SlideShare a Scribd company logo

Is.iso.pas.17002.2004[1]

Luís Nunes da Silva
Luís Nunes da Silva

This document provides a summary of the Bureau of Indian Standards' publication of the public safety standard IS/ISO/PAS 17002 (2004) on conformity assessment and confidentiality principles and requirements. The summary includes: 1) The publication aims to promote transparency and accountability in public authorities by making the public safety standard available to the public, particularly disadvantaged communities and those in education. 2) The standard establishes principles and requirements for managing confidential information obtained during conformity assessment activities in order to balance confidentiality needs with transparency requirements. 3) The standard contains 5 clauses outlining the scope, norms, terms, principles, and requirements related to confidentiality for conformity assessment bodies and accreditation bodies to follow

Engineering
1 of 10
Download to read offline
Disclosure to Promote the Right To Information Whereas the Parliament of India has set out to provide a practical regime of right to information for citizens to secure access to information under the control of public authorities, in order to promote transparency and accountability in the working of every public authority, and whereas the attached publication of the Bureau of Indian Standards is of particular interest to the public, particularly disadvantaged communities and those engaged in the pursuit of education and knowledge, the attached public safety standard is made available to promote the timely dissemination of this information in an accurate manner to the public. इंटरनेट मानक “!ान $ एक न' भारत का +नम-ण” Satyanarayan Gangaram Pitroda “Invent a New India Using Knowledge” “प0रा1 को छोड न' 5 तरफ” Jawaharlal Nehru “Step Out From the Old to the New” “जान1 का अ+धकार, जी1 का अ+धकार” Mazdoor Kisan Shakti Sangathan “The Right to Information, The Right to Live” “!ान एक ऐसा खजाना > जो कभी च0राया नहB जा सकता है” Bhartṛhari—Nītiśatakam “Knowledge is such a treasure which cannot be stolen” “Invent a New India Using Knowledge” है”ह”ह IS/ISO/PAS 17002 (2004): Conformity assessment confidentiality principles and requirements [MSD 10: Social Responsibility]
ISIISOIPAS 17002:2004 Indian standard CONFORMITY ASSESSMENT — CONFIDENTIALITY — PRINCIPLES AND REQUIREMENTS I(Y3 03.120.20 @ BIS 2007 BUREAU OF INDIAN STAN!3ARDS MANAK BHAVAN, 9 BAHADUR SHAH ZAFAR MARG NEW DELHI 110002 August 2007 Price Group 2
National Mirror Committee of CASCO, IRD 1 NATIONAL FOREWORD This Indian Standard which is identical with lSO/PAS 17002:2004 ‘Conformity assessment — Confidentiality — Principles and requirements’ issued by the International Organization for Standardization (ISO) was adopted by the Bureau of Indian Standards on the recommendation of the NationahMirror Committee of CASCO and approval of the Director General, Bureau of Indian Standards under Rule 8(3)C of BE Ru/es, 1987. The text of lSO/PAS Standard has been approved as suitable for publication as an Indian Standard without deviations. Certain conventions are, however, not identical to those used in Indian Standards. Attention is particularly drawn to the following: a) b) Wherever the words ‘International Standard’ appear referring to this standard, they should be read as ‘Indian Standard’. Comma (,) has been used as a decimal marker while in’ Indian Standards, the current practice is to use a point (.) as the decimal marker.
lS/lSO/PAS 17002:2004 Introduction In 2001 the ISO Council asked its policy committee on conformity assessment (lSO/CASCO) to study and prepare a group of common elements for application in future ISO documents on conformity assessment. Subsequent to this request, lSO/CASCO approved the formation of Working Group 23, Common elements in /SO//EC Standards for conformity assessment activities, to undertake this task. The working group has identified several common elements, including among others — impartiality, — confidentiality, — complaints and appeals, — management systems, This Publicly Available Specification (PAS) addresses the “confidentiality” element that occurs in many of the lSO/lEC Guides and International Standards on conformity assessment. The PAS covers the agreed principles that give substance to the element of confidentiality, and also provides requirements clauses intended to be included in future lSO/lEC International Standards on conformity assessment. This PAS is intended to apply to the drafling of documents on conformity assessment by lSO/CASCO. Clause 4 (Principles) contains statements that are intended to orientate lSO/CASCO working groups in their task of creating requirements to address confidentiality in their documents. The requirements to be inserted into future lSO/CASCO documents that cover the common element of “confidentiality are detailed in Clause 5. lSO/CASCO has adopted a common structure for the presentation of requirements. Requirements should be grouped under one or more of the following headings: a) General requirements; b) Structural requirements; c) Resource requirements; d) Process requirements; e) Management system requirements. As such, each of the common elements will have requirements related to it grouped under one or more of the headings shown above. This PAS is not intended to become a future International Standard, At the end of three years after the date of publication, it is expected this PAS will be withdrawn and its contents incorporated as appropriate in relevant lSO/CASCO normative and guidance documents.
lS/lSO/PAS 17002:2004 Indian Standard CONFORMITY ASSESSMENT — CONFIDENTIALITY — PRINCIPLES AND REQUIREMENTS 1 Scope This Publicly Available Specification (PAS) contains principles and requirements for the element of confidentiality as it relates to conformity assessment. It is an internal tool for use in the ISO standards development process by lSO/CASCO working groups when addressing the element of confidentiality in the preparation of their documents. This Publicly Available Specification is not a stand-alone normative document to be used directly in conformity assessment activities, 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. lSO/lEC 17000, Conformity assessment — Vocabulary and general principles 3 Terms and definitions For the purposes of this document, the terms and definitions given in lSO/lEC 17000 apply. NOTE The use of the term “body” in this PAS means either an accreditationbody or a conformity assessment body as defined in lSO/lEC 17000. 4 Principles of confidentiality 4.1 To gain access to the information needed to conduct effective conformity assessment activities, the body needs to provide confidence that confidential information will not be disclosed. 4.2 All organizations and individuals have the right to have protected any proprietary information that they provide. 4.3 Managing the balance between confidentiality and public disclosure related requirements affects stakeholders’ trust and their perception of value in the conformity assessment activities being performed. NOTE It is intended that there will be a separate PAScoveringthe commonelementof publicdisclosure.
