ISO 9001 Second-Party Audits and Confidential Information

Reviewing confidential files, training records, human resources files

Q: I am auditing contractors involved in a huge project of ours, and from time to time when I ask for information (risk register, management review meetings, etc.), they say it is confidential.

Where is the limit for confidentiality and how I should deal with it? Actually, it seems like the contractor is using it as a trick.

A: What is not clear from your question is the contractual arrangements you have with your suppliers.  If the contract has a confidentiality clause and calls for second party audits, there is no excuse for withholding information.   ISO 9001:2008 — Quality management systems –Requirements does not address confidentiality.  That is best addressed in the specific arrangements between supplier and customer.

George Hummel
Voting member of the U.S. TAG to ISO/TC 176 – Quality Management and Quality Assurance
Managing Partner
Global Certification-USA
Dayton, OH

Related Content:

Read more open access content about auditing from ASQ:

Ask, and Ye Shall Receive , Quality Progress

Back to Basics: Best Practices in Auditing, Quality Progress

Free Chapter from The Process Auditing and Techniques Guide, Second Edition, ASQ Quality Press. Visit the ASQ store for more information about this book.

Explore more using ASQ Knowledge Center Search.

One thought on “ISO 9001 Second-Party Audits and Confidential Information”

Leave a Reply