How to deal with CONFIDENTIAL documents

R

Rochi

#1
Hello companions.

As an auditor, I should like to know how do you deal with the situation where Personnel being audited does not want to show me a document because they say it is a Confidential one.
I signed a Non Disclosure - Confidentiality agreement, but at the assessing day, I could not acceed to it for that reason. It seems it had some sort of new know-how of the process being audited.
But I needed the document to get some evidence of compliance.

I think next time I'll take a fat black colour marker with me and I'll ask them to mask the confidential or know-how part.

I would like to listen to your expertise opinion.

Thank you very much.
 
Elsmar Forum Sponsor

hogheavenfarm

Quite Involved in Discussions
#2
Re: How to deal with CONFIDENTIAL docs

We have a slightly similar issue. We get audited by our customers, and typically much of the audit documentation includes information about our other customers and products as well. To avoid giving them material to use against their own competition, I keep full set of redacted documents covering everything that would be asked for as far as documentation goes, and put all this in a big binder, called my 'desk audit reference set'. When evidence of how we handle a CA or some such thing comes up, I can open the set, and show step by step, using real records, how we do it. All names and identifying information are removed so they are pretty sanitized. If they need more, I limit the documents to their own company. As far as HR training records go, they could supply you with the same thing, just removing any identifying information. I also keep a binder of blank forms as reference as well, just to show they exist.
 

Wes Bucey

Quite Involved in Discussions
#3
Just curious - internal, customer, or 3rd party auditor?

In my experience, even internal auditors are sometimes excluded from certain information for legitimate reasons.

Obviously, customer auditors have even more restrictions on what they can see, DESPITE "signed confidentiality agreements."

3rd party auditors are much more generic in what documents they review and rarely do they encounter docs with trade secrets, price disparities between customers and other types of information organizations would like to keep from competitors and/or customers. So such information should not be included on documents normally reviewed by 3rd party auditors.

Solutions include simple document creation: primarily, DO NOT PUT CONFIDENTIAL INFO IN ANY DOCUMENT WHICH IS SUBJECT TO REVIEW BY UNINTENDED EYES (in a routine inspection record, this means DO NOT INCLUDE PRICES, SECRET PROCESSES, OR CUSTOMER'S SECRETS!)

Do not leave documents with secret or confidential information in folders or locations which are subject to inspection by any unauthorized person.

Depending on the organization, some information may be kept within a very tight circle of employees (NEED TO KNOW) while, in another organization, very similar information may be freely distributed among all employees, but kept from suppliers and customers.

Almost always, the information most zealously guarded from unauthorized eyes are trade secrets, which, if disclosed, could put the organization at a competitive or economic disadvantage with suppliers, customers, and, especially, competitors. Most auditors do not need such information to perform a competent quality audit.

CAVEAT:
Sometimes, an organization or an individual within an organization will withhold information because it would give evidence of criminal or otherwise fraudulent activity. Auditors suspecting this kind of thing have zero power to compel disclosure and almost always have to escalate the situation to higher levels, who may then refer the case to criminal investigation which DOES have the power to compel disclosure.
 
