Statement of Impartiality
PCI Top Management, together with all members of PCI commit to highest level of impartiality in carrying out our management system certification activities.
All our staff, regardless of full time employees or external expertise resources acting on behalf of PCI, are made aware of the importance of impartial conduct and behaviour in our certification activities.
The Top Management and the Certification Operations Team are available to provide guidance and support to our staff when they faced any ethical dilemma. Periodic witness audits are arranged not only to observe and evaluate our auditors’ knowledge and skills, it also to ensure behaviour and conducts of our auditors and other technical personnel continues to meet PCI expectation on impartiality.
Code Of Ethics
All members of PCI are responsible for acting ethically. PCI’s name and reputation depends on individual actions and decisions. Each employee and auditor must:
- Read, understand, and comply with the Code of Ethics
- Be responsible for the accuracy and integrity of our work, the documents, records, and business information we work on and have access to
- Immediately bring potential violations of the Code of Ethics, legal requirements, PCI policies to PCI’s attention
- Cooperate fully in any investigation of alleged violations of the Code of Ethics, PCI policies, applicable laws, and regulations.
Compliance with Legal Requirements
PCI is committed to full compliance with the laws, rules, and regulations of the countries and communities where we conduct business. Each employee is responsible for knowing and complying with all applicable legal requirements in the locations where we conduct business as well as comply with PCI policies and operating procedures.
Independence and objectivity
The executive management of PCI and its subsidiaries respects the importance of impartially in carrying our assessment and certification activities. Potential conflict of interest is managed in order to assure the objectivity of all certification activities.
Confidentiality of information
PCI is responsible, through legally enforceable agreements, for the management of all information obtained or created during the performance of certification activities at all levels of our structure, including committees and external bodies or individuals (external auditors, technical experts and technical reviewers) acting on our behalf.
Any client’s information which PCI intends to place in the public domain, the client will be informed in advance. All other information except for those that is made publicly accessible by the client shall be considered confidential. Except as required in ISO/IEC 17021 requirements, PCI shall not disclose any information about a particular certified client or individual to a third party without the written consent of the certified client or individual concerned. Besides, information about the client from sources other than the client (e.g. complainant, regulators) shall be treated as confidential, consistent with PCI’s policy.
Personnel, including any committee members, contractors, personnel of external bodies or individuals acting on PCI’s behalf, shall keep confidential all information obtained or created during the performance of PCI’s activities except as required by law. When PCI (including any personnel of external bodies or individuals acting on PCI’s behalf) is required by law or authorized by contractual arrangements (such as with the accreditation body) to release confidential information, PCI shall, unless prohibited by law, notifies the client or the individual concern regarding the information provided.