Confidentiality

CONFIDENTIALTY POLICY STATEMENT

Staff and Sub contractor Requirements

All information received by or available to ISOQAR staff, sub-contractors or committee members (in whatever format) received in conducting audit activities, or during other certification activities, or during any dealings with an organisation for any other reason shall be regarded as strictly confidential and shall not be divulged to any 3rd party (unless specified in ISO 17021:2011) without the express permission of the organisation or individual concerned. The requirement to keep confidential any information will also include any organisation that has a legitimate right to audit or inspect ISOQAR i.e. UKAS.

Where ISOQAR is required by law to release confidential information to a third party the client or individual concerned shall, unless regulated by law, be notified in advance of the information provided

However where the organisation is seen to be operating contrary to legal requirements or has operating practices which pose a danger to staff, customers or the environment ISOQAR reserves the right to immediately report any such incident to the relevant authority. Any such reporting will only be undertaken with the permission of a Director.

Access to Records

All records will be retained in a secure manner, only accessible to authorised staff via either paper records or password controlled electronic records. Sub-contractors will be limited to accessing information produced by them in conducting an audit. Records will only be made available to organisations who can demonstrate a legitimate (and legal) right to view those records and specifically to Accreditation Bodies eg UKAS.

Confidentiality Declarations

All staff, Sub Contractors, Directors and Committee Members will be required to agree to ISOQARS confidentiality policy and sign a confidentiality agreement. Sub-contractors will also sign an agreement which also contains the responsibility to maintain confidentiality.

IMPARTIALITY POLICY STATEMENT

ISOQAR India Pvt. Ltd. is the legal entity responsible for certification activities; reference to ISOQAR in this Policy and Public Statement refers to these legal entities.

ISOQAR its Directors, Staff and Sub-contractors fully understands the importance of impartiality in undertaking its Certification Activities. ISOQAR will therefore ensure that in all its dealings with clients or potential clients all employees or other personnel are and will remain impartial. To ensure that impartiality is both maintained and can be demonstrated the following principals have been established.

ISOQAR Certificates are only issued following a review by an independent authorised and competent member of the management team (who has not been involved in the audit) to ensure that no interest shall predominate

ISOQAR does not offer (and has never offered) management system consultancy or any other form of consultancy to companies or individuals.

ISOQAR does not offer (and has never offered) an internal audit service to its certified clients.

ISOQAR does not own or have any interest (financial or otherwise) in any other company that offers certification or management system consultancy services.

ISOQAR does not have (and will not form) any relationships with companies who offer consultancy or other services that can be construed as having an impact on the certification services provided by ISOQAR. Any proposed relationship between ISOQAR and any other company will undergo a risk assessment by the Committee for Impartiality prior to that relationship being formalised. Any current relationships with companies, organisations and individuals will be risk assessed on a regular basis to ensure that the relationship does not impact upon the impartiality of the certification process.

Individuals employed by or otherwise contracted to ISOQAR are required to document and record their current and past relationships with all companies. Any situation past or present which may present a potential conflict of interest is required by ISOQAR to be declared. ISOQAR will use the information to identify any threats to impartiality and will not use that individual in any capacity unless they can demonstrate that there is no conflict of interest.

ISOQAR will not allocate a member of staff or sub-contractor to a management system audit where any past relationship has existed. Exceptionally and at the discretion of the Technical Manager or Directors an individual or sub-contractor may be allocated to a management system audit where a past relationship has existed but there has been no relationship for a minimum of 2 years.

ISOQAR does not and will not offer any commission, (‘finders fees’ or other inducements) to any individual or company in respect of referrals of clients unless:

  • The terms and conditions of any such referral are clearly established and can be demonstrated and it can also be demonstrated that the fee is for a referral and the fact that a commission has been paid will in no way effect the outcome of an audit.
  • A risk assessment (to establish the potential for an unacceptable threat to impartiality) has been carried out on the process through which any such payment is made to an individual or organisation (normally a consultant) requesting the commission for referrals.
  • All such payments are documented, recorded, and traceable and accompanied by a purchase order and invoice.

ISOQAR does not offer specific training to any company in respect of implementing a particular standard for that company. Any training offered by ISOQAR is general in nature and available to all companies or individuals who wish to attend.

 

ISOQAR will ensure that it is not linked or marketed in any way which links it with the activities of a management system consultancy and will take appropriate action should any such link be identified.

Auditors and others involved in the certification process are not and will not be put under any pressure and will not be influenced in any way to come to a particular conclusion regarding the result of an audit.

ISOQAR India’s Impartiality Norms:

No outsourcing of Audits to Consultancy Organisation.

No Referral Fees to be paid to Consultancy Organisation.

Facts based communication to Clients/ Consultancy Organisation.

Adherence to all Accreditation and other ISOQAR Policies.

ISOQAR shall not carry out any other conflicting services other than its core business of Certification.

ISOQAR shall not employ any professional conflicting its ethical policies.

ISOQAR shall not allow any of its auditors to market the services and conduct the audits for the same client.

ISOQAR shall not allow any of its auditors to carry out financial transactions with clients / consultants.

ISOQAR shall not carry out business with any consultant inducing pressures to compromise impartiality.

All employees of ISOQAR shall disclose any situation impairing the business ethics.

ISOQAR shall not allow any of the auditors to carry out audits for the client at least for 2 years from the date of relinquishment from their services for the client.

ISOQAR shall not allow any auditor to compromise on the audit timing as required as per the accreditation/ ISOQAR norms.

ISOQAR shall not allow any auditor to conduct the audit for the client for which it has not been approved for.

ISOQAR shall maintain transparency with regard to all information.

No auditor shall divulge any confidential information of the client to any third party without written consent from the client and approval by MD

No auditor shall carry any client information with them after the usage period. All client information shall be returned after usage.

Utmost care/verification to be carried out for granting the right scope of certification.

Any unethical practice observed should be notified to the management at the earliest.

ISOQAR shall not allow any of its auditors to accept any gifts from client/consultant of value greater than INR 500.

ISOQAR shall not allow any auditor to conduct audit for the organization where any of its family members / close relatives are involved at a decision making position.

Disciplinary actions for non-adhering to impartiality policies shall be taken by the Management in consultation with Impartiality Committee.