Any information of client acquired/created by MQAS, during information gathering, audit or during certification process or otherwise shall be kept confidential and shall not be divulged to any third party. To this effect:
- The above shall be applicable to all MQAS personnel and any outside organization to which MQAS may employ for a particular work to be carried out. The outside organization shall include any organization or individual acting on behalf of MQAS.
- All personnel of MQAS shall execute a Non Disclosure Agreement with MQAS.
- Any outside organization working on behalf of MQAS shall execute NDA with MQAS for confidentiality for MQAS and the client, for which the outside organization has been engaged.
- MQAS or the outside organization working on behalf of MQAS shall abide by security requirements of the clients.
- MQAS shall ensure the safe handling and storage of confidential information.
- MQAS shall not disclose any information to third party about client or individual without obtaining prior written permission. In case the information is required legally by a third party, the client or individual shall , unless regulated by law, be notified in advance.
- Information received from other sources (Regulator, complaints) about the client, shall also be treated as confidential and shall be dealt with as per policy.
- In case any hard copies of client records are collected for the purpose of audit, they will be kept in lock and key. They will be returned when there is no further need at the earliest.
- In case soft copies of client records are collected, they will be stored in PCs that are secured by user id and password. They will be removed when there is no further need at the earliest.