Download pdf - Is.iso.pas.17002.2004[1]

Page 1: Is.iso.pas.17002.2004[1]

Disclosure to Promote the Right To Information

Whereas the Parliament of India has set out to provide a practical regime of right to information for citizens to secure access to information under the control of public authorities, in order to promote transparency and accountability in the working of every public authority, and whereas the attached publication of the Bureau of Indian Standards is of particular interest to the public, particularly disadvantaged communities and those engaged in the pursuit of education and knowledge, the attached public safety standard is made available to promote the timely dissemination of this information in an accurate manner to the public.

इंटरनेट मानक

“!ान $ एक न' भारत का +नम-ण”Satyanarayan Gangaram Pitroda

“Invent a New India Using Knowledge”

“प0रा1 को छोड न' 5 तरफ”Jawaharlal Nehru

“Step Out From the Old to the New”

“जान1 का अ+धकार, जी1 का अ+धकार”Mazdoor Kisan Shakti Sangathan

“The Right to Information, The Right to Live”

“!ान एक ऐसा खजाना > जो कभी च0राया नहB जा सकता है”Bhartṛhari—Nītiśatakam

“Knowledge is such a treasure which cannot be stolen”

“Invent a New India Using Knowledge”


IS/ISO/PAS 17002 (2004): Conformity assessmentconfidentiality principles and requirements [MSD 10: SocialResponsibility]

Page 2: Is.iso.pas.17002.2004[1]
Page 3: Is.iso.pas.17002.2004[1]
Page 4: Is.iso.pas.17002.2004[1]

ISIISOIPAS 17002:2004

Indian standard


I(Y3 03.120.20

@ BIS 2007


NEW DELHI 110002

August 2007 Price Group 2

Page 5: Is.iso.pas.17002.2004[1]

National Mirror Committee of CASCO, IRD 1


This Indian Standard which is identical with lSO/PAS 17002:2004 ‘Conformity assessment — Confidentiality— Principles and requirements’ issued by the International Organization for Standardization (ISO) was adoptedby the Bureau of Indian Standards on the recommendation of the NationahMirror Committee of CASCO andapproval of the Director General, Bureau of Indian Standards under Rule 8(3)C of BE Ru/es, 1987.

The text of lSO/PAS Standard has been approved as suitable for publication as an Indian Standard withoutdeviations. Certain conventions are, however, not identical to those used in Indian Standards. Attention isparticularly drawn to the following:



Wherever the words ‘International Standard’ appear referring to this standard, they should be read as‘Indian Standard’.

Comma (,) has been used as a decimal marker while in’ Indian Standards, the current practice is touse a point (.) as the decimal marker.

Page 6: Is.iso.pas.17002.2004[1]

lS/lSO/PAS 17002:2004


In 2001 the ISO Council asked its policy committee on conformity assessment (lSO/CASCO) to study andprepare a group of common elements for application in future ISO documents on conformity assessment.Subsequent to this request, lSO/CASCO approved the formation of Working Group 23, Common elements in/SO//EC Standards for conformity assessment activities, to undertake this task.

The working group has identified several common elements, including among others

— impartiality,

— confidentiality,

— complaints and appeals,

— management systems,

This Publicly Available Specification (PAS) addresses the “confidentiality” element that occurs in many of thelSO/lEC Guides and International Standards on conformity assessment.

The PAS covers the agreed principles that give substance to the element of confidentiality, and also providesrequirements clauses intended to be included in future lSO/lEC International Standards on conformityassessment.

This PAS is intended to apply to the drafling of documents on conformity assessment by lSO/CASCO.

Clause 4 (Principles) contains statements that are intended to orientate lSO/CASCO working groups in theirtask of creating requirements to address confidentiality in their documents.

The requirements to be inserted into future lSO/CASCO documents that cover the common element of“confidentiality are detailed in Clause 5. lSO/CASCO has adopted a common structure for the presentation ofrequirements. Requirements should be grouped under one or more of the following headings:

a) General requirements;

b) Structural requirements;

c) Resource requirements;

d) Process requirements;

e) Management system requirements.

As such, each of the common elements will have requirements related to it grouped under one or more of theheadings shown above.

This PAS is not intended to become a future International Standard, At the end of three years after the date ofpublication, it is expected this PAS will be withdrawn and its contents incorporated as appropriate in relevantlSO/CASCO normative and guidance documents.

Page 7: Is.iso.pas.17002.2004[1]

lS/lSO/PAS 17002:2004

Indian Standard


1 Scope

This Publicly Available Specification (PAS) contains principles and requirements for the element ofconfidentiality as it relates to conformity assessment.

It is an internal tool for use in the ISO standards development process by lSO/CASCO working groups whenaddressing the element of confidentiality in the preparation of their documents.

This Publicly Available Specification is not a stand-alone normative document to be used directly in conformityassessment activities,

2 Normative references

The following referenced documents are indispensable for the application of this document. For datedreferences, only the edition cited applies. For undated references, the latest edition of the referenceddocument (including any amendments) applies.

lSO/lEC 17000, Conformity assessment — Vocabulary and general principles

3 Terms and definitions

For the purposes of this document, the terms and definitions given in lSO/lEC 17000 apply.