lS/lSO/PAS 17002:2004 5 Requirements for confidentiality 5,1 General In developing this PAS it was recognised that there are varying degrees of specificity that lSO/CASCO working groups should consider. As a result the requirements in this clause are categorized into three levels of specificity as follows. a) Obligatory: these are specific drafted requirements that shall be used by lSO/CASCO working groups where the element has to be addressed, without modification, except for substitution of more specific terms. For example, the phrase “Conformity assessment activities shall be undertaken impartially”, may be substituted more specifically with “Management system certification activities shall be undertaken impartially”. Justification is required from LSO/CASCO working groups that do not use these requirements when dealing with the relevant common element. b) Recommended: these are drafted requirements that working groups should use if they wish to have a greater degree of specification. Modification is permissible. c) Suggested: these are considerations that could be taken into account in the drafting of requirements by the.ISOIGASGO working group. By providing for these different levels of specificity, the PAS achieves the lSO/CASCO intent to have an agreed statement on elements that are common to all conformity assessment activities, and at the same time maintains some flexibility for specific wording by individual lSO/CASCO working groups. 5.2 General requirements 9 The following requirements are obligatory. a) b) c) 5.3 The body shall be responsible, through legally enforceable commitments, for the management of all information obtained or created during the performance of conformity assessment activities, The body shall inform the client, in advance, of the information it intends to place in the public domain. Except for information that the client makes publicly available, or when agreed between the body and the client (e.g. for the purpose of responding to complaints), all other information is considered proprietary information and shall be regarded as confidential. information, the client or in~vidual information provided. Information about the client obtained shall be treated as confidential. Resource requirements concerned shall, unless from sources other than When the body is required by law or authorized by contractual arrangements to release confidential prohibited by law, be notified of the the client (e.g. complainant, regulators) 5.3.1 Obligatory requirements Personnel, including any committee members, contractors, personnel of external bodies, or individuals acting on the body’s behalf, shall keep confidential all information obtained or created during the performance of the body’s conformity assessment activities, except as required by law. 5.3.2 Recommended requirements The body shall have available and use facilities for the secure handling (e.g. postage, e-mailing, record destruction) of confidential information (e.g. documents, records) and objects of conformity assessment (e.g. product samples), 2
lS/lSO/PAS 17002:2004 Bibliography [1] CANICSA-Q830-03,Model Code for the Protection of Pmonal Information
, -..&.— J-”-- ——— ____ ./, —.— - -1 Bureau of Indian Standards BIS is a statutory institution established under the Bureau of /rrdian Standards Act, 1986 to promote harmonious development of the activities of standardization, marking and quality certification of goods and attending to connected matters in the country. Copyright BIS has the copyright of all its publications. No part of the these publications may be reproduced in any form without the prior permission in writing of BIS. This does not preclude the free use, in the course of implementing the standard, of necessary details, such as symbols and sizes, type or grade designations. Enquiries relating to copyright be addressed to the Director (Publications), BIS. Review of Indian Standards Amendments are issued to standards as the need arises on the basis of comments. Standards are also reviewed periodically; a standard alongwith amendments is reaffirmed when such review indicates that no changes are needed; if the review indicates that changes are needed, it is taken up for revision. Users of Indian Standards should ascertain that they are in possession of edition by referring to the latest issue of ‘BIS Catalogue’ and ‘Standards: This Indian Standard has been developed from Dot: No. IRD 1 (005). Amendments Issued Since Publication the latest amendments or ? Monthly Additions’. Amend No. Date of Issue Text Affected BUREAU OF INDIAN STANDARDS Headquarters: Manak Bhavan, 9 Bahadur Shah Zafar Marg, New Delhi 110002 Telephones :23230131, 23233375, 23239402 Website : www. bis.org.in Regional Offices : Telephones { 2323’7617 23233841 { 23378499,23378561 23378626,23379120 { 2603843 2609285 { 22541216,22541442 22542519,22542315 { 28329295,28327858 28327891,28327892 -. Central Eastern Northern Southern Western Branches : Manak Bhavan, 9 Bahadur Shah Zafar Marg NEW DELHI 110002 1/14 C.I.T. Scheme Vll M, V.I.P. Road, Kankurgachi KOLKATA 700054 : SCO 335-336, Sector 34-A, CHANDIGARH 160022 : C.I.T. Campus, IV Cross Road, CHENNAI 600113 : Manakalaya, E9 MlDC, Marol, Andheri (East) MUMBAI 400093 A : AHMEDABAD. BANGALORE. BHOPAL. BHUBANESHWAR. COIMBATORE. FARIDABAD. GHAZIABAD. GtJWAHAT1. HYDERABAD. JAIPUR. KANPUR. LUCKNOW. NAGPUR. PARWANOO. PATNA. PUNE. RAJKOT. THIRUVANANTHAPURAM. VISAKHAPATNAM. Printed at Shri Gane.$h Associates, DeI~

Recommended

Observation
ObservationObservation
Observation
Fred Lamora
 
Tugas harits
Tugas haritsTugas harits
Tugas harits
haritsrifki99
 
Observation lab 11.1.megan_ford
Observation lab 11.1.megan_fordObservation lab 11.1.megan_ford
Observation lab 11.1.megan_ford
meganford
 
