Q: I am auditing contractors involved in a huge project of ours, and from time to time when I ask for information (risk register, management review meetings, etc.), they say it is confidential.
Where is the limit for confidentiality and how I should deal with it? Actually, it seems like the contractor is using it as a trick.
A: What is not clear from your question is the contractual arrangements you have with your suppliers. If the contract has a confidentiality clause and calls for second party audits, there is no excuse for withholding information. ISO 9001:2008 — Quality management systems –Requirements does not address confidentiality. That is best addressed in the specific arrangements between supplier and customer.
Voting member of the U.S. TAG to ISO/TC 176 – Quality Management and Quality Assurance
For more on this topic, please visit ASQ’s website.