Auditor requests confidential information via Email

[AndyN]

The Auditor should know that "confidential" information is exactly that. They should also know that asking for something like that to be emailed would be a potential breach of ethical or legal standards. Any documents that need to be reviewed, of a confidential nature, be reviewed on-site, not via email. This is just my humble opinion on the requirements of ISO 19011, which they have been trained on.

Are you certain? ISO/IEC 17021 (and the rest) have replaced the 19011 requirements for CBs...

 

[Silex7]

You should (and probably already do) have a confidentiality agreement with the CB. Just remind the auditor that the documents are confidential and ask that they be destroyed when the review is complete. I would send them using FTP, not email.

Yes we do, and he 'd probably mention the meeting confidentiality on his opening meeting which I'll find it very illogical, in my opinion he is trying to ease his On-site auditing process , to make it easier for himself for his record, but this is too un-professional just to mention,

 

[Silex7]

What some people don't realize is that a number of CB auditors also work as consultants. Some of the unscrupulous ones collect a lot of intellectual property (such as procedures, documents, even drawings, etc.) from the organizations they audit and "repackage" them as their creation for other consulting clients. Be very careful with providing electronic versions of any documents to external parties without protecting yourself against IP theft.

Exactly!! I had known some auditors indeed who were using some materials as a models and worked as a consultant for some start-up companies to pave a Quality Management System for them.
I am too paranoid about sharing such information, specially with people who declared their un-professionalism in the first place!

 

[Silex7]

This may be a total coincidence, but is the registrar BSI and did you get an e-mail today about a change in assessor?

Lol, No , that would be a freak coincidence , have you been experiencing the same?

 

[rickpaul01]

Exactly!! I had known some auditors indeed who were using some materials as a models and worked as a consultant for some start-up companies to pave a Quality Management System for them.
I am too paranoid about sharing such information, specially with people who declared their un-professionalism in the first place!

If you do not trust your CB, don't do business with them.

 

[AndyN]

If you do not trust your CB, don't do business with them.

It's only one auditor... Not the "CB".

 

[rickpaul01]

It's only one auditor... Not the "CB".

You are speaking for Silex7?

 

[buzzjaw]

You should (and probably already do) have a confidentiality agreement with the CB. Just remind the auditor that the documents are confidential and ask that they be destroyed when the review is complete. I would send them using FTP, not email.

I wouldn't make them available electronically to the auditor at all. If the company being audited has their act together they've probably employed information protection policies which would prevent the easy transfer of the documents anyway.

 

[Coury Ferguson]

Are you certain? ISO/IEC 17021 (and the rest) have replaced the 19011 requirements for CBs...

Andy,

Yes I know that ISO 17021 is the driving force for CBs. I was addressing the issue using 19011 as the reference since it (even though it might be leaning to more IA) still the requirement to be trained in for Auditing QMS. Am I wrong there?

 

[Kronos147]

Lol, No , that would be a freak coincidence, have you been experiencing the same?

I just heard something about a change in auditor for some upcoming ISO 9001 audits for BSI. If you said 'yes', I may have had more to add.