Fazil presentation 001
Fazil presentation 001Fazil presentation 001
Fazil presentation 001
fazaksit
 
Manif pour tous le 13 janvier
Manif pour tous le 13 janvierManif pour tous le 13 janvier
Manif pour tous le 13 janvierLe Condettois
 
ToSeemo.org
ToSeemo.org ToSeemo.org
ToSeemo.org
katerina_gerasenkova
 
Iso private security
Iso private securityIso private security
Iso private security
Eytan Magal, CPP
 
40992715
4099271540992715
40992715
Siddanna Balapgol
 

Recommended

Observation
ObservationObservation
Observation
Fred Lamora
 
Tugas harits
Tugas haritsTugas harits
Tugas harits
haritsrifki99
 
Observation lab 11.1.megan_ford
Observation lab 11.1.megan_fordObservation lab 11.1.megan_ford
Observation lab 11.1.megan_ford
meganford
 
Fazil presentation 001
Fazil presentation 001Fazil presentation 001
Fazil presentation 001
fazaksit
 
Manif pour tous le 13 janvier
Manif pour tous le 13 janvierManif pour tous le 13 janvier
Manif pour tous le 13 janvierLe Condettois
 
ToSeemo.org
ToSeemo.org ToSeemo.org
ToSeemo.org
katerina_gerasenkova
 
Iso private security
Iso private securityIso private security
Iso private security
Eytan Magal, CPP
 
40992715
4099271540992715
40992715
Siddanna Balapgol
 
cryptocurrency-security-standard-auditor-ccssa-guide.pdf
cryptocurrency-security-standard-auditor-ccssa-guide.pdfcryptocurrency-security-standard-auditor-ccssa-guide.pdf
cryptocurrency-security-standard-auditor-ccssa-guide.pdf
ssuser66b5d61
 
Audit standards for Federal PKI Certification Authorities using PKI
Audit standards for Federal PKI Certification Authorities using PKIAudit standards for Federal PKI Certification Authorities using PKI
Audit standards for Federal PKI Certification Authorities using PKI
David Sweigert
 
NQA Migration OHSAS to ISO 45001
NQA Migration OHSAS to ISO 45001NQA Migration OHSAS to ISO 45001
NQA Migration OHSAS to ISO 45001
NA Putra
 
NQA ISO 45001 Gap Guide
NQA ISO 45001 Gap GuideNQA ISO 45001 Gap Guide
NQA ISO 45001 Gap Guide
NQA
 
Nicc 1 Normas Internacionales Sobre Control De Calidad 1 En Ingles
Nicc 1 Normas Internacionales Sobre Control De Calidad 1 En InglesNicc 1 Normas Internacionales Sobre Control De Calidad 1 En Ingles
Nicc 1 Normas Internacionales Sobre Control De Calidad 1 En Ingles
guest4a971d
 
HIPAA summit presentation
HIPAA summit presentationHIPAA summit presentation
HIPAA summit presentation
Sue Popkes, MSM
 
Fairness Opinion on Debate
Fairness Opinion on DebateFairness Opinion on Debate
Fairness Opinion on Debate
Giana Araujo
 
B003 2010-iaasb-handbook-framework
B003 2010-iaasb-handbook-frameworkB003 2010-iaasb-handbook-framework
B003 2010-iaasb-handbook-framework
RS NAVARRO
 
Regulatory Reforms Needed for Ease of Doing Business in India - Viewpoint Paper
Regulatory Reforms Needed for Ease of Doing Business in India - Viewpoint PaperRegulatory Reforms Needed for Ease of Doing Business in India - Viewpoint Paper
Regulatory Reforms Needed for Ease of Doing Business in India - Viewpoint Paper
CUTS International
 
ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...
ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...
ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...
iFour Consultancy
 
A007 2010-iaasb-handbook-isqc-1
A007 2010-iaasb-handbook-isqc-1A007 2010-iaasb-handbook-isqc-1
A007 2010-iaasb-handbook-isqc-1
RS NAVARRO
 
E EDP Project (ICSI)
E EDP Project (ICSI)E EDP Project (ICSI)
E EDP Project (ICSI)
Vikrant Mahajan
 
Psqc redrafted
Psqc redraftedPsqc redrafted
Psqc redrafted
RS NAVARRO
 
Asia Cloud Computing Association’s (ACCA) Response to India’s Draft Health Da...
Asia Cloud Computing Association’s (ACCA) Response to India’s Draft Health Da...Asia Cloud Computing Association’s (ACCA) Response to India’s Draft Health Da...
Asia Cloud Computing Association’s (ACCA) Response to India’s Draft Health Da...
accacloud
 
Hitrust csf-assurance-program-requirements-v1 3-final
Hitrust csf-assurance-program-requirements-v1 3-finalHitrust csf-assurance-program-requirements-v1 3-final
Hitrust csf-assurance-program-requirements-v1 3-final
ajcob123
 
04_a_CEPEJ(2021)5 EN - CEPEJ roadmap certification AI (1).docx
04_a_CEPEJ(2021)5 EN - CEPEJ roadmap certification AI (1).docx04_a_CEPEJ(2021)5 EN - CEPEJ roadmap certification AI (1).docx
04_a_CEPEJ(2021)5 EN - CEPEJ roadmap certification AI (1).docx
PetruVrlan
 
SurveyofBP
SurveyofBPSurveyofBP
SurveyofBP
George Brotbeck
 
C o m m i t t e e o f S p o n s o r i n g O r g a n i z a t
C o m m i t t e e o f S p o n s o r i n g O r g a n i z a tC o m m i t t e e o f S p o n s o r i n g O r g a n i z a t
C o m m i t t e e o f S p o n s o r i n g O r g a n i z a t
TawnaDelatorrejs
 
