CONFIDENTIALITY POLICY

Staff and Subcontractor Requirements

Any information that an IFC employee, subcontractor or committee member obtains or may obtain in an audit or other certification activity or otherwise in a business relationship with an organization is considered strictly confidential. The requirement to maintain the confidentiality of all information not disclosed to third parties (unless specified in ISO / IEC 17021-1: 2015) without the express permission of the organization or person concerned is a legal requirement for auditing or inspection of the IFC. This also applies to organizations with privileges. Where the Act requires the IFC to disclose confidential information to third parties, the interested client or individual must give advance notice of the provision of the information, unless otherwise regulated by law. Risks to Employees, Customers or the Environment, IFC reserves the right to immediately report such incidents to the appropriate authorities. Such reports are provided only with the permission of the supervisor.

Access to Records

All records are maintained and retained for secure access only to authorized personnel, whether on paper or via password-controlled electronic records. Subcontractors have limited access to the information they provide during the audit. Records may only be used by organizations that can prove their legal rights to view these records, especially certification bodies.

Confidentiality Declarations

All employees, subcontractors, directors and committee members must agree to IFC’s Privacy Policy and sign a confidentiality agreement. The subcontractor will also sign a contract with the responsibility for confidentiality.