3½ page generic information security policy concerns the handling of complaints, enquiries and reported incidents/breaches involving personal information.
Organizations are obliged to take privacy-related enquiries, complaints and incident reports seriously, investigate them properly and resolve them appropriately in accordance with applicable laws and regulations (such as GDPR), plus ethical considerations. This policy says how.
Note: this particular issue is often neglected, even by organizations that take policy seriously and publish sensible privacy policies. It is an explicit requirement under GDPR.
Delivered as an editable MS Word document, easily customized for your organization's specific needs.