EHR Certification Requirements For Medical Practices
EHR Certification Requirements For Medical PracticesEHR Certification Requirements For Medical Practices
EHR Certification Requirements For Medical Practices
Michael Patrick
 
NSTIC draft charter february 2012
NSTIC draft charter february 2012NSTIC draft charter february 2012
NSTIC draft charter february 2012
Jamie Clark
 
BRAIN TUMOR DETECTION for seminar ppt.pdf
BRAIN TUMOR DETECTION for seminar ppt.pdfBRAIN TUMOR DETECTION for seminar ppt.pdf
BRAIN TUMOR DETECTION for seminar ppt.pdf
LAXMAREDDY22
 
Material for memory and display system h
Material for memory and display system hMaterial for memory and display system h
Material for memory and display system h
gowrishankartb2005
 

More Related Content

Similar to Is.iso.pas.17002.2004[1]

cryptocurrency-security-standard-auditor-ccssa-guide.pdf
cryptocurrency-security-standard-auditor-ccssa-guide.pdfcryptocurrency-security-standard-auditor-ccssa-guide.pdf
cryptocurrency-security-standard-auditor-ccssa-guide.pdf
ssuser66b5d61
 
Audit standards for Federal PKI Certification Authorities using PKI
Audit standards for Federal PKI Certification Authorities using PKIAudit standards for Federal PKI Certification Authorities using PKI
Audit standards for Federal PKI Certification Authorities using PKI
David Sweigert
 
NQA Migration OHSAS to ISO 45001
NQA Migration OHSAS to ISO 45001NQA Migration OHSAS to ISO 45001
NQA Migration OHSAS to ISO 45001
NA Putra
 
NQA ISO 45001 Gap Guide
NQA ISO 45001 Gap GuideNQA ISO 45001 Gap Guide
NQA ISO 45001 Gap Guide
NQA
 
Nicc 1 Normas Internacionales Sobre Control De Calidad 1 En Ingles
Nicc 1 Normas Internacionales Sobre Control De Calidad 1 En InglesNicc 1 Normas Internacionales Sobre Control De Calidad 1 En Ingles
Nicc 1 Normas Internacionales Sobre Control De Calidad 1 En Ingles
guest4a971d
 
HIPAA summit presentation
HIPAA summit presentationHIPAA summit presentation
HIPAA summit presentation
Sue Popkes, MSM
 
Fairness Opinion on Debate
Fairness Opinion on DebateFairness Opinion on Debate
Fairness Opinion on Debate
Giana Araujo
 
B003 2010-iaasb-handbook-framework
B003 2010-iaasb-handbook-frameworkB003 2010-iaasb-handbook-framework
B003 2010-iaasb-handbook-framework
RS NAVARRO
 
Regulatory Reforms Needed for Ease of Doing Business in India - Viewpoint Paper
Regulatory Reforms Needed for Ease of Doing Business in India - Viewpoint PaperRegulatory Reforms Needed for Ease of Doing Business in India - Viewpoint Paper
Regulatory Reforms Needed for Ease of Doing Business in India - Viewpoint Paper
CUTS International
 
ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...
ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...
ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...
iFour Consultancy
 
A007 2010-iaasb-handbook-isqc-1
A007 2010-iaasb-handbook-isqc-1A007 2010-iaasb-handbook-isqc-1
A007 2010-iaasb-handbook-isqc-1
RS NAVARRO
 
E EDP Project (ICSI)
E EDP Project (ICSI)E EDP Project (ICSI)
E EDP Project (ICSI)
Vikrant Mahajan
 
Psqc redrafted
Psqc redraftedPsqc redrafted
Psqc redrafted
RS NAVARRO
 
Asia Cloud Computing Association’s (ACCA) Response to India’s Draft Health Da...
Asia Cloud Computing Association’s (ACCA) Response to India’s Draft Health Da...Asia Cloud Computing Association’s (ACCA) Response to India’s Draft Health Da...
Asia Cloud Computing Association’s (ACCA) Response to India’s Draft Health Da...
accacloud
 
Hitrust csf-assurance-program-requirements-v1 3-final
Hitrust csf-assurance-program-requirements-v1 3-finalHitrust csf-assurance-program-requirements-v1 3-final
Hitrust csf-assurance-program-requirements-v1 3-final
ajcob123
 
04_a_CEPEJ(2021)5 EN - CEPEJ roadmap certification AI (1).docx
04_a_CEPEJ(2021)5 EN - CEPEJ roadmap certification AI (1).docx04_a_CEPEJ(2021)5 EN - CEPEJ roadmap certification AI (1).docx
04_a_CEPEJ(2021)5 EN - CEPEJ roadmap certification AI (1).docx
PetruVrlan
 
SurveyofBP
SurveyofBPSurveyofBP
SurveyofBP
George Brotbeck
 
C o m m i t t e e o f S p o n s o r i n g O r g a n i z a t
C o m m i t t e e o f S p o n s o r i n g O r g a n i z a tC o m m i t t e e o f S p o n s o r i n g O r g a n i z a t
C o m m i t t e e o f S p o n s o r i n g O r g a n i z a t
TawnaDelatorrejs
 
EHR Certification Requirements For Medical Practices
EHR Certification Requirements For Medical PracticesEHR Certification Requirements For Medical Practices
EHR Certification Requirements For Medical Practices
Michael Patrick
 
NSTIC draft charter february 2012
NSTIC draft charter february 2012NSTIC draft charter february 2012
NSTIC draft charter february 2012
Jamie Clark
 

