff can be introduced to policies and procedures in an organisation.
Option 1 – You’re killing me
This is when you start a job and are told to sit and read the policies and procedures, then sign off on them once done. In the old days the policies and procedures were a dusty old manual. More modern renditions might be on a Shared Drive or Online Platform like the Policy Place online policy service.
In our online policy service, we aim to make policy content more digestible and accessible. By using an online platform, we reduce the typical density and repetition in organisational policies by using internal and external hyperlinks. We support policy implementation by providing training and other helpful resource links.
The Policy Place gets a lot of positive feedback for its online policies. However, no matter what form policies and procedures take and how hard we try to make them user-friendly, policies and procedures just don’t feature in people’s “top of the pops” list.
Typically, people try and avoid policies. It doesn’t make sense therefore for an organisation to ask new staff to read through their policies and procedures and sign off on them for induction. What an excitement killer!
It’s also a strategy that is unlikely to succeed. Reading policies without having the knowledge or chance to apply the content to real situations and issues, makes it hard to grasp and understand the policy content let alone apply the content.
Option 2 – YES I get it!
A much better way of onboarding staff to policies and procedures is through short online courses that cover off the “essentials” in policy area.
The courses need to be interactive and give staff the chance to apply what they learn to problems and scenarios. The courses are not substitutes for the policies and procedures. But they should address “the essentials” and refer to your policies and procedures.
This type of course is now being offered by the Policy Place.
“Yes, I get it!” is how staff will feel at the end of one of the courses. The courses are interactive and give staff the opportunity through the courses to learn and apply key policy essentials in areas like health and safety and Abuse and Protection to real scenarios and problems. Other courses are in progress.
The courses get rid of the need for staff to have to read through and sign off on policies as part of their induction.
Most of the courses can be completed within 30-40 mins. Once completed, staff are issued with a certificate. This gives you the proof you need as a manager to assure yourself that staff do have the required understanding of key policies and procedures.
Onboarding staff to “Yes I get it”
You can aim high now with your inductions – for your new staff to be motivated and to understand the essentials of your policies and procedures. And with this as your starting point, policy implementation in your workplace looks a lot rosier!