Policy - Document Ref: QX3-CP02
Scope
At T.I.S., we recognize the trust our clients place in us when sharing sensitive information. Whether working with small family-run businesses or large corporations, we are committed to upholding the highest standards of confidentiality and data protection. We understand the importance of safeguarding our clients' proprietary and personal information, and we ensure that all details are handled with the utmost care and discretion. Our confidentiality policy is designed to protect the integrity and privacy of our clients, ensuring that all business information is treated with the highest level of confidentiality at all times.
Normative references
- Money Laundering Regulations 2007- Legislation
- QX2-GDPR- GDPR Policy
- QX9-DCP- Document control policy
- HR-02 Confidentiality agreement
Definitions
Confidentiality-The ethical principle or legal right that a professional will hold secret all information relating to a person, company, client, unless they give consent permitting disclosure.
Objectives
At Technical Innovation Services (T.I.S.), we are fully committed to protecting the privacy and confidentiality of our clients' information. This policy outlines the processes and procedures in place to prevent any breaches of client confidentiality and ensures that all sensitive data is handled with the highest level of care.
Procedures
This policy applies to all employees, contractors, and temporary staff, including permanent, temporary, agency, and labour-only personnel. All individuals engaged with T.I.S. are required to sign the Confidentiality Agreement HR-02 upon the commencement of their employment or engagement with the company.
Visitor Protocols
All visitors to T.I.S. must sign in and out at reception upon entering and exiting the premises. Visitors are to be escorted and supervised at all times while on company grounds to ensure that access to confidential information is strictly controlled. To protect the confidentiality of client and project-specific information:
Private Discussions: Confidential information, audit results, and sensitive project data must never be discussed in open, shared areas. These discussions should only occur with the client’s authorized epresentative, the T.I.S. employee working directly on the project, and, if necessary, senior management.
Electronic Communications: All sensitive information, including project results, updates, and client-specific details, must be sent via email only to the designated recipient— the client’s authorized representative. Employees are responsible for verifying the correct recipient’s email address. If there is any doubt about the intended recipient, employees must consult with senior management before sending any confidential information.
Protection of Client Property
Any client property, including equipment, sample sections, or materials, must be securely stored and maintained in confidence at all times. Only authorized personnel are permitted to handle, analyze, test, or service any client property. This ensures that both the physical and intellectual property of our clients are protected from unauthorized access or misuse. Under the General Data Protection Regulation (GDPR), individuals have the right to be informed about what personal data is collected, why it is collected, and how it is used. T.I.S. is committed to ensuring that all personal data is handled in full compliance with GDPR regulations. For detailed information about how we process and protect personal data, please refer to our GDPR Policy QX2-GDPR.
All sensitive information is kept in secure folders in our shared computer system network that are only accessible to authorised personnel who work in that unit of the business and are password protected. Hard copies of sensitive information are stored in a locked office and are only authorised personnel are allowed to access or retrieve this information if it is needed for their job role and or activities. These are only stored until they can be scanned electronically then securely destroyed. These documents will be handled and destroyed in accordance with our Document control procedure QX9-DCP.
If a customer’s confidentiality is breached, we will inform them at the earliest opportunity of the reasons for breaching your confidence. We will make every effort to ensure that you are they are given maximum control possible over the process of breaching confidentiality and keep them informed at every stage of the action we take. We take all necessary steps to address the breach, minimize any potential damage, and prevent future occurrences, demonstrating our commitment to maintaining the trust and confidentiality of our clients.
Responsibilities
By adhering to these guidelines, we ensure the continued protection of client information and uphold the trust placed in us. All T.I.S. employees and associates are expected to act in accordance with this policy and contribute to a secure, confidential working environment.
Compliance
T.I.S. will not share or pass on any client information to third parties without obtaining prior consent, except where required by law. For example, when we work with training candidates, they are made fully aware of our GDPR statement and are asked to provide consent for us to share their information with our training accreditation body. This sharing is strictly for the purpose of acquiring accreditation and auditing our training procedure.
Any declarations that have not been signed by the individual will be excluded from the audit process, ensuring that only those who have provided explicit consent have their information processed in this way.
Employees who breach the organization’s confidentiality policy will be subject to disciplinary proceedings. The severity of the disciplinary action will depend on the nature of the breach and its impact on the organization, clients, or stakeholders.
In certain situations, T.I.S. may be legally required to disclose client information without consent. This may include compliance with laws such as the Money Laundering Regulations (2007), which may obligate us to report suspicious activities to the relevant authorities. In such cases, our legal duty to report takes precedence over our commitment to confidentiality.
Summary
Our confidentiality policy is designed to ensure that all data and proprietary information are handled securely and in compliance with applicable laws and industry standards. The policy will be periodically reviewed, and updates will be made as necessary. If you are referring to a printed copy of this policy, please ensure it matches the issue number found in the QMS folder on the TIS intranet, as only the current version is considered valid.