Similar to Is.iso.pas.17002.2004[1] (20)

cryptocurrency-security-standard-auditor-ccssa-guide.pdf
cryptocurrency-security-standard-auditor-ccssa-guide.pdfcryptocurrency-security-standard-auditor-ccssa-guide.pdf
cryptocurrency-security-standard-auditor-ccssa-guide.pdf
 
Audit standards for Federal PKI Certification Authorities using PKI
Audit standards for Federal PKI Certification Authorities using PKIAudit standards for Federal PKI Certification Authorities using PKI
Audit standards for Federal PKI Certification Authorities using PKI
 
NQA Migration OHSAS to ISO 45001
NQA Migration OHSAS to ISO 45001NQA Migration OHSAS to ISO 45001
NQA Migration OHSAS to ISO 45001
 
NQA ISO 45001 Gap Guide
NQA ISO 45001 Gap GuideNQA ISO 45001 Gap Guide
NQA ISO 45001 Gap Guide
 
Nicc 1 Normas Internacionales Sobre Control De Calidad 1 En Ingles
Nicc 1 Normas Internacionales Sobre Control De Calidad 1 En InglesNicc 1 Normas Internacionales Sobre Control De Calidad 1 En Ingles
Nicc 1 Normas Internacionales Sobre Control De Calidad 1 En Ingles
 
HIPAA summit presentation
HIPAA summit presentationHIPAA summit presentation
HIPAA summit presentation
 
Fairness Opinion on Debate
Fairness Opinion on DebateFairness Opinion on Debate
Fairness Opinion on Debate
 
B003 2010-iaasb-handbook-framework
B003 2010-iaasb-handbook-frameworkB003 2010-iaasb-handbook-framework
B003 2010-iaasb-handbook-framework
 
Regulatory Reforms Needed for Ease of Doing Business in India - Viewpoint Paper
Regulatory Reforms Needed for Ease of Doing Business in India - Viewpoint PaperRegulatory Reforms Needed for Ease of Doing Business in India - Viewpoint Paper
Regulatory Reforms Needed for Ease of Doing Business in India - Viewpoint Paper
 
ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...
ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...
ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...
 
A007 2010-iaasb-handbook-isqc-1
A007 2010-iaasb-handbook-isqc-1A007 2010-iaasb-handbook-isqc-1
A007 2010-iaasb-handbook-isqc-1
 
E EDP Project (ICSI)
E EDP Project (ICSI)E EDP Project (ICSI)
E EDP Project (ICSI)
 
Psqc redrafted
Psqc redraftedPsqc redrafted
Psqc redrafted
 
Asia Cloud Computing Association’s (ACCA) Response to India’s Draft Health Da...
Asia Cloud Computing Association’s (ACCA) Response to India’s Draft Health Da...Asia Cloud Computing Association’s (ACCA) Response to India’s Draft Health Da...
Asia Cloud Computing Association’s (ACCA) Response to India’s Draft Health Da...
 
Hitrust csf-assurance-program-requirements-v1 3-final
Hitrust csf-assurance-program-requirements-v1 3-finalHitrust csf-assurance-program-requirements-v1 3-final
Hitrust csf-assurance-program-requirements-v1 3-final
 
04_a_CEPEJ(2021)5 EN - CEPEJ roadmap certification AI (1).docx
04_a_CEPEJ(2021)5 EN - CEPEJ roadmap certification AI (1).docx04_a_CEPEJ(2021)5 EN - CEPEJ roadmap certification AI (1).docx
04_a_CEPEJ(2021)5 EN - CEPEJ roadmap certification AI (1).docx
 
SurveyofBP
SurveyofBPSurveyofBP
SurveyofBP
 
C o m m i t t e e o f S p o n s o r i n g O r g a n i z a t
C o m m i t t e e o f S p o n s o r i n g O r g a n i z a tC o m m i t t e e o f S p o n s o r i n g O r g a n i z a t
C o m m i t t e e o f S p o n s o r i n g O r g a n i z a t
 
EHR Certification Requirements For Medical Practices
EHR Certification Requirements For Medical PracticesEHR Certification Requirements For Medical Practices
EHR Certification Requirements For Medical Practices
 
NSTIC draft charter february 2012
NSTIC draft charter february 2012NSTIC draft charter february 2012
NSTIC draft charter february 2012
 

Recently uploaded

BRAIN TUMOR DETECTION for seminar ppt.pdf
BRAIN TUMOR DETECTION for seminar ppt.pdfBRAIN TUMOR DETECTION for seminar ppt.pdf
BRAIN TUMOR DETECTION for seminar ppt.pdf
LAXMAREDDY22
 
Material for memory and display system h
Material for memory and display system hMaterial for memory and display system h
Material for memory and display system h
gowrishankartb2005
 
CEC 352 - SATELLITE COMMUNICATION UNIT 1
CEC 352 - SATELLITE COMMUNICATION UNIT 1CEC 352 - SATELLITE COMMUNICATION UNIT 1
CEC 352 - SATELLITE COMMUNICATION UNIT 1
PKavitha10
 
cnn.pptx Convolutional neural network used for image classication
cnn.pptx Convolutional neural network used for image classicationcnn.pptx Convolutional neural network used for image classication
cnn.pptx Convolutional neural network used for image classication
SakkaravarthiShanmug
 
Manufacturing Process of molasses based distillery ppt.pptx
Manufacturing Process of molasses based distillery ppt.pptxManufacturing Process of molasses based distillery ppt.pptx
Manufacturing Process of molasses based distillery ppt.pptx
Madan Karki
 
Computational Engineering IITH Presentation
Computational Engineering IITH PresentationComputational Engineering IITH Presentation
Computational Engineering IITH Presentation
co23btech11018
 
Generative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of contentGenerative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of content
Hitesh Mohapatra
 
