Employee Data Privacy Policy - ISO 9001:2015 requirement(s)?

Brizilla · Feb 3, 2021

I'm implementing a new ISO 9001:2015 system for a logistics and fulfillment company. One of their SOP's is a privacy policy for their customers. Under 7.5 should their Privacy Policy include their own employees? There's nothing in the employee handbook about it. Oh, great Sages...enlighten me. I don't want to add something unnecessary.

John C. Abnet · Feb 3, 2021

Brizilla said:

Good day @Brizilla ;
Be careful not to "read" more than the standard requires. The only thing the standard requires specific to this is that "REQUIRED" documentation is "adequately protected". The organization (including consideration of any customer requirements, e.g.; documents of external origin/NDA, etc...) must determine what is "required" and what is "adequately protected".

1- We" can not answer this question. Only the organization can answer this based on their NEEDS. Assuming this is an existing organization, then what is the CURRENT policy/requirement/approach? Don't add requirements and burdens simply for the sake of adding.
2- When you state "you" are implementing..... I am hoping that this does not imply the organization and their top management are not inputting and taking responsibility regarding the QMS (I state this because all too often I have observed an "individual" ----"Implementing" instead of developing within the existing organizational leadership and approach.)

Food for thought.

Hope this helps.

Be well.

yodon · Feb 3, 2021

What, specifically, is driving the privacy policy? That sounds as @John C. Abnet notes, beyond the standard. There certainly are regulations for information protection so you need to understand what's in play.

Johnnymo62 · Feb 4, 2021

I'm sure the company has some human resources type of requirements for their employees. SSN, medical info, home address, financial info, etc.

Brizilla · Feb 9, 2021

Thank you for the answers.
"When you state "you" are implementing..... I am hoping that this does not imply the organization and their top management are not inputting and taking responsibility regarding the QMS "
They hired me specifically to implement ISO, and yes I'm working with all the stakeholders and getting managers more involved with each other.

John Broomfield · Feb 9, 2021

Ask your client how they have already implemented this policy within their management system.

After all, you are respecting the system they already have for determining and fulfilling customer requirements as you help them to develop it.

Be careful with your phrase “implementing a new ISO 9001:2015 system” because it suggests you are about to impose your ISO system on their organization.

Sidney Vianna · Feb 9, 2021

Brizilla said:

Despite the fact that ISO 9001 talks about identification of issues for relevant stakeholders, privacy of employee data is something that is not under the ISO 9001 realm. Having said that, please note that there are regulations out there dealing with data privacy, GPDR as an example. So, chances are, the organization might have to have controls on employee data privacy and protection, but that is NOT due to ISO 9001.

