"The organization shall ensure the confidentiality of customer - contracted products and projects under development, and related product information."

We have a disclaimer at the front desk which anyone from outside the facility must sign to keep everyhting they see confidential.

We also have a disclaimer where everyone upon hire must sign stating they will keep these issues confidential.
Will this suffice?

Thanks ahead, Dawn

Without knowing what customer products or projects you have, it's hard to say if that's enough. Here are a couple of things that come to mind:

• If you have customer audits, how do you keep customer A from seeing customer B's proprietary info?
• Do you have a secure firewall to keep outsiders from gaining access to info on your network?

"The organization shall ensure the confidentiality of customer - contracted products and projects under development, and related product information."



IMO, most importantly, if you can show evidences that your customer's competitiors have no access to all their information shared with you by the customer, it will be quite sufficient.

This clause is to protect the integrity of the customer's propietary informations and how you as a supplier demonstrate that you are capable of doing so.

Remember, ISO/TS 16949 certification purposes has diverted from the old school (QS9000) of clause-compliance. The whole ISO/Ts16949 certification is now focusing on business approach.

Howste correctly id'd the issue with these requirements - how do you keep your competitors (or anyone else that has no business seeing it) from having access to each other's proprietary info?

Agreements and disclaimers are fine, but don't neglect the simple things. Make sure personnel are aware of the issue, and its potentially expensive ramifications, and are taking the appropriate measures to safeguard customer info. This can be as simple as throwing a sheet over a work table with GM drawings on it when the Toyota guys are in the building, or as complicated as secure bays with keycard access. What's appropriate for you, your org, and your customers?

In addition to safeguarding your computers (good one there, howste), here's another one for you. Saw an article last week where the automakers (I think the one specifically mentioned was D-C, but don't quote me on that), are confiscating cell phones with picture capability from all personnel entering areas where confidential information is kept. I think it's a fiar bet word will spread about that fairly quickly. Ain't technology grand!
DW