Confidentiality Guidance

Confidentiality Guidance

1 Test services documents and data security requirements:

     1.1 Test relevant document shall be signed and copied as customer’s requirement; the copies shall be retained in the laboratory and managed by the administration personnel. The laboratory is responsible to practice secrecy for customers; without the approval from top management, the documents cannot be copied or delivered to any third parties.

     1.2 Where there have special requirements from customers or when the technical services involve in the professional tests and technology from the optical laboratory, the Non-disclosure agreement (M-F001) shall be signed and complied on both sides. Non-disclosure agreement (M-F001) shall be signed by the top management.

     1.3 All members of ISOQA shall sign the Four-No policy recognizance (H-F001) to protect the right of the customer.

     1.4 Any external personnel who will participate in laboratory activities, including but not limited to: Witness the testing, Visiting, Site calibration and Training, which may obtain the confidential Information of thirdparty, shall sign Non-disclosure agreement (M-F001)

     1.5 ISOQA is required to ensure that, when legal or contractual authorizations are required to disclose confidential information, the information provided must be communicated to the relevant customer or related person via e-mail and shall record on ISOQA IMS System. It is necessary to ensure that information about customers is obtained from sources other than customers (such as complainants, regulatory authorities), and the provider (source) of such information is kept confidential. The Non-disclosure agreement (M-F001) shall be signed and complied on both sides.

2 Protection of ownership:

     2.1 In the aspect of intellectual property rights, where there is a need to cooperate with another test institute to develop test ability and analyzed technology for sampling. The protection and security of the ownership shall be written in forms to avoid the infringement acts happened.

     2.2 Tests and technically analyzed documents which are developed by ISOQA, when the transformation of the technology happened, top management of the laboratory shall be responsible to ownership protection and the documents shall be written in forms.

3 Confidential handling and execution:

     3.1 When tests are carrying out, customers without the agreements from top management are not allowed to enter the laboratory. If there is a need to enter, it shall be evaluated and follow the “Customer Servicing Procedure”.

     3.2 Test reports shall be signed by the report signatory before handing customers. The laboratory is responsible to maintain the duplicates of reports for managing and tracing purposes.

4 Data security:

     4.1 Documents which are listed as confidential document (including electronic files) shall not be printed or copied without authorization.

     4.2 Storage of important data shall be restrained, and the data file shall be stored in encryption.

     4.3 Data shall not be changed without the authorization from top management.

5 Data integrity:

     5.1 Each test record shall be filled in the assigned record form. The original data shall be protected and shall not be covered when amending. 

Non-Disclosure Agreement