Confidentiality Policy

Document Title: Confidentiality Policy
________________________________________
1. Purpose
The purpose of this policy is to establish the principles and requirements for protecting the confidentiality, integrity, and controlled use of information obtained or generated during certification activities conducted by QGCert – Quality Group Certification LLP.
QGCert recognizes that confidentiality is essential to maintaining the trust of candidates, certified persons, employers, accreditation bodies, regulatory authorities, examination personnel, and other interested parties. All information obtained during certification activities shall be managed responsibly and protected against unauthorized disclosure, access, alteration, loss, or misuse.
________________________________________
2. Scope
This policy applies to all information and records associated with:
• Candidate applications
• Eligibility verification
• Examination materials and question banks
• Examination results and assessment records
• Certification decisions
• Recertification activities
• Appeals and complaints
• Personnel competence records
• Outsourced service provider records
• Internal audits and management reviews
• Risk assessments and impartiality reviews
• Electronic and physical records
• Information received from external parties
This policy applies to all personnel involved in certification activities including employees, examiners, invigilators, assessors, technical experts, committee members, contractors, consultants, outsourced service providers, and temporary personnel.
________________________________________

3. Policy Statement
QGCert is committed to maintaining the confidentiality of all information obtained or created during certification activities and shall ensure that such information is used only for its intended purpose.
QGCert shall:
• Protect confidential information from unauthorized access, disclosure, modification, or destruction.
• Maintain secure systems for information storage and processing.
• Restrict access to authorized personnel on a need-to-know basis.
• Ensure examination materials remain secure and confidential.
• Require personnel and external providers to maintain confidentiality.
• Comply with applicable legal, contractual, accreditation, and regulatory requirements.
• Investigate and address any breach of confidentiality.
________________________________________
4. Classification of Information
For effective control, information shall be classified as follows:
4.1 Public Information
Information that may be publicly disclosed, including:
• Certification schemes
• Published certification requirements
• Public certification registers
• Public policies
• Approved promotional information
4.2 Internal Information
Information intended for internal operational use only, including:
• Procedures
• Forms
• Internal reports
• Administrative communications
4.3 Confidential Information
Information requiring protection and restricted access, including:
• Candidate records
• Examination papers
• Question banks
• Assessment records
• Examination results
• Certification decisions
• Complaint records
• Appeal records
• Personnel records
• Internal audit reports
• Risk assessments
• Business information
________________________________________
5. Protection of Candidate Information
QGCert shall maintain the confidentiality of all candidate information obtained during certification activities.
Confidential candidate information includes:
• Personal identification information
• Contact details
• Academic qualifications
• Professional experience records
• Examination records
• Assessment results
• Certification status
• Appeal and complaint submissions
Such information shall not be disclosed without authorization except as specified within this policy.
________________________________________
6. Examination Confidentiality
QGCert shall implement strict controls to protect examination materials.
The following shall be treated as highly confidential:
• Question banks
• Examination papers
• Marking schemes
• Practical assessment materials
• Assessment criteria
• Statistical analysis reports
• Examination security records
Access shall be limited to authorized personnel who require such information for legitimate certification activities.
Personnel granted access shall sign confidentiality agreements.
________________________________________
7. Access Control
QGCert shall establish access controls to ensure that confidential information is available only to authorized persons.
Access controls shall include:
• User authorization controls
• Password-protected systems
• Role-based access permissions
• Controlled document distribution
• Secure physical storage
• Visitor restrictions
• Examination material security measures
Access rights shall be reviewed periodically.
________________________________________
8. Confidentiality Obligations of Personnel
All personnel involved in certification activities shall:
• Sign confidentiality agreements before undertaking duties.
• Protect confidential information from unauthorized disclosure.
• Use information only for authorized purposes.
• Return or securely destroy confidential materials when required.
• Report suspected confidentiality breaches immediately.
Confidentiality obligations shall continue even after employment, contract, or assignment termination.
________________________________________
9. Outsourced Service Providers
Where certification activities are outsourced, QGCert shall ensure that outsourced providers:
• Sign confidentiality agreements.
• Protect all confidential information received.
• Implement appropriate information security controls.
• Restrict access to authorized personnel only.
• Comply with QGCert confidentiality requirements.
QGCert shall retain overall responsibility for confidentiality of outsourced activities.
________________________________________
10. Information Security Controls
QGCert shall maintain appropriate measures to safeguard information, including:
Physical Controls
• Locked cabinets
• Controlled office access
• Secure storage rooms
• Visitor controls
Electronic Controls
• Password protection
• User authentication
• Access restrictions
• Secure backups
• Anti-malware protection
• Encrypted data storage where applicable
Operational Controls
• Controlled document management
• Record retention controls
• Information disposal procedures
• Periodic access reviews
________________________________________
11. Disclosure of Information
Information shall only be disclosed under the following circumstances:
a) Candidate Authorization
Where written consent has been obtained from the candidate or certified person.
b) Legal Requirement
Where disclosure is required by:
• Courts
• Government authorities
• Regulatory agencies
• Applicable legislation
Where legally permitted, QGCert shall notify the affected individual before disclosure.
c) Accreditation Requirements
Information may be disclosed to accreditation bodies and their assessors during accreditation assessments, surveillance visits, investigations, or other authorized activities.
d) Public Certification Status
QGCert may publish or verify certification status information as defined within its certification policies and public register procedures.
________________________________________
12. Confidentiality Breaches
Any actual or suspected breach of confidentiality shall be:
• Reported immediately.
• Recorded as an incident.
• Investigated by authorized personnel.
• Subject to corrective action.
• Reviewed during management review activities.
Where appropriate, affected parties shall be informed.
Serious breaches may result in disciplinary action, contract termination, withdrawal of authorization, or legal action.
13. Record Retention and Disposal
Confidential records shall be:
• Retained in accordance with QGCert record retention requirements.
• Protected throughout their retention period.
• Securely disposed of when retention periods expire.
Disposal methods may include:
• Secure shredding
• Permanent deletion
• Secure destruction of electronic media
14. Responsibilities
Function Responsibility
Head of Certification Overall accountability for confidentiality
Quality Manager Monitoring implementation of confidentiality controls
Technical Manager Protection of examination and technical information
Examiners and Invigilators Maintaining confidentiality of examination materials
Certification Personnel Protection of candidate and certification information
Outsourced Providers Compliance with confidentiality obligations
________________________________________
15. Policy Review
This policy shall be reviewed:
• At least annually;
• Following significant organizational changes;
• Following information security incidents;
• Following accreditation requirements changes.
visitors using input elements like custom forms and fields.

Be sure to click Sync after making changes in a collection, so visitors can see your newest content on your live site. Preview your site to check that all your elements are displaying content from the right collection fields.