ISO 9001 Second-Party Audits and Confidential Information

 Q: I am auditing contractors involved in a huge project of ours, and from time to time when I ask for information (risk register, management review meetings, etc.), they say it is confidential. 

Where is the limit for confidentiality and how I should deal with it? Actually, it seems like the contractor is using it as a trick.

A: What is not clear from your question is the contractual arrangements you have with your suppliers.  If the contract has a confidentiality clause and calls for second party audits, there is no excuse for withholding information.   ISO 9001:2008 — Quality management systems –Requirements does not address confidentiality.  That is best addressed in the specific arrangements between supplier and customer.

George Hummel
Voting member of the U.S. TAG to ISO/TC 176 – Quality Management and Quality Assurance
Managing Partner
Global Certification-USA
Dayton, OH

Related Content:

Read more open access content about auditing from ASQ:

Ask, and Ye Shall Receive , Quality Progress

Back to Basics: Best Practices in Auditing, Quality Progress

Free Chapter from The Process Auditing and Techniques Guide, Second Edition, ASQ Quality Press. Visit the ASQ store for more information about this book.

Explore more using ASQ Knowledge Center Search.

This entry was posted in ISO 9001 - Quality Management Systems and tagged , , , , . Bookmark the permalink.

One Response to ISO 9001 Second-Party Audits and Confidential Information

  1. The only information that could remain as confidential is the self-audit reports of the auditee.
    Néstor Aversa

Comments are closed.