Creating and maintaining an information security policy is a good way to ensure your business remains PCI (Payment Card Industry) compliant. This document will outline the security procedures for you and your employees for handling sensitive client information in your office. This document covers best practices for using technology in your organization and also how to properly dispose of sensitive client information.
Attached is an example of a security policy to help you get started creating your own.