Introduction to AI Safety (public presentation).pptx
Introduction to AI Safety (public presentation).pptxIntroduction to AI Safety (public presentation).pptx
Introduction to AI Safety (public presentation).pptx
MiscAnnoy1
 
学校原版美国波士顿大学毕业证学历学位证书原版一模一样
学校原版美国波士顿大学毕业证学历学位证书原版一模一样学校原版美国波士顿大学毕业证学历学位证书原版一模一样
学校原版美国波士顿大学毕业证学历学位证书原版一模一样
171ticu
 
AI assisted telemedicine KIOSK for Rural India.pptx
AI assisted telemedicine KIOSK for Rural India.pptxAI assisted telemedicine KIOSK for Rural India.pptx
AI assisted telemedicine KIOSK for Rural India.pptx
architagupta876
 
Seminar on Distillation study-mafia.pptx
Seminar on Distillation study-mafia.pptxSeminar on Distillation study-mafia.pptx
Seminar on Distillation study-mafia.pptx
Madan Karki
 
Comparative analysis between traditional aquaponics and reconstructed aquapon...
Comparative analysis between traditional aquaponics and reconstructed aquapon...Comparative analysis between traditional aquaponics and reconstructed aquapon...
Comparative analysis between traditional aquaponics and reconstructed aquapon...
bijceesjournal
 
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
shadow0702a
 
Mechanical Engineering on AAI Summer Training Report-003.pdf
Mechanical Engineering on AAI Summer Training Report-003.pdfMechanical Engineering on AAI Summer Training Report-003.pdf
Mechanical Engineering on AAI Summer Training Report-003.pdf
21UME003TUSHARDEB
 
IEEE Aerospace and Electronic Systems Society as a Graduate Student Member
IEEE Aerospace and Electronic Systems Society as a Graduate Student MemberIEEE Aerospace and Electronic Systems Society as a Graduate Student Member
IEEE Aerospace and Electronic Systems Society as a Graduate Student Member
VICTOR MAESTRE RAMIREZ
 
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
Gino153088
 
2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf
2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf
2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf
Yasser Mahgoub
 
LLM Fine Tuning with QLoRA Cassandra Lunch 4, presented by Anant
LLM Fine Tuning with QLoRA Cassandra Lunch 4, presented by AnantLLM Fine Tuning with QLoRA Cassandra Lunch 4, presented by Anant
LLM Fine Tuning with QLoRA Cassandra Lunch 4, presented by Anant
Anant Corporation
 
132/33KV substation case study Presentation
132/33KV substation case study Presentation132/33KV substation case study Presentation
132/33KV substation case study Presentation
kandramariana6
 
Properties Railway Sleepers and Test.pptx
Properties Railway Sleepers and Test.pptxProperties Railway Sleepers and Test.pptx
Properties Railway Sleepers and Test.pptx
MDSABBIROJJAMANPAYEL
 

Recently uploaded (20)

BRAIN TUMOR DETECTION for seminar ppt.pdf
BRAIN TUMOR DETECTION for seminar ppt.pdfBRAIN TUMOR DETECTION for seminar ppt.pdf
BRAIN TUMOR DETECTION for seminar ppt.pdf
 
Material for memory and display system h
Material for memory and display system hMaterial for memory and display system h
Material for memory and display system h
 
CEC 352 - SATELLITE COMMUNICATION UNIT 1
CEC 352 - SATELLITE COMMUNICATION UNIT 1CEC 352 - SATELLITE COMMUNICATION UNIT 1
CEC 352 - SATELLITE COMMUNICATION UNIT 1
 
cnn.pptx Convolutional neural network used for image classication
cnn.pptx Convolutional neural network used for image classicationcnn.pptx Convolutional neural network used for image classication
cnn.pptx Convolutional neural network used for image classication
 
Manufacturing Process of molasses based distillery ppt.pptx
Manufacturing Process of molasses based distillery ppt.pptxManufacturing Process of molasses based distillery ppt.pptx
Manufacturing Process of molasses based distillery ppt.pptx
 
Computational Engineering IITH Presentation
Computational Engineering IITH PresentationComputational Engineering IITH Presentation
Computational Engineering IITH Presentation
 
Generative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of contentGenerative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of content
 
Introduction to AI Safety (public presentation).pptx
Introduction to AI Safety (public presentation).pptxIntroduction to AI Safety (public presentation).pptx
Introduction to AI Safety (public presentation).pptx
 
学校原版美国波士顿大学毕业证学历学位证书原版一模一样
学校原版美国波士顿大学毕业证学历学位证书原版一模一样学校原版美国波士顿大学毕业证学历学位证书原版一模一样
学校原版美国波士顿大学毕业证学历学位证书原版一模一样
 
AI assisted telemedicine KIOSK for Rural India.pptx
AI assisted telemedicine KIOSK for Rural India.pptxAI assisted telemedicine KIOSK for Rural India.pptx
AI assisted telemedicine KIOSK for Rural India.pptx
 
Seminar on Distillation study-mafia.pptx
Seminar on Distillation study-mafia.pptxSeminar on Distillation study-mafia.pptx
Seminar on Distillation study-mafia.pptx
 
Comparative analysis between traditional aquaponics and reconstructed aquapon...
Comparative analysis between traditional aquaponics and reconstructed aquapon...Comparative analysis between traditional aquaponics and reconstructed aquapon...
Comparative analysis between traditional aquaponics and reconstructed aquapon...
 
