Under 7.5 should their Privacy Policy include their own employees?
Good day
@Brizilla ;
Be careful not to "read" more than the standard requires. The only thing the standard requires specific to this is that "REQUIRED" documentation is "adequately protected". The organization (including consideration of any customer requirements, e.g.; documents of external origin/NDA, etc...) must determine what is "required" and what is "adequately protected".
1- We" can not answer this question. Only the organization can answer this based on their
NEEDS. Assuming this is an existing organization, then what is the CURRENT policy/requirement/approach? Don't add requirements and burdens simply for the sake of adding.
2- When you state
"you" are implementing..... I am hoping that this does not imply the organization and their top management are not inputting and taking responsibility regarding the QMS
(I state this because all too often I have observed an "individual" ----"Implementing" instead of developing within the existing organizational leadership and approach.)
Food for thought.
Hope this helps.
Be well.