Thread starter Similar threads Forum Replies Date
L How to deal with an ISO 13485 Supplier Audit nonconformance ISO 13485:2016 - Medical Device Quality Management Systems 17
MDD_QNA How to deal with FDA after not reporting anything for several years Other US Medical Device Regulations 14
M Informational Update from GOV.UK – Regulating medical devices in the event of a no-deal Brexit – UK Responsible Person Medical Device and FDA Regulations and Standards News 0
A How to deal with changed shared components in 510k 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
M Informational UK – Contingency legislation covering regulation of medicines and medical devices in a no deal scenario – Human Medicines and Medical Devices (Amendm Medical Device and FDA Regulations and Standards News 3
M Informational EU – Medicinal products and medical devices: Coordinated approach in case of a withdrawal of the United Kingdom from the Union without a deal Medical Device and FDA Regulations and Standards News 0
M Informational UK – Regulating medical devices in the event of a no deal scenario Medical Device and FDA Regulations and Standards News 0
M Informational UK – Businesses supplying medicines and medical devices – what to expect on day one of a ‘no deal’ scenario Medical Device and FDA Regulations and Standards News 1
M Informational Design for new product safety marking for the no-deal Brexit scenario Medical Device and FDA Regulations and Standards News 1
M Informational UK – Contingency legislation covering regulation of medicines and medical devices in a no deal scenario Medical Device and FDA Regulations and Standards News 1
N How to deal with catalog parts suppliers who refuse to submit PPAP documents? APQP and PPAP 0
M Medical Device News MHRA releases response to consultation on EU exit no-deal legislative proposals Medical Device and FDA Regulations and Standards News 0
M Pharmaceuticals News UK – Further guidance note on the regulation of medicines, medical devices and clinical trials if there’s no Brexit deal Medical Device and FDA Regulations and Standards News 0
M Medical Device News Letter to the health and care sector: update on preparations for a potential no-deal Brexit Medical Device and FDA Regulations and Standards News 0
supadrai Indemnity Letters - What's the Deal? Other Medical Device and Orthopedic Related Topics 5
M Medical Device News MHRA to consult on EU exit no-deal legislative proposals EU Medical Device Regulations 1
D How to deal with user needs when it is obvious the design meets the user need 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 5
P Quality Assurance and Quality Control - Which clauses of ISO 9001 deal with each? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
O How to deal with Multiple Datums - Position with respect to Multiple Datum Feature Inspection, Prints (Drawings), Testing, Sampling and Related Topics 7
J ISO 9001:2015 Clause10.2 Nonconformity and Corrective Action - Deal with Consequences ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
0 How to deal with resistance to GDP Document Control Discipline Document Control Systems, Procedures, Forms and Templates 7
N Interesting Discussion How to Deal with Suppliers Who Refuse to Complete our ISO Survey? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 51
L How to deal with resistance from auditee(s) Internal Auditing 20
P How to deal with a Recruitment Consultant Career and Occupation Discussions 3
AnaMariaVR2 3 Ways To Deal With People Who Play Office Politics Against You Coffee Break and Water Cooler Discussions 7
J How to deal with incomplete forms Nonconformance and Corrective Action 14
R How to deal with the RM requirement of clause 17 Electromagnetic Compatibility? IEC 60601 - Medical Electrical Equipment Safety Standards Series 8
L How to deal with too many CARs (Corrective Action Requests), PARs (Preventive Action) Nonconformance and Corrective Action 25
T How to train employees to deal with external auditors? Internal Auditing 13
S Training on how to deal with Regulations, Rules, Regulations Conflicts, etc. Training - Internal, External, Online and Distance Learning 6
M Mobile Medical Platforms - How to deal with Supplier Hardware/Software Changes? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
S How to deal with non-compliant company after take over of them IEC 27001 - Information Security Management Systems (ISMS) 6
C If my location does not deal with GM - Firewall - CS1 & CS2 Question IATF 16949 - Automotive Quality Systems Standard 3
I How to deal with Behaviour Problem in the work place? Human Factors and Ergonomics in Engineering 20
J How to deal with Mental models IEC 62366 - Medical Device Usability Engineering 1
BradM Deal? Or no Deal? Coffee Break and Water Cooler Discussions 25
Marc Looking for a good deal on a boat? World News 2
S How to deal with telemarketers Funny Stuff - Jokes and Humour 2
ScottK Giving training with a vicious cold - how do you deal? Training - Internal, External, Online and Distance Learning 9
Marc Delphi to close, sell most plants under deal World News 0
J How to deal with an employee who has a bad attitude? - Employee Attitudes Coffee Break and Water Cooler Discussions 15
D X Bar Chart - How can I deal with missing values in subgroups Statistical Analysis Tools, Techniques and SPC 12
E Lets Make a Deal... The TV show - A statistical approach Coffee Break and Water Cooler Discussions 8
M Dock to Stock - How to deal with inspection status requirements Inspection, Prints (Drawings), Testing, Sampling and Related Topics 1
Marc Delphi, GM and UAW reach broad buyout deal World News 1
I How to deal with and track Customer Specific Requirements Customer and Company Specific Requirements 6
J How to deal with operators who fail to follow work instruction? Misc. Quality Assurance and Business Systems Related Topics 52
W Who is my customer? We only deal with the agent who sells our plastic resins IATF 16949 - Automotive Quality Systems Standard 14
P Is TS-16949 a 2 for 1 Deal? QS-9000 - American Automotive Manufacturers Standard 6
Q Customer Specific Requirement, How to deal? QS-9000 - American Automotive Manufacturers Standard 9

Similar threads

Top Bottom