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
 
Mechanical Engineering on AAI Summer Training Report-003.pdf
Mechanical Engineering on AAI Summer Training Report-003.pdfMechanical Engineering on AAI Summer Training Report-003.pdf
Mechanical Engineering on AAI Summer Training Report-003.pdf
 
IEEE Aerospace and Electronic Systems Society as a Graduate Student Member
IEEE Aerospace and Electronic Systems Society as a Graduate Student MemberIEEE Aerospace and Electronic Systems Society as a Graduate Student Member
IEEE Aerospace and Electronic Systems Society as a Graduate Student Member
 
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
 
2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf
2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf
2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf
 
LLM Fine Tuning with QLoRA Cassandra Lunch 4, presented by Anant
LLM Fine Tuning with QLoRA Cassandra Lunch 4, presented by AnantLLM Fine Tuning with QLoRA Cassandra Lunch 4, presented by Anant
LLM Fine Tuning with QLoRA Cassandra Lunch 4, presented by Anant
 
132/33KV substation case study Presentation
132/33KV substation case study Presentation132/33KV substation case study Presentation
132/33KV substation case study Presentation
 
Properties Railway Sleepers and Test.pptx
Properties Railway Sleepers and Test.pptxProperties Railway Sleepers and Test.pptx
Properties Railway Sleepers and Test.pptx
 

Is.iso.pas.17002.2004[1]

