Employee Data Privacy Policy - ISO 9001:2015 requirement(s)?

Brizilla

Quite Involved in Discussions
#1
I'm implementing a new ISO 9001:2015 system for a logistics and fulfillment company. One of their SOP's is a privacy policy for their customers. Under 7.5 should their Privacy Policy include their own employees? There's nothing in the employee handbook about it. Oh, great Sages...enlighten me. I don't want to add something unnecessary.
 
Elsmar Forum Sponsor

John C. Abnet

Teacher, sensei, kennari
Staff member
Super Moderator
#2
Under 7.5 should their Privacy Policy include their own employees?
Good day @Brizilla ;
Be careful not to "read" more than the standard requires. The only thing the standard requires specific to this is that "REQUIRED" documentation is "adequately protected". The organization (including consideration of any customer requirements, e.g.; documents of external origin/NDA, etc...) must determine what is "required" and what is "adequately protected".

1- We" can not answer this question. Only the organization can answer this based on their NEEDS. Assuming this is an existing organization, then what is the CURRENT policy/requirement/approach? Don't add requirements and burdens simply for the sake of adding.
2- When you state "you" are implementing..... I am hoping that this does not imply the organization and their top management are not inputting and taking responsibility regarding the QMS (I state this because all too often I have observed an "individual" ----"Implementing" instead of developing within the existing organizational leadership and approach.)

Food for thought.

Hope this helps.

Be well.
 

Brizilla

Quite Involved in Discussions
#5
Thank you for the answers.
"When you state "you" are implementing..... I am hoping that this does not imply the organization and their top management are not inputting and taking responsibility regarding the QMS "
They hired me specifically to implement ISO, and yes I'm working with all the stakeholders and getting managers more involved with each other.
 

John Broomfield

Staff member
Super Moderator
#6
Ask your client how they have already implemented this policy within their management system.

After all, you are respecting the system they already have for determining and fulfilling customer requirements as you help them to develop it.

Be careful with your phrase “implementing a new ISO 9001:2015 system” because it suggests you are about to impose your ISO system on their organization.
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#7
Under 7.5 should their Privacy Policy include their own employees?
Despite the fact that ISO 9001 talks about identification of issues for relevant stakeholders, privacy of employee data is something that is not under the ISO 9001 realm. Having said that, please note that there are regulations out there dealing with data privacy, GPDR as an example. So, chances are, the organization might have to have controls on employee data privacy and protection, but that is NOT due to ISO 9001.
 
Thread starter Similar threads Forum Replies Date
D How to implement Control of Employee Access to Client Data IEC 27001 - Information Security Management Systems (ISMS) 2
M Do employee training records need to be controlled documents? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
D Do employee training records need to be centralized? IATF 16949 - Automotive Quality Systems Standard 10
B Employee Handbook in ISO 9001:2015 Section 7 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 19
G Internal Audits and Employee engagement Internal Auditing 16
T Question about Quality Department employee position titles Quality Manager and Management Related Issues 10
R How to keep track of employee read-only training ISO 13485:2016 - Medical Device Quality Management Systems 14
qualprod Non conformity, do nothing? Employee experiencing "hard times" ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 26
E Employee complaining about air quality Occupational Health & Safety Management Standards 12
S Testing (Evaluation of) and Verification of Employee Color Vision Human Factors and Ergonomics in Engineering 19
S PPT for ISO13485:2016 Employee Training (Request) ISO 13485:2016 - Medical Device Quality Management Systems 0
S Ways to demonstrate objective evidence that employee is trained and competent ISO 13485:2016 - Medical Device Quality Management Systems 28
C AS9100D 7.1.5.2 / Calibration of Employee Owned Measuring Equipment AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
J Hardness inspection Audit Finding Employee error Nonconformance and Corrective Action 6
R Employee diet to reduce absenteeism and increase productivity Hospitals, Clinics & other Health Care Providers 24
SATHYABALARAMAN What are the topics to be covered for Training the employee as per IATF 16949:2016 IATF 16949 - Automotive Quality Systems Standard 2
R Use of Employee Assessments for ISO 13485:2016 Training - Internal, External, Online and Distance Learning 1
S Employee Training Matrix - Keeping track of employee training on various SOPs ISO 13485:2016 - Medical Device Quality Management Systems 4
R Defect Display Area for Employee Shift Change Information Misc. Quality Assurance and Business Systems Related Topics 1
M Employee Motivation 7.3.2 & Training including Awareness 7.2.1 IATF 16949 - Automotive Quality Systems Standard 6
E IATF 16949 Cl. 7.3.1 Awareness - Supplemental - Need Employee Testing? IATF 16949 - Automotive Quality Systems Standard 4
M Quality Awareness Slides for Employee Motivation ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
P Need a new video for employee training ISO 9001:2008 Training - Internal, External, Online and Distance Learning 6
R OSHA - How often an employee needs to be Re-Trained on Safety Methods Occupational Health & Safety Management Standards 4
F ISO 9001:2015 - Employee Training Powerpoint .ppt wanted Training - Internal, External, Online and Distance Learning 8
R Managing Employee Training Files - 21 CFR Part 820.25 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
K Online Employee Training Software Training - Internal, External, Online and Distance Learning 1
A Writing an Internal Audit Report Finding for Employee Awareness of QMS Documents ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
Q Employee Training - Company Transition 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
A Could I create company specific Employee Records? Records and Data - Quality, Legal and Other Evidence 5
L Incentives to Encourage Employee Participation Misc. Quality Assurance and Business Systems Related Topics 1
N Employee Reprimanded in Front of Other Employee? Quality Manager and Management Related Issues 21
N What is the best action for employee when employer is paying late? Career and Occupation Discussions 6
E Outstanding Employee Training Records Training - Internal, External, Online and Distance Learning 11
G Tracking Employee Training Software Training - Internal, External, Online and Distance Learning 7
D Value-Added Analysis - Staff (Employee) Satisfaction Quality Tools, Improvement and Analysis 11
Chennaiite Is Audit of Employee Canteen Food within the scope of OHSAS 18001? Occupational Health & Safety Management Standards 17
D "Quality" Gifts to recognize Employee Efforts Professional Certifications and Degrees 7
E Defining Sub-Disciplines for Chemical Testing Laboratory Employee Proficiency Testing General Measurement Device and Calibration Topics 1
S Employee Training Videos for employee ISO TS 16949 Audits IATF 16949 - Automotive Quality Systems Standard 2
J Employee Contracts : Controlled and Uncontrolled Documents Document Control Systems, Procedures, Forms and Templates 6
A Assessing/Mapping Employee Attitude during Competency Mapping (Assessment) IATF 16949 - Automotive Quality Systems Standard 15
P MDD position on Final Inspection/Release Employee Experience/Training EU Medical Device Regulations 1
J Online Employee Testing Sites Training - Internal, External, Online and Distance Learning 5
H Return on Investment of Employee Human Factors and Ergonomics in Engineering 7
I Definition Insubordination in Organizations - Definition, extent; vis-a-vis employee's rights. Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 14
somashekar How to Determine the Necessary Employee Competence ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
D Employee Motivation and Empowerment - TS 16949 Clause 6.2.2.4 IATF 16949 - Automotive Quality Systems Standard 11
R Calibration Requirements for Employee Owned Gages General Measurement Device and Calibration Topics 5
E What forms should be controlled? Vacation, sick leave, employee evaluations, etc? Document Control Systems, Procedures, Forms and Templates 10

Similar threads

Top Bottom