NOTE The use of the term “body” in this PAS means either an accreditationbody or a conformity assessment bodyas defined in lSO/lEC 17000.

4 Principles of confidentiality

4.1 To gain access to the information needed to conduct effective conformity assessment activities, thebody needs to provide confidence that confidential information will not be disclosed.

4.2 All organizations and individuals have the right to have protected any proprietary information that theyprovide.

4.3 Managing the balance between confidentiality and public disclosure related requirements affectsstakeholders’ trust and their perception of value in the conformity assessment activities being performed.

NOTE It is intended that there will be a separate PAS coveringthe commonelement of public disclosure.

Page 8: Is.iso.pas.17002.2004[1]

lS/lSO/PAS 17002:2004

5 Requirements for confidentiality

5,1 General

In developing this PAS it was recognised that there are varying degrees of specificity that lSO/CASCOworking groups should consider. As a result the requirements in this clause are categorized into three levels ofspecificity as follows.

a) Obligatory: these are specific drafted requirements that shall be used by lSO/CASCO working groupswhere the element has to be addressed, without modification, except for substitution of more specificterms. For example, the phrase “Conformity assessment activities shall be undertaken impartially”, maybe substituted more specifically with “Management system certification activities shall be undertakenimpartially”. Justification is required from LSO/CASCO working groups that do not use these requirementswhen dealing with the relevant common element.

b) Recommended: these are drafted requirements that working groups should use if they wish to have agreater degree of specification. Modification is permissible.

c) Suggested: these are considerations that could be taken into account in the drafting of requirements bythe. ISOIGASGO working group.

By providing for these different levels of specificity, the PAS achieves the lSO/CASCO intent to have anagreed statement on elements that are common to all conformity assessment activities, and at the same timemaintains some flexibility for specific wording by individual lSO/CASCO working groups.

5.2 General requirements9

The following requirements are obligatory.





The body shall be responsible, through legally enforceable commitments, for the management of allinformation obtained or created during the performance of conformity assessment activities, The bodyshall inform the client, in advance, of the information it intends to place in the public domain. Except forinformation that the client makes publicly available, or when agreed between the body and the client (e.g.for the purpose of responding to complaints), all other information is considered proprietary informationand shall be regarded as confidential.

information, the client or in~vidualinformation provided.

Information about the client obtainedshall be treated as confidential.

Resource requirements

concerned shall, unless

from sources other than

When the body is required by law or authorized by contractual arrangements to release confidentialprohibited by law, be notified of the

the client (e.g. complainant, regulators)

5.3.1 Obligatory requirements

Personnel, including any committee members, contractors, personnel of external bodies, or individuals actingon the body’s behalf, shall keep confidential all information obtained or created during the performance of thebody’s conformity assessment activities, except as required by law.

5.3.2 Recommended requirements

The body shall have available and use facilities for the secure handling (e.g. postage, e-mailing, recorddestruction) of confidential information (e.g. documents, records) and objects of conformity assessment (e.g.product samples),


Page 9: Is.iso.pas.17002.2004[1]

lS/lSO/PAS 17002:2004


[1] CANICSA-Q830-03,Model Code for the Protection of Pmonal Information

Page 10: Is.iso.pas.17002.2004[1]

, -..&.— J-”-- ——— ____./,

—.— - -1

Bureau of Indian Standards

BIS is a statutory institution established under the Bureau of /rrdian Standards Act, 1986 to promoteharmonious development of the activities of standardization, marking and quality certification ofgoods and attending to connected matters in the country.


BIS has the copyright of all its publications. No part of the these publications may be reproduced inany form without the prior permission in writing of BIS. This does not preclude the free use, in thecourse of implementing the standard, of necessary details, such as symbols and sizes, type or gradedesignations. Enquiries relating to copyright be addressed to the Director (Publications), BIS.

Review of Indian Standards

Amendments are issued to standards as the need arises on the basis of comments. Standards arealso reviewed periodically; a standard alongwith amendments is reaffirmed when such review indicatesthat no changes are needed; if the review indicates that changes are needed, it is taken up for revision.Users of Indian Standards should ascertain that they are in possession of

edition by referring to the latest issue of ‘BIS Catalogue’ and ‘Standards:

This Indian Standard has been developed from Dot: No. IRD 1 (005).

Amendments Issued Since Publication

the latest amendments or?

Monthly Additions’.

Amend No. Date of Issue Text Affected



Manak Bhavan, 9 Bahadur Shah Zafar Marg, New Delhi 110002Telephones :23230131, 23233375, 23239402 Website : www.

Regional Offices : Telephones













: Manak Bhavan, 9 Bahadur Shah Zafar MargNEW DELHI 110002

1/14 C.I.T. Scheme Vll M, V.I.P. Road, KankurgachiKOLKATA 700054

: SCO 335-336, Sector 34-A, CHANDIGARH 160022

: C.I.T. Campus, IV Cross Road, CHENNAI 600113

: Manakalaya, E9 MlDC, Marol, Andheri (East)MUMBAI 400093



Printed at Shri Gane.$h Associates, DeI~