  • 1. Disclosure to Promote the Right To Information Whereas the Parliament of India has set out to provide a practical regime of right to information for citizens to secure access to information under the control of public authorities, in order to promote transparency and accountability in the working of every public authority, and whereas the attached publication of the Bureau of Indian Standards is of particular interest to the public, particularly disadvantaged communities and those engaged in the pursuit of education and knowledge, the attached public safety standard is made available to promote the timely dissemination of this information in an accurate manner to the public. इंटरनेट मानक “!ान $ एक न' भारत का +नम-ण” Satyanarayan Gangaram Pitroda “Invent a New India Using Knowledge” “प0रा1 को छोड न' 5 तरफ” Jawaharlal Nehru “Step Out From the Old to the New” “जान1 का अ+धकार, जी1 का अ+धकार” Mazdoor Kisan Shakti Sangathan “The Right to Information, The Right to Live” “!ान एक ऐसा खजाना > जो कभी च0राया नहB जा सकता है” Bhartṛhari—Nītiśatakam “Knowledge is such a treasure which cannot be stolen” “Invent a New India Using Knowledge” है”ह”ह IS/ISO/PAS 17002 (2004): Conformity assessment confidentiality principles and requirements [MSD 10: Social Responsibility]
  • 2.
  • 3.
  • 4. ISIISOIPAS 17002:2004 Indian standard CONFORMITY ASSESSMENT — CONFIDENTIALITY — PRINCIPLES AND REQUIREMENTS I(Y3 03.120.20 @ BIS 2007 BUREAU OF INDIAN STAN!3ARDS MANAK BHAVAN, 9 BAHADUR SHAH ZAFAR MARG NEW DELHI 110002 August 2007 Price Group 2
  • 5. National Mirror Committee of CASCO, IRD 1 NATIONAL FOREWORD This Indian Standard which is identical with lSO/PAS 17002:2004 ‘Conformity assessment — Confidentiality — Principles and requirements’ issued by the International Organization for Standardization (ISO) was adopted by the Bureau of Indian Standards on the recommendation of the NationahMirror Committee of CASCO and approval of the Director General, Bureau of Indian Standards under Rule 8(3)C of BE Ru/es, 1987. The text of lSO/PAS Standard has been approved as suitable for publication as an Indian Standard without deviations. Certain conventions are, however, not identical to those used in Indian Standards. Attention is particularly drawn to the following: a) b) Wherever the words ‘International Standard’ appear referring to this standard, they should be read as ‘Indian Standard’. Comma (,) has been used as a decimal marker while in’ Indian Standards, the current practice is to use a point (.) as the decimal marker.
  • 6. lS/lSO/PAS 17002:2004 Introduction In 2001 the ISO Council asked its policy committee on conformity assessment (lSO/CASCO) to study and prepare a group of common elements for application in future ISO documents on conformity assessment. Subsequent to this request, lSO/CASCO approved the formation of Working Group 23, Common elements in /SO//EC Standards for conformity assessment activities, to undertake this task. The working group has identified several common elements, including among others — impartiality, — confidentiality, — complaints and appeals, — management systems, This Publicly Available Specification (PAS) addresses the “confidentiality” element that occurs in many of the lSO/lEC Guides and International Standards on conformity assessment. The PAS covers the agreed principles that give substance to the element of confidentiality, and also provides requirements clauses intended to be included in future lSO/lEC International Standards on conformity assessment. This PAS is intended to apply to the drafling of documents on conformity assessment by lSO/CASCO. Clause 4 (Principles) contains statements that are intended to orientate lSO/CASCO working groups in their task of creating requirements to address confidentiality in their documents. The requirements to be inserted into future lSO/CASCO documents that cover the common element of “confidentiality are detailed in Clause 5. lSO/CASCO has adopted a common structure for the presentation of requirements. Requirements should be grouped under one or more of the following headings: a) General requirements; b) Structural requirements; c) Resource requirements; d) Process requirements; e) Management system requirements. As such, each of the common elements will have requirements related to it grouped under one or more of the headings shown above. This PAS is not intended to become a future International Standard, At the end of three years after the date of publication, it is expected this PAS will be withdrawn and its contents incorporated as appropriate in relevant lSO/CASCO normative and guidance documents.
  • 7. lS/lSO/PAS 17002:2004 Indian Standard CONFORMITY ASSESSMENT — CONFIDENTIALITY — PRINCIPLES AND REQUIREMENTS 1 Scope This Publicly Available Specification (PAS) contains principles and requirements for the element of confidentiality as it relates to conformity assessment. It is an internal tool for use in the ISO standards development process by lSO/CASCO working groups when addressing the element of confidentiality in the preparation of their documents. This Publicly Available Specification is not a stand-alone normative document to be used directly in conformity assessment activities, 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. lSO/lEC 17000, Conformity assessment — Vocabulary and general principles 3 Terms and definitions For the purposes of this document, the terms and definitions given in lSO/lEC 17000 apply. NOTE The use of the term “body” in this PAS means either an accreditationbody or a conformity assessment body as defined in lSO/lEC 17000. 4 Principles of confidentiality 4.1 To gain access to the information needed to conduct effective conformity assessment activities, the body needs to provide confidence that confidential information will not be disclosed. 4.2 All organizations and individuals have the right to have protected any proprietary information that they provide. 4.3 Managing the balance between confidentiality and public disclosure related requirements affects stakeholders’ trust and their perception of value in the conformity assessment activities being performed. NOTE It is intended that there will be a separate PAScoveringthe commonelementof publicdisclosure.
  • 8. lS/lSO/PAS 17002:2004 5 Requirements for confidentiality 5,1 General In developing this PAS it was recognised that there are varying degrees of specificity that lSO/CASCO working groups should consider. As a result the requirements in this clause are categorized into three levels of specificity as follows. a) Obligatory: these are specific drafted requirements that shall be used by lSO/CASCO working groups where the element has to be addressed, without modification, except for substitution of more specific terms. For example, the phrase “Conformity assessment activities shall be undertaken impartially”, may be substituted more specifically with “Management system certification activities shall be undertaken impartially”. Justification is required from LSO/CASCO working groups that do not use these requirements when dealing with the relevant common element. b) Recommended: these are drafted requirements that working groups should use if they wish to have a greater degree of specification. Modification is permissible. c) Suggested: these are considerations that could be taken into account in the drafting of requirements by the.ISOIGASGO working group. By providing for these different levels of specificity, the PAS achieves the lSO/CASCO intent to have an agreed statement on elements that are common to all conformity assessment activities, and at the same time maintains some flexibility for specific wording by individual lSO/CASCO working groups. 5.2 General requirements 9 The following requirements are obligatory. a) b) c) 5.3 The body shall be responsible, through legally enforceable commitments, for the management of all information obtained or created during the performance of conformity assessment activities, The body shall inform the client, in advance, of the information it intends to place in the public domain. Except for information that the client makes publicly available, or when agreed between the body and the client (e.g. for the purpose of responding to complaints), all other information is considered proprietary information and shall be regarded as confidential. information, the client or in~vidual information provided. Information about the client obtained shall be treated as confidential. Resource requirements concerned shall, unless from sources other than When the body is required by law or authorized by contractual arrangements to release confidential prohibited by law, be notified of the the client (e.g. complainant, regulators) 5.3.1 Obligatory requirements Personnel, including any committee members, contractors, personnel of external bodies, or individuals acting on the body’s behalf, shall keep confidential all information obtained or created during the performance of the body’s conformity assessment activities, except as required by law. 5.3.2 Recommended requirements The body shall have available and use facilities for the secure handling (e.g. postage, e-mailing, record destruction) of confidential information (e.g. documents, records) and objects of conformity assessment (e.g. product samples), 2
  • 9. lS/lSO/PAS 17002:2004 Bibliography [1] CANICSA-Q830-03,Model Code for the Protection of Pmonal Information
  • 10. , -..&.— J-”-- ——— ____ ./, —.— - -1 Bureau of Indian Standards BIS is a statutory institution established under the Bureau of /rrdian Standards Act, 1986 to promote harmonious development of the activities of standardization, marking and quality certification of goods and attending to connected matters in the country. Copyright BIS has the copyright of all its publications. No part of the these publications may be reproduced in any form without the prior permission in writing of BIS. This does not preclude the free use, in the course of implementing the standard, of necessary details, such as symbols and sizes, type or grade designations. Enquiries relating to copyright be addressed to the Director (Publications), BIS. Review of Indian Standards Amendments are issued to standards as the need arises on the basis of comments. Standards are also reviewed periodically; a standard alongwith amendments is reaffirmed when such review indicates that no changes are needed; if the review indicates that changes are needed, it is taken up for revision. Users of Indian Standards should ascertain that they are in possession of edition by referring to the latest issue of ‘BIS Catalogue’ and ‘Standards: This Indian Standard has been developed from Dot: No. IRD 1 (005). Amendments Issued Since Publication the latest amendments or ? Monthly Additions’. Amend No. Date of Issue Text Affected BUREAU OF INDIAN STANDARDS Headquarters: Manak Bhavan, 9 Bahadur Shah Zafar Marg, New Delhi 110002 Telephones :23230131, 23233375, 23239402 Website : www. bis.org.in Regional Offices : Telephones { 2323’7617 23233841 { 23378499,23378561 23378626,23379120 { 2603843 2609285 { 22541216,22541442 22542519,22542315 { 28329295,28327858 28327891,28327892 -. Central Eastern Northern Southern Western Branches : Manak Bhavan, 9 Bahadur Shah Zafar Marg NEW DELHI 110002 1/14 C.I.T. Scheme Vll M, V.I.P. Road, Kankurgachi KOLKATA 700054 : SCO 335-336, Sector 34-A, CHANDIGARH 160022 : C.I.T. Campus, IV Cross Road, CHENNAI 600113 : Manakalaya, E9 MlDC, Marol, Andheri (East) MUMBAI 400093 A : AHMEDABAD. BANGALORE. BHOPAL. BHUBANESHWAR. COIMBATORE. FARIDABAD. GHAZIABAD. GtJWAHAT1. HYDERABAD. JAIPUR. KANPUR. LUCKNOW. NAGPUR. PARWANOO. PATNA. PUNE. RAJKOT. THIRUVANANTHAPURAM. VISAKHAPATNAM. Printed at Shri Gane.$h Associates, DeI~