ISO PAS 17002-2004 Conformity assessment - Confidentiality - Principles and requirements《合格评定 机密性 原则和要求》.pdf

1、 Reference numberISO/PAS 17002:2004(E)ISO 2004PUBLICLY AVAILABLE SPECIFICATION ISO/PAS17002First edition2004-08-15Conformity assessment Confidentiality Principles and requirements valuation de la conformit Confidentialit Principes et exigencesCopyright International Organization for Standardization

2、Reproduced by IHS under license with ISO Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-ISO/PAS 17002:2004(E) PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not

3、be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe

4、is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO mem

5、ber bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. ISO 2004 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or m

6、echanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www

7、.iso.org Published in Switzerland ii ISO 2004 All rights reservedCopyright International Organization for Standardization Reproduced by IHS under license with ISO Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-ISO/PAS 17002:2004(E) ISO 2004 All rights reserved iii

8、Foreword ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a t

9、echnical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters

10、 of electrotechnical standardization. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of technical committees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulate

11、d to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote. In other circumstances, particularly when there is an urgent market requirement for such documents, a technical committee may decide to publish other ty

12、pes of normative document: an ISO Publicly Available Specification (ISO/PAS) represents an agreement between technical experts in an ISO working group and is accepted for publication if it is approved by more than 50 % of the members of the parent committee casting a vote; an ISO Technical Specifica

13、tion (ISO/TS) represents an agreement between the members of a technical committee and is accepted for publication if it is approved by 2/3 of the members of the committee casting a vote. An ISO/PAS or ISO/TS is reviewed after three years in order to decide whether it will be confirmed for a further

14、 three years, revised to become an International Standard, or withdrawn. If the ISO/PAS or ISO/TS is confirmed, it is reviewed again after a further three years, at which time it must either be transformed into an International Standard or be withdrawn. ISO/PAS 17002 was prepared by the ISO Committe

15、e on conformity assessment (CASCO). Copyright International Organization for Standardization Reproduced by IHS under license with ISO Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-ISO/PAS 17002:2004(E) iv ISO 2004 All rights reservedIntroduction In 2001 the ISO C

16、ouncil asked its policy committee on conformity assessment (ISO/CASCO) to study and prepare a group of common elements for application in future ISO documents on conformity assessment. Subsequent to this request, ISO/CASCO approved the formation of Working Group 23, Common elements in ISO/IEC Standa

17、rds for conformity assessment activities, to undertake this task. The working group has identified several common elements, including among others impartiality, confidentiality, complaints and appeals, management systems. This Publicly Available Specification (PAS) addresses the “confidentiality” el

18、ement that occurs in many of the ISO/IEC Guides and International Standards on conformity assessment. The PAS covers the agreed principles that give substance to the element of confidentiality, and also provides requirements clauses intended to be included in future ISO/IEC International Standards o

19、n conformity assessment. This PAS is intended to apply to the drafting of documents on conformity assessment by ISO/CASCO. Clause 4 (Principles) contains statements that are intended to orientate ISO/CASCO working groups in their task of creating requirements to address confidentiality in their docu

20、ments. The requirements to be inserted into future ISO/CASCO documents that cover the common element of “confidentiality” are detailed in Clause 5. ISO/CASCO has adopted a common structure for the presentation of requirements. Requirements should be grouped under one or more of the following heading

21、s: a) General requirements; b) Structural requirements; c) Resource requirements; d) Process requirements; e) Management system requirements. As such, each of the common elements will have requirements related to it grouped under one or more of the headings shown above. This PAS is not intended to b

22、ecome a future International Standard. At the end of three years after the date of publication, it is expected this PAS will be withdrawn and its contents incorporated as appropriate in relevant ISO/CASCO normative and guidance documents. Copyright International Organization for Standardization Repr

23、oduced by IHS under license with ISO Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-PUBLICLY AVAILABLE SPECIFICATION ISO/PAS 17002:2004(E) ISO 2004 All rights reserved 1Conformity assessment Confidentiality Principles and requirements 1 Scope This Publicly Availab

