ISO Maldives Ascent Confidentiality and Non-disclosure policy www.isomaldivesascent.com ISO Maldives Ascent Introduction This Confidentiality and Non-disclosure Policy sets out the expectations and obligations on ascent consultants and associate employees (hereafter referred to as consultants). It is expected that the consultant will adhere to the policy, and understand his or her role in keeping confidential, proprietary and sensitive information.
Why confidentiality is important to ascent through ISO Maldives Ascent’s work, our consultants are often given privileged access to confidential or sensitive information. This information may be about the ways the client organization works, future plans for products or services, or sensitive personnel or client data. In many cases it is only possible for ascent to work effectively with clients by internally exchanging this type of confidential or sensitive information.
ISO Maldives Ascent takes significant steps to safeguard this information, including the following:
- All of our consultants are given training on managing confidentiality throughout a client engagement
- Our consultants sign a confidentiality and non-disclosure agreement detailing the need for confidentiality and the serious consequences of any breach
- ISO Maldives Ascent has appointed a client lead for policy issues covering confidentiality and non-disclosure: Mark Ripley
- ISO Maldives Ascent has detailed data security processes for obtaining, storing and disposing of confidential or sensitive data.
Security of data:-
We understand it is critical for ISO Maldives Ascent to take steps to maintain the security of data received from our clients in confidence. All our consultants operate a range of IT and operational security procedures: • secure login identification for using IT systems — each time our consultants access ascent data, they are required to sign in using personalized password identification
- Each employee need to sign a declaration of confidentiality of third party and company information;
- Disclose any information of a confidential nature, which they may acquire or may have acquired in relation to the business or affairs of the client.
- We limit access to information so that only consultants needing data to be able to deliver their client work, are given access to sensitive information
- Protecting ISO Maldives Ascent IT systems — Ascent’s IT systems operate behind a firewall, and use encrypted storage of data.
- We work with one of the world’s leading IT service providers, which offers us state of the art security functionality
- The members of the Committee for Safeguarding Impartiality signing a confidentiality agreement;
- We have a detailed business continuity policy in place which encompasses: secure, encrypted, data backup; offsite storage; original record handling; secure disposal
- We limit the amount of paper-based confidential or sensitive data our consultants hold: any necessary confidential or sensitive paper records are kept in secure storage.
- Subcontracted consultants & auditors are required to sign a Confidentiality Agreement that indicates that they will hold all client information
- Confidential treatment of client processes & procedures is explained to clients in opening and closing meetings;
- Special arrangements regarding confidentiality may be submitted by the client.
- Clients are informed that certification files held by ISO Maldives Ascent are subject to review by industry accreditation agencies & regulatory authorities.
Note: ISO Maldives Ascent shall not provide access to records / documents / information of its clients to organization except its regulatory boards or any other concerned government authorities.