Page Properties | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||
|
Revisions: |
| |
Date: | Author: | Description: |
March 2020 | Craig Wooldridge | First Version Published |
December 2020 | Craig Wooldridge | Change to clarify that the scope of the code covers other job functions as well as assessors. Addition of clause 4 “Unacceptable Behaviours” |
1 Introduction
IASME are committed to delivering a high quality, consistent and fair experience for customers who want to gain certification to Cyber Essentials and IASME’s other certifications.
...
Although the term 'Assessor' is used throughout this Code, the same principles apply to any other job function, contractors or third parties that may be involved in supporting delivery of the Cyber Essentials scheme. Examples may include sales personnel or contracted marketing services
2 Ethical Principles
All assessors must use the following ethical principles to guide their decisions in relation to assessments, customers and operating the scheme:
...
5. Confidentiality – Limit access to information to protect the interests of customers, partners and employees
3 Behaviour and Outcomes
The following behaviour and outcomes are expected under each ethical principle
...
• Assessors must follow all requirements set by IASME around the use, storage, retention and deletion of customer information
4 Unacceptable Behaviours
Participation in this scheme requires that the CBs and their employees and contractors meet the Standards of conduct at all times.
...
Ultimately, any investigation of a suspected breach can result in the termination of a CB's appointment. A single breach (if serious enough) may be enough to justify termination. We are currently investigating a small number of alleged breaches arising in the context of marketing to potential customers.
5 Situations where an Assessor or Certification Body should not conduct the assessment
In some situations, the conflict of interest is such that assessors should not undertake an assessment for a client. These situations include the following:
...
• The Certification Body is owned or owns the company they are assessing.
6 Examples of how to apply this code of conduct
The following are examples of common situations that may be encountered by assessors together with examples of how to apply the relevant rules set out above.
...
In this situation, in order to retain objectivity, you may offer your guidance and support
to the client to decommission the Windows 7 desktops. Once this has been completed
you can continue the assessment and pass the client.
If the client does not want to decommission the Windows 7 desktops you should advise
the client that the machines cannot be removed from scope as they are part of the main
office network they must be included in the assessment. The client will then fail the
assessment due to unsupported software.
...