Does anyone have any documents on this part of the standard? It states that the organization will ensure customer confidentiality on projects and contracts.

I was written up for this one. What is everyone else doing?

Does anyone have any documents on this part of the standard? It states that the organization will ensure customer confidentiality on projects and contracts.

I was written up for this one. What is everyone else doing?

It's always helpful if you provide the exact wording of the auditor's finding, and tell us a little about what you're doing, and what the auditor found that he didn't like.

Okay, let me see if I can get this right. The auditor asked how we assure confidentiality on customer contracts and projects. We do not have a procedure or work instruction that applies to this so the answer was its just implied and information is not shared with other customers or suppliers.

The finding was written up as follows. "There is no evidence that the organization assures confidentiality of customer contracted products and projects."


How do I answer this? Do I need to write something????:confused:

Okay, let me see if I can get this right. The auditor asked how we assure confidentiality on customer contracts and projects. We do not have a procedure or work instruction that applies to this so the answer was its just implied and information is not shared with other customers or suppliers.

The finding was written up as follows. "There is no evidence that the organization assures confidentiality of customer contracted products and projects."


How do I answer this? Do I need to write something????:confused:

What you need is a policy that states that customer information is confidential, and must not be shared with anyone without appropriate bona fides or need to know. Then, if necessary, you might have a written document (a procedure, most likely) that tells how it's accomplished. You should also have evidence of training--that the people who handle customer information understand the policy and procedure.

UNBELIEVABLE! "AUDITORS GONE WILD" (http://elsmar.com/gif/I%20am%20a%20moron.gif) The inbreeding of auditors has got to stop.:tg:

I don't think so, Sidney. Believe it or not, there may be any number of ignorant individuals in a company who don't understand the concept. Where there's a requirement in the standard, there needs to be some evidence beyond "Don't worry about it, we have it covered" that the requirement has been satisfied.

Jim,

Thanks for your help. It's hard to believe you have to write this stuff down, but I guess we have to do what we have to do.

Check your contract of employment.
Many organizations now include confidentiality as a standard clause in the employees' contracts. If this is the case, and the employees are aware of it, you may not have any further writing to do.

What you need is a policy that states that customer information is confidential, and must not be shared with anyone without appropriate bona fides or need to know. Then, if necessary, you might have a written document (a procedure, most likely) that tells how it's accomplished. You should also have evidence of training--that the people who handle customer information understand the policy and procedure.

I agree. At a minimum, I would inquire as to whether it was understood and practiced. After all, it has to be "ensured." No requirement in the standard can be just assumed. There has to be some basis for it, though there may not be a procedure.