CODE OF ETHICS OF SWISS APPROVAL PERSONNEL INVOLVED IN THE CERTIFICATION PROCESS
1. Commitment: Endeavour to safeguard the welfare, health and safety of the community and its environment and give this priority before sectional or private interest.
2. Integrity: Evaluation and auditing personnel shall
3. Competence: Perform work only within their areas of competence, i.e. within their capability, qualifications, training and experience
4. Performance: Inspection and audit personnel skills and knowledge is guaranteed by the Top Management of Swiss Approval
5. No conflict of interest: To avoid potential conflict between the interests of clients, employers or the public and where this is unavoidable disclose forthwith the circumstances which may cause conflict.
6. Confidentiality: To ensure that confidential or copyright information or material obtained in the course of work, is transferred to other parties only with written authority from a duly authorised person.
7. Reporting: Inspection and audit personnel shall document reports and objective evidences.
8. Improvement: Inspection and audit personnel shall continue to improve their competence (knowledge and skill) to adequately follow standards updates and best practice in the certification activities.
IMPARTIALITY AND NON DESCRIMINATION DECLARATION
Swiss Approval International, its management, employees and external professionals acting by a contractual agreement as administration staff, auditors, inspectors, evaluators e.tc., have identified the importance and value of certification and related activities of the certification body, declare unequivocally their commitment to objective, reliable, independent and impartial certification services.
Swiss Approval Int is responsible for the impartiality of its certification activities and shall not allow commercial, financial or other pressures to compromise impartiality, safeguarding all conditions deriving from EN ISO17021, 17065 restrictions and related international standards for certification activities independency and impartiality.
All Swiss Approval personnel (either internal or external) or committees who could influence the certification activities, act impartially. Impartiality principles and preconditions are explicitly described in the contractual agreements and appointment documents of the staff/ external professionals being involved to the certification process stages.
All personnel involved in the certification process consists of experienced and adequately trained personnel, the adequacy of which is evaluated at regular intervals to ensure continuously that the requirements for the proper functioning of the certification process, is satisfied.
Swiss Approval International services are ensured to be accessible to all applicants whose activities fall within the scope of its certification operations maintaining non-discrimination conditions.
Swiss Approval Int takes action to respond to any risks to impartiality, arising from the actions of other persons, bodies or organizations, of which it becomes aware. All relevant measures are presented and further explained in the impartiality risks’ analysis study and action plan, which is a part of Swiss Approval Int quality management system.
Swiss Approval Int activities shall not be marketed or offered as linked with the activities of an organization that provides consultancy and prohibits any statement or implication that certification granting would be simpler, easier, faster or less expensive for any reason.
The Company’s management determines and assigns the appropriate persons to the required jurisdiction and freedom of maneuver, so they are at any time able to solve problems related to the impartiality of the procedures regarding the certification activities. Meanwhile, Company’s management proposes preventive and corrective actions, confirms corrective actions and finally evaluates the results thereof.
CONFIDENTIALITY AND DATA SECURITY DECLARATION
Swiss Approval International overbidding the importance of data security and confidentiality safeguard of the information handled, therein, as a result of the procedures and requirements of certification services, has adopted the present policy “Confidentiality and Data Security’.
The company’s management ranks the protection of confidentiality, impartiality, integrity, availability and exchange of information as vital- significant and with financial- impacts, including personal information of clients, reports, audit lists and certification documentation, records of bodies stored in databases as primary goal for the smooth and efficient operations and customers’ satisfaction.
The main objectives of Information and Data Security Policy are:
- the full satisfaction and safeguard of customers’ data confidentiality
- the compliance with legislative and regulatory requirements
- the Information security
- the assurance of security of the evaluation, inspection and certification documentation and related material, taking into account the following:
- the locations of the materials (e.g. transportation, electronic delivery, disposal, storage,)
- the nature of the materials (e.g. electronic, paper, testing equipment)
- the steps in the certification process (e.g. application, review, coordination, results’ and evaluation reporting)
- the threats arising from the certification process itself.
Concerning special provisions for personal data protection, the following are ensured:
1. Lawful, fair and transparent processing
- To ensure its processing of data is lawful, fair and transparent, the CB shall maintain a Register through its CRM functions.
- Individuals have the right to access their personal data and any such requests made to the CB shall be dealt with in a timely manner.
2. Lawful purposes
- All data processed by the CB must be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests.
- The CB shall note the appropriate lawful basis in the respective agreements / consents with individuals.
- Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent should be clearly available and systems should be in place to ensure such revocation is reflected accurately in the CB’s systems.
3. Data minimisation
- The CB shall ensure that personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- [Add considerations relevant to the CB’s particular systems]
- The CB shall take reasonable steps to ensure personal data is accurate.
- Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.
- [Add considerations relevant to the CB’s particular systems]
5. Archiving / removal
- To ensure that personal data is kept for no longer than necessary, the CB shall put in place an archiving policy for each area in which personal data is processed and review this process annually.
- The archiving policy shall consider what data should/must be retained, for how long, and why.
- The CB shall ensure that personal data is stored securely using modern software that is kept-up-to-date.
- Access to personal data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorised sharing of information.
- When personal data is deleted this should be done safely such that the data is irrecoverable.
- Appropriate back-up and disaster recovery solutions shall be in place.
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, the CB shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach the responsible authorities.
This policy applies to all personal data processed by the CB.
The Responsible Person shall take responsibility for the CB’s ongoing compliance with this policy
COMPLAINS / APPEALS FLOW CHART DIAGRAM, RELATED TO CERTIFICATION BODY [CB] AND CERTIFICATION CENTRES [CC]
For the submission of any complain or appeal against Swiss Approval certification decisions, use the following email address: firstname.lastname@example.org
To the acknowledgement of Ms Rania Lasda, Swiss Approval Quality Monitoring Manager [QMM].
CERTIFICATION / INSPECTION / CONFORMITY ASSESSMENT SERVICES TERMS, RELATED TO CERTIFICATION BODY [CB] AND CERTIFICATION CENTERS [CC]
To be informed on Swiss Approval’s Certification / Inspection / Conformity Assessment Services Terms, related to Certification Body [CB] and Certification Centers [CC], please contact email@example.com