ISO17020 defines “The inspection body shall be responsible, through legally enforceable commitments, for the management of all information obtained or created during the performance of inspection activities (4.2.1) and “Information about client obtained from sources other than the client (e.g. complainant, regulators) shall be treated as confidential (4.2.3); All personnel of the inspection body, including sub-contractors, personnel of external bodies, and individuals acting on the inspection body’s behalf, shall keep confidential all information obtained or created during the performance of the inspection activities, except as required by law.”

On the basis of ISO17020 definition, Bureau Veritas defines the company’s confidentiality policy as “The confidential information includes documents and records in both the form of hardcopy and softcopy and samples, the disclosure of this information will cause actual or potential commercial value losses of client, supplier, vendor or BVCPSIAAS. All information regarding the business of client, vendor, supplier and BVCPSI shall be regarded as confidential”.

Accordingly, BV staff including inspectors and auditors are required to follow the confidentiality performance as below:

• Every employee must sign a confidentiality agreement covering relative information. The confidentiality agreement shall come into effect upon signature when they join Bureau Veritas;
• The confidential information is used for the job only and can’t be disclosed without authorization;
• Staff will not disclose or discuss confidential topics during inspection / audit, such as disclosure of clients background, inspection data, client specification / Defect Classification List / protocol, etc.

As the non-disclosure responsibility usually falls upon both sides, BV requests the factory, supplier and client to acknowledge it and make great cooperation with BV staff.