International Services for Certification Bodies Confidentiality Policy
1. Purpose:
- The purpose of this policy is to establish guidelines and procedures to ensure the confidentiality of information handled by International Services for Certification Bodies in the course of its accreditation activities.
2. Scope:
- This policy applies to all employees, contractors, assessors, and other individuals involved in the accreditation process.
3. Definition of Confidential Information:
- Confidential information includes, but is not limited to, the following:
- Documents and data provided by accredited organizations during the accreditation process.
- Internal documents related to accreditation decisions and assessments.
- Personnel records and sensitive business information.
4. Responsibility for Confidentiality:
- All individuals associated with International Services for Certification Bodies are responsible for maintaining the confidentiality of information obtained during the course of accreditation activities.
5. Access Controls:
- Access to confidential information is restricted to individuals who require it for the performance of their duties. Access controls, including passwords and secure access systems, are implemented to prevent unauthorized access.
6. Confidentiality Agreements:
- All personnel, assessors, and contractors involved in accreditation activities are required to sign confidentiality agreements. These agreements reinforce the obligation to maintain the confidentiality of information and outline consequences for breaches.
7. Handling of Confidential Information:
- Confidential information shall be handled with the utmost care. Physical documents must be stored securely, and electronic information must be encrypted and protected from unauthorized access.
8. Sharing of Information:
- Confidential information is only shared with individuals or entities directly involved in the accreditation process. Sharing beyond this scope requires explicit consent from the affected parties or is done in accordance with legal and regulatory requirements.
9. Non-Disclosure to Third Parties:
- International Services for Certification Bodies shall not disclose confidential information to third parties without the explicit written consent of the affected party, except when required by law or regulatory authorities.
10. Reporting Breaches: – Any suspected or actual breaches of confidentiality must be reported immediately to the designated individual or department responsible for managing breaches. An investigation will be conducted, and corrective actions will be taken as necessary.
11. Retention and Disposal: – Confidential information will be retained only for the period necessary to fulfill accreditation requirements. When information is no longer required, it will be securely disposed of in a manner that prevents unauthorized access.
12. Training: – All individuals handling confidential information shall receive training on the importance of confidentiality, the procedures outlined in this policy, and the consequences of breaches.
13. Continuous Improvement: – This policy is subject to periodic review to ensure its ongoing suitability and effectiveness. Any necessary revisions are made to address changes in the accreditation body’s operations, industry practices, or regulatory requirements.
Date of Policy Approval: 15 July, 2023
International Services for Certification Bodies
V.5