IMPARTIALITY POLICY STATEMENT
Being impartial, and being perceived to be impartial, is necessary for AJA Bangladesh Ltd to deliver certification that provides confidence. This also enables AJA Bangladesh Ltd to maintain the professionalism and credibility of the audit and certification process. Impartiality is not only an accreditation requirement for a third party certification and inspection body; it is an absolute necessity to maintain the professionalism and credibility of the Audit, Inspection and certification process. It is therefore the objective of AJA Bangladesh Ltd to ensure that impartiality is maintained as an integral part of the Audit and Inspection process. AJA Bangladesh Ltd is a self-financed independent organisation, which ensures that it retains its impartiality.
AJA Bangladesh Ltd will not accept applications for certification or inspection of organizations who report directly to a person or group who also have operational responsibility for AJA Bangladesh Ltd.
In addition, no AJA Bangladesh Ltd Office, joint venture or wholly owned, shall enter into any partnerships that provide full consultancy or consultancy in part. AJA Bangladesh Ltd may provide auditor training when contracted by another body to do so, but such contractual agreement may not be advertised in any manner without prior review and approval of the Accredited Office.
The following controls shall be implemented, maintained and complied with by all audit and certification staff to ensure this impartiality policy is maintained throughout the audit process.
- Audit/Inspection staff are prohibited from participating in the Audit/Inspection of any organisation to which they have given assistance, by consultancy or training (other than professionally registered auditor training), or where they have any financial or commercial interest for a minimum period of 2 years prior to the date of application of the organisation for registration.
- When allocated to a particular contract, Audit/Inspection staff shall not disclose or discuss any detail; before or after the Audit/Inspection; to any member of staff other than their direct Management or other members of the team, as required by the Secrecy & Non-Disclosure agreement signed on commencement of employment.
- All subcontracted Audit/Inspection staff or sector specialists used to support permanent staff of AJA Bangladesh Ltd shall sign a Subcontractor Agreement and a Secrecy & Non Disclosure Agreement and shall be included on the Office Potential Conflict Listing.
- AJA Bangladesh Ltd direct employees are prohibited from engaging in consultancy activities, which involve the active design, generation or implementation of a Management System.
- All directly employed Management and Staff are required to declare all financial interests or business activities on commencement and during the period of employment.
- AJA Bangladesh Ltd staff or subcontractors shall not suggest or imply to imply that certification would be simpler, easier or less expensive if consultancy or training services were used. In addition subcontract staff cannot offer consultancy or training services to AJA Bangladesh Ltd’ clients that they have been assigned to audit, during or after the assigned task has been completed.
- Overall the certification of companies who supply a service to AJA Bangladesh Ltd is not deemed to be an unacceptable threat to conflict of interest. However, certification of a company in partnership with whom AJA Bangladesh Ltd Limited provides a direct service is deemed to be an unacceptable threat to impartiality. Should such a partnership develop, a new accredited certification body will be sourced to continue the certification.
AJA Bangladesh Ltd recognize that the source of revenue for a certification body is the client paying for certification, and that this is a potential threat to impartiality. Therefore AJA Bangladesh Ltd is a self-financed independent organisation, with a number of controls to ensure that impartiality is retained.
To obtain and maintain confidence, it is essential that AJA Bangladesh Ltd’ certification decisions are based on objective evidence of conformity or nonconformity, and that any decisions made are not influenced by other interests or by other parties. Certification decisions are made and signed for by a competent Certification Manager who was not responsible for the audit and was not a member of the audit team
AJA Bangladesh Ltd recognizes that threats to impartiality include the following.
- Self-interest threats arising from a person or body acting in their own interest.
- Self-review threats arising from a person reviewing the work that they have conducted themselves.
- Familiarity (or trust) threats arising from a person becoming too familiar with or too trusting of another, instead of seeking audit evidence.
- Intimidation threats arising from a person having a perception of being coerced openly or secretively, such as a threat to be replaced or reported to a supervisor.
Note: AJA Bangladesh may carry out the following duties without them being considered as consultancy or having a potential conflict of interest:
a) arranging and participating as a lecