All information received by or available to Advanced System Assurance Pte Ltd staff, sub – contractors or committee members (in whatever format) received in conducting audit activities, or during other certification activities, or during any dealings with an organisation for any other reason shall be regarded as strictly confidential and shall not be divulged to any 3rd party (unless specified in ISO/IEC 17021 – 1:2015) without the express permission of the organisation or individual concerned. The requirement to keep confidential any information will also include any organisation that has a legitimate right to audit or inspect Advanced System Assurance Pte Ltd.
If Advanced System Assurance Pte Ltd. is required by law to release confidential information to a third party the client or individual concerned shall, unless regulated by law, be notified in advance of the information provided.
However, where the organisation is seen to be operating contrary to legal requirements or has operating practices which pose a danger to staff, customers or the environment Advanced System Assurance Pte Ltd reserves the right to immediately report any such incident to the relevant authority. Any such reporting will only be undertaken with the permission of a Director.
All records will be retained in a secure manner, only accessible to authorised staff via either paper records or password controlled electronic records. Sub – contractors will be limited to accessing information produced by them in conducting an audit. Records will only be made available to organisations who can demonstrate a legitimate (and legal) right to view those records and specifically to Accreditation Bodies.
All staff, Sub Contractors, Directors and Committee Members will be required to agree to Advanced System Assurance Pte Ltd confidentiality policy and sign a non-disclosure agreement. Sub -contractors will also sign an agreement which also contains the responsibility to maintain confidentiality.