POPI ACT COMPLIANCE DOCUMENTS
STAFF & SUB-CONTRACTOR REQUIREMNETS
All information received by or available to African Certification and Testing (ACT) staff, sub–contractors or committee members (in whatever format) received in conducting evaluation activities, or during other certification activities, or during any dealings with an organisation for any other reason shall be regarded as strictly confidential and shall not be divulged to any 3rd party (unless specified in ISO/IEC 17065:2012) without the express permission of the organisation or individual concerned. The requirement to keep confidential any information will also include any organisation that has a legitimate right to evaluation or inspect ACT.
Where African Certification and Testing (ACT) is required by law to release confidential information to a third party the client or individual concerned shall, unless regulated by law, be notified in advance of the information provided However where the organisation is seen to be operating contrary to legal requirements or has operating practices which pose a danger to staff, customers or the environment ACT reserves the right to immediately report any such incident to the relevant authority. Any such reporting will only be undertaken with the permission of a Managing Director.
ACCESS TO RECORDS
All records will be retained in a secure manner, only accessible to authorised staff via either paper records or password controlled electronic records. Sub–contractors will be limited to accessing information produced by them in conducting an evaluation. Records will only be made available to organisations who can demonstrate a legitimate (and legal) right to view those records and specifically to Accreditation Bodies.
All staff, Sub–Contractors, Managing Director and Committee Members will be required to agree to African Certification and Testing confidentiality policy and sign a confidentiality agreement. Sub–contractors will also sign an agreement which also contains the responsibility to maintain confidentiality.