24、le Specification (PAS) contains principles and requirements for the element of confidentiality as it relates to conformity assessment. It is an internal tool for use in the ISO standards development process by ISO/CASCO working groups when addressing the element of confidentiality in the preparation

25、 of their documents. This Publicly Available Specification is not a stand-alone normative document to be used directly in conformity assessment activities. 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the

26、 edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO/IEC 17000, Conformity assessment Vocabulary and general principles 3 Terms and definitions For the purposes of this document, the terms and definitions given in ISO/I

27、EC 17000 apply. NOTE The use of the term “body” in this PAS means either an accreditation body or a conformity assessment body as defined in ISO/IEC 17000. 4 Principles of confidentiality 4.1 To gain access to the information needed to conduct effective conformity assessment activities, the body nee

28、ds to provide confidence that confidential information will not be disclosed. 4.2 All organizations and individuals have the right to have protected any proprietary information that they provide. 4.3 Managing the balance between confidentiality and public disclosure related requirements affects stak

29、eholders trust and their perception of value in the conformity assessment activities being performed. NOTE It is intended that there will be a separate PAS covering the common element of public disclosure. Copyright International Organization for Standardization Reproduced by IHS under license with

30、ISO Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-ISO/PAS 17002:2004(E) 2 ISO 2004 All rights reserved5 Requirements for confidentiality 5.1 General In developing this PAS it was recognised that there are varying degrees of specificity that ISO/CASCO working grou

31、ps should consider. As a result the requirements in this clause are categorized into three levels of specificity as follows. a) Obligatory: these are specific drafted requirements that shall be used by ISO/CASCO working groups where the element has to be addressed, without modification, except for s

32、ubstitution of more specific terms. For example, the phrase “Conformity assessment activities shall be undertaken impartially”, may be substituted more specifically with “Management system certification activities shall be undertaken impartially”. Justification is required from ISO/CASCO working gro

33、ups that do not use these requirements when dealing with the relevant common element. b) Recommended: these are drafted requirements that working groups should use if they wish to have a greater degree of specification. Modification is permissible. c) Suggested: these are considerations that could b

34、e taken into account in the drafting of requirements by the ISO/CASCO working group. By providing for these different levels of specificity, the PAS achieves the ISO/CASCO intent to have an agreed statement on elements that are common to all conformity assessment activities, and at the same time mai

35、ntains some flexibility for specific wording by individual ISO/CASCO working groups. 5.2 General requirements The following requirements are obligatory. a) The body shall be responsible, through legally enforceable commitments, for the management of all information obtained or created during the per

36、formance of conformity assessment activities. The body shall inform the client, in advance, of the information it intends to place in the public domain. Except for information that the client makes publicly available, or when agreed between the body and the client (e.g. for the purpose of responding

37、 to complaints), all other information is considered proprietary information and shall be regarded as confidential. b) When the body is required by law or authorized by contractual arrangements to release confidential information, the client or individual concerned shall, unless prohibited by law, b

38、e notified of the information provided. c) Information about the client obtained from sources other than the client (e.g. complainant, regulators) shall be treated as confidential. 5.3 Resource requirements 5.3.1 Obligatory requirements Personnel, including any committee members, contractors, person

39、nel of external bodies, or individuals acting on the bodys behalf, shall keep confidential all information obtained or created during the performance of the bodys conformity assessment activities, except as required by law. 5.3.2 Recommended requirements The body shall have available and use facilit

40、ies for the secure handling (e.g. postage, e-mailing, record destruction) of confidential information (e.g. documents, records) and objects of conformity assessment (e.g. product samples). Copyright International Organization for Standardization Reproduced by IHS under license with ISO Not for Resal

41、eNo reproduction or networking permitted without license from IHS-,-,-ISO/PAS 17002:2004(E) ISO 2004 All rights reserved 3Bibliography 1 CAN/CSA-Q830-03, Model Code for the Protection of Personal Information Copyright International Organization for Standardization Reproduced by IHS under license wit

42、h ISO Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-ISO/PAS 17002:2004(E) ICS 03.120.20 Price based on 3 pages ISO 2004 All rights reserved Copyright International Organization for Standardization Reproduced by IHS under license with ISO Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-