I get to see a lot of employment contracts in my line of work; and I'm no stranger to fine print. Employment contracts, almost without exception, include confidentiality clauses relating to intellectual property of the organisation. What surprises me is how many contracts neglect to emphasize or even mention the importance of maintaining client information confidential. Have a look at the wording of your organisation's contracts, even if you are sure you have it covered – you might be surprised too!
While we are on the topic, here are some more tips on complying with confidentiality requirements of ISO standards, particularly 17025 and 17020.
Legally Enforceable Commitments.
The new requirements stipulate organisations must be responsible for the management of confidential information “…through legally enforceable commitments…”. One way of covering this requirement is having signed agreements. Make sure your agreements actually discuss maintaining information obtained or created during the performance of testing (or refer to policies that do).
Communicate Expectations.
It is all very well and good to have staff agree to maintain confidentiality when they start employment with you. If you are looking for minimum compliance, this will do. However, if you want to prevent information leakage, consider a variety of ways to communicate your expectations for maintaining confidentiality.
Define to your staff what is considered confidential information, even if it seems obvious.
Emphasize the detrimental consequences of breaching confidentiality.
Review the organisation’s processes related to confidentiality every now and again, and bring up relevant scenarios to prompt discussion at staff meetings.
Gossip.
Do your staff work off-site? They are likely exposed to a lot of industry gossip. Make sure you clarify that information heard in the course of their work on client sites is also confidential. Your staff should understand that participating in the spread of gossip with clients projects an unprofessional image.
By all means, share important information you have overheard – just keep it in the company!
Q&A NATA accreditation and ISO 9001 consultants can:
Conduct a gap analysis of your systems;
Assist you to make the changes required for compliance;
Prepare you for, attend, and respond to your NATA assessment;
Share tips and tricks along the way to improve the efficiency of your processes.
Comments