Quality & Impartiality Policy

Quality Policy

INTERCERT provides principled, credible and value added audits and certification services.

We achieve this by ensuring:

• Impartiality & Objectiveness

• Competent personnel

• Complaint Resolution

We adhere to the requirements of International standard and ensure no conflict of interest in our certification decisions.

We will periodically review this policy for relevance and suitability

Impartiality Policy

INTERCERT is committed to impartiality in   management system certification activities. INTERCERT’s Impartiality Policy is a publicly available statement stating that it understands the importance of impartiality in carrying out its management system certification activities manages conflict of interest and ensures the objectivity of its management system certification activities.

INTERCERT comply with the requirements of ISO 17021:2015 and ensure impartiality for all its personals related to the certification activities & within all of its certification activities from time to time.

INTERCERT has established processes to identify, analyse, evaluate, treat, monitor, and document risks related to conflict of interests arising from provision of certification including any conflicts arising from its relationships on an ongoing basis. In case of threats to impartiality Intercert documents and demonstrates elimination or minimization of such threats and documents residual risk, if any this residual risk is then reviewed to determine if it is within the level of acceptable risk. The demonstration covers all potential threats that are identified, whether they arise from within the INTERCERT or from activities of other persons, bodies or organisations. Whenever a relationship poses an unacceptable threat to impartiality then certification will not be provided.

To ensure above INTERCERT has established a committee of interested parties including clients, representative of industry associations, NGO’s including customer organisations.

To demonstrate effective Implementation of Impartiality policy of INTERCERT:

1. INTERCERT does not certify another certification body for its Quality Management System.

2. INTERCERT and any part of INTERCERT as legal entity and entities under INTERCERT’s organizational control do not provide Management System Consultancy services.

3. INTERCERT and any part of INTERCERT as legal entity and entities under INTERCERT’s organizational control do not conduct internal audits of its certified clients nor offer Internal audit services.

4. INTERCERT does not outsource audits to a management system consultancy organization

5. INTERCERT’S activities are not marketed or offered as linked with the activities of an organization that provides management system consultancy. INTERCERT takes action to correct inappropriate links or statements by any consultancy organization stating or implying that certification would be simpler, easier, faster or less expensive if the INTERCERT were used.

6. INTERCERT does not state or imply that certification would be simpler, easier, faster or less expensive if a specified consultancy organization were used.

7. In order to ensure that there is no conflict of interests, personnel who have provided management system consultancy, including those acting in a managerial capacity, are not to be used by INTERCERT to take part in an audit or other certification activities if they have been involved in management system consultancy towards the client within last two years.

8. INTERCERT takes action to respond to any threats to its impartiality arising from the actions of other persons, bodies or organizations.

9. INTERCERT and its personnel, either internal or external, or committees, who could influence the certification activities, act impartially and are not allow commercial, financial or other pressures to compromise impartiality.

10. INTERCERT requires personnel, internal and external, to reveal any situation known to them that can present them or INTERCERT with a conflict of interests. INTERCERT records and uses this information as input to identifying threats to impartiality raised by the activities of such personnel or by the organizations that employ them, and does not use such personnel, internal or external, unless they can demonstrate that there is no conflict of interest.

Conflict of Interest

INTERCERT apart from requirements of ISO 17021-1, 5.2 ensures:

a)  INTERCERT only provides standards specific training without providing company-specific advice.

b)  INTERCERT Makes available or published on request information describing the INTERCERT interpretation of the requirements of ISMS, ITSM, PIMS.

c) INTERCERT only provide activities prior to audit, solely aimed at determining readiness for certification audit, without any recommendations or advice.

d)  INTERCERT only perform second and third-party audits according to standards or regulations other than those being part of the scope of accreditation.

e)  INTERCERT Add value during certification audits and surveillance visits, e.g. by identifying opportunities for improvement, as they become evident during the audit, without recommending specific solutions.

f) INTERCERT will not provide management system consultancy related to ISMS, ITSM, PIMS (e.g. services as external data protection officer, process reviews or data protection reviews).

Arranging and participating as lecturer in training courses related to personal information security management systems is not considered consultancy or having a potential conflict of interest, provided that the provisions of ISO/IEC 27006:2015, 5.2.1a), are applied.

g) INTERCERT does not provide internal information security reviews of the clients ISMS, ITSM, PIMS subject to certification.

h) INTERCERT ensures its independence from the body or bodies (including any individuals) which provide the internal ISMS, ITSM, PIMS audits.

i) INTERCERT will not provide internal information security reviews of the client’s ISMS subject to certification. Furthermore, INTERCERT will be independent from the body or bodies (including any individuals) which provide the internal ISMS audit.

Conflict of Interest as per ISO 42006

Addition to the Requirement of ISO/IEC 17021-1:2015, 5.2.5

INTERCERT do not provide consulting for management systems related to artificial intelligence, information security, data protection (e.g. in the form of an external data protection officer or data protection check) or risk management.

INTERCERT may carry out the following activities without them being considered as consultancy or having a potential conflict of interest:

• When arranging and participating as a lecturer in training courses, that relate to artificial intelligence management systems, to management systems or auditing, only generic and publicly available information is provided by INTERCERT
• Activities preceding the audit to identify the object of certification, the sole purpose of which is to determine the scope and capability for a certification audit
• Adding value during certification and surveillance audits, e.g. by identifying opportunities for improvement, as they become evident during the audit

In order to prevent potential conflict of interest when addressing the duties listed above, INTERCERT do not

• provide company-specific advice;
• conduct activities which themselves take the form of an audit or lead to recommendations or advice.
• recommend specific solutions.

INTERCERT do not carry out any internal audits for the client to be certified. INTERCERT do not rename its internal audits activities as inspection, assessment or similar. INTERCERT avoid any prior involvement with the client related to ISO/IEC 42001 which leads to a violation of the ban on self-assessment.