Thread starter	Similar threads	Forum	Replies	Date
D	How to implement Control of Employee Access to Client Data	IEC 27001 - Information Security Management Systems (ISMS)	2	Aug 24, 2010
D	Do employee training records need to be centralized?	IATF 16949 - Automotive Quality Systems Standard	10	May 20, 2021
B	Employee Handbook in ISO 9001:2015 Section 7	ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards	19	May 13, 2021
G	Internal Audits and Employee engagement	Internal Auditing	16	Feb 21, 2020
T	Question about Quality Department employee position titles	Quality Manager and Management Related Issues	10	Feb 13, 2020
R	How to keep track of employee read-only training	ISO 13485:2016 - Medical Device Quality Management Systems	14	Oct 13, 2019
	Non conformity, do nothing? Employee experiencing "hard times"	ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards	26	Aug 24, 2019
E	Employee complaining about air quality	Occupational Health & Safety Management Standards	12	Jul 31, 2019
S	Testing (Evaluation of) and Verification of Employee Color Vision	Human Factors and Ergonomics in Engineering	19	Feb 28, 2019
S	PPT for ISO13485:2016 Employee Training (Request)	ISO 13485:2016 - Medical Device Quality Management Systems	0	Nov 30, 2018
S	Ways to demonstrate objective evidence that employee is trained and competent	ISO 13485:2016 - Medical Device Quality Management Systems	28	May 8, 2018
C	AS9100D 7.1.5.2 / Calibration of Employee Owned Measuring Equipment	AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements	5	Apr 27, 2018
J	Hardness inspection Audit Finding Employee error	Nonconformance and Corrective Action	6	Jan 30, 2018
R	Employee diet to reduce absenteeism and increase productivity	Hospitals, Clinics & other Health Care Providers	24	Dec 23, 2017
	What are the topics to be covered for Training the employee as per IATF 16949:2016	IATF 16949 - Automotive Quality Systems Standard	2	Nov 28, 2017
R	Use of Employee Assessments for ISO 13485:2016	Training - Internal, External, Online and Distance Learning	1	Oct 17, 2017
S	Employee Training Matrix - Keeping track of employee training on various SOPs	ISO 13485:2016 - Medical Device Quality Management Systems	4	Oct 1, 2017
R	Defect Display Area for Employee Shift Change Information	Misc. Quality Assurance and Business Systems Related Topics	1	Jul 21, 2017
M	Employee Motivation 7.3.2 & Training including Awareness 7.2.1	IATF 16949 - Automotive Quality Systems Standard	6	Jul 12, 2017
E	IATF 16949 Cl. 7.3.1 Awareness - Supplemental - Need Employee Testing?	IATF 16949 - Automotive Quality Systems Standard	4	Apr 24, 2017
M	Quality Awareness Slides for Employee Motivation	ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards	4	Apr 19, 2017
P	Need a new video for employee training ISO 9001:2008	Training - Internal, External, Online and Distance Learning	6	Jan 9, 2017
R	OSHA - How often an employee needs to be Re-Trained on Safety Methods	Occupational Health & Safety Management Standards	4	Nov 8, 2016
F	ISO 9001:2015 - Employee Training Powerpoint .ppt wanted	Training - Internal, External, Online and Distance Learning	8	Sep 20, 2016
R	Managing Employee Training Files - 21 CFR Part 820.25	21 CFR Part 820 - US FDA Quality System Regulations (QSR)	4	May 18, 2016
K	Online Employee Training Software	Training - Internal, External, Online and Distance Learning	1	May 12, 2015
A	Writing an Internal Audit Report Finding for Employee Awareness of QMS Documents	ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards	11	Mar 6, 2015
Q	Employee Training - Company Transition	21 CFR Part 820 - US FDA Quality System Regulations (QSR)	1	Feb 20, 2015
A	Could I create company specific Employee Records?	Records and Data - Quality, Legal and Other Evidence	5	Feb 16, 2015
L	Incentives to Encourage Employee Participation	Misc. Quality Assurance and Business Systems Related Topics	1	Nov 4, 2014
N	Employee Reprimanded in Front of Other Employee?	Quality Manager and Management Related Issues	21	Oct 20, 2014
N	What is the best action for employee when employer is paying late?	Career and Occupation Discussions	6	Oct 15, 2014
E	Outstanding Employee Training Records	Training - Internal, External, Online and Distance Learning	11	Aug 12, 2014
G	Tracking Employee Training Software	Training - Internal, External, Online and Distance Learning	7	Aug 7, 2014
D	Value-Added Analysis - Staff (Employee) Satisfaction	Quality Tools, Improvement and Analysis	11	Jul 10, 2014
	Is Audit of Employee Canteen Food within the scope of OHSAS 18001?	Occupational Health & Safety Management Standards	17	Jun 29, 2014
D	"Quality" Gifts to recognize Employee Efforts	Professional Certifications and Degrees	7	Jun 17, 2014
E	Defining Sub-Disciplines for Chemical Testing Laboratory Employee Proficiency Testing	General Measurement Device and Calibration Topics	1	Jun 13, 2014
S	Employee Training Videos for employee ISO TS 16949 Audits	IATF 16949 - Automotive Quality Systems Standard	2	Apr 17, 2014
J	Employee Contracts : Controlled and Uncontrolled Documents	Document Control Systems, Procedures, Forms and Templates	6	Apr 9, 2014
A	Assessing/Mapping Employee Attitude during Competency Mapping (Assessment)	IATF 16949 - Automotive Quality Systems Standard	15	Apr 9, 2014
P	MDD position on Final Inspection/Release Employee Experience/Training	EU Medical Device Regulations	1	Oct 16, 2013
J	Online Employee Testing Sites	Training - Internal, External, Online and Distance Learning	5	Sep 20, 2013
H	Return on Investment of Employee	Human Factors and Ergonomics in Engineering	7	Jun 19, 2013
I	Definition Insubordination in Organizations - Definition, extent; vis-a-vis employee's rights.	Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically	14	May 8, 2013
	How to Determine the Necessary Employee Competence	ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards	4	Apr 23, 2013
D	Employee Motivation and Empowerment - TS 16949 Clause 6.2.2.4	IATF 16949 - Automotive Quality Systems Standard	11	Mar 19, 2013
R	Calibration Requirements for Employee Owned Gages	General Measurement Device and Calibration Topics	5	Jan 15, 2013
E	What forms should be controlled? Vacation, sick leave, employee evaluations, etc?	Document Control Systems, Procedures, Forms and Templates	10	Dec 12, 2012
Z	Scope of Employee and Function Levels of Internal Audits	Internal Auditing	3	Dec 6, 2012

Employee Data Privacy Policy - ISO 9001:2015 requirement(s)?

Brizilla

Quite Involved in Discussions

John C. Abnet

Teacher, sensei, kennari

yodon

Johnnymo62

Haste Makes Waste

Brizilla

Quite Involved in Discussions

John Broomfield

Sidney Vianna

Post Responsibly

Similar threads