This policy describes our rigorous approach to safeguarding confidential data and information provided by our clients.
Our certification procedures aim to maintain the trust of our clients that commercially sensitive and other types of confidential information received from them or from other sources will not be revealed to unauthorised parties. Any NEPCon staff or consultants who are found in deliberate breach of our confidentiality rules will be removed from participation in NEPCon’s activities. NEPCon reserves the right to initiate legal action against any party in breach of a confidentiality agreement.
All NEPCon personnel is required to sign a confidentiality agreement with NEPCon where they agree to maintain complete confidentiality in terms of all client documentation, interviews, conversations, and any information related to the certification assessment or audit process pertaining to the organisation/source being evaluated. Assessors shall not make or distribute copies of any documents or reports, or discuss the content of these reports with other parties unless specifically authorised by NEPCon's Executive Director. All documents, data and other evidence provided to, or collected by, the assessor in conducting an assessment or audit must be returned to NEPCon or the client, or be destroyed. When in doubt about the confidential nature of information, auditors should refer questions or public requests for information directly to their supervisor.
The confidentiality principles do not apply to information which is already public and/or which is required to be publicly available under the rules of the applicable certification scheme, regulation, law or contractual arrangements. Our clients are informed by relevant NEPCon staff about the types of information which is required to be publicly available. Public information includes, but is not limited to:
- information found in the public summary sections of the audit report (the client can always review and comment on the report prior to publication);
- information provided by the client for use on the certification related websites (e.g. certified products, species, area)
- information about the client organisation, received from sources other than the client, which is not of a sensitive nature;
- information that is available in the public domain.
NEPCon aims to follows the best practices in relation to IT security and applies reasonable security measures to safeguard all electronic client information and communication.
Peter Feilberg, NEPCon Executive Director
12 May 2014