Policy Purpose:
The purpose of this Confidentiality Policy is to ensure that all information and records generated or accessed by HYQCERT Services Private Limited during the conduct of hygiene rating audits are safeguarded and managed with the highest standards of care and integrity. This policy affirms our commitment to protecting the confidentiality of audit-related data and to complying with the requirements of the Hygiene Rating Audit Agency (HRAA) scheme as prescribed by QCI.
Scope:
This policy applies to all employees, auditors, and authorized personnel of HYQCERT Services Private Limited who are involved in hygiene rating audit activities. It covers all audit-related information and records that are received, accessed, processed, stored, or created during the execution, review, and submission of audits to QCI.
Confidentiality Commitment:
As a recognized Hygiene Rating Audit Agency (HRAA), HYQCERT Services Private Limited is committed to:
- Maintaining the confidentiality of all information and records generated or accessed during hygiene rating audits.
- Using such information solely for the purposes of conducting hygiene rating assessments and fulfilling regulatory reporting requirements to QCI and other competent authorities, as applicable.
Mechanism to Safeguard Confidentiality:
To protect audit-related information and ensure compliance with confidentiality obligations, HYQCERT Services Private Limited has established the following measures:
Confidentiality Agreements
- All personnel engaged in audit activities are required to sign a Confidentiality and Non-Disclosure Agreement (NDA) prior to their involvement.
- This requirement applies to employees, auditors, and any other authorized individuals handling audit information.
Restricted Access
- Audit records and documents are stored securely in both physical and electronic formats.
- Access is strictly limited to authorized personnel, with password protection and access-control protocols in place.
Breach of Confidentiality
Any breach of this policy, whether intentional or unintentional, will be:
- Investigated by the designated authority within HYQCERT Services Private Limited.
- Addressed through appropriate disciplinary action in accordance with company procedures.
- Reported to regulatory authorities where such a breach constitutes a legal or regulatory violation.
- Breaches involving external personnel may also result in termination of their engagement with HYQCERT.
Review and Improvement
This policy will be reviewed at least annually, or earlier if required by changes in regulatory requirements or organizational practices. Updates and improvements will be approved by senior management and communicated to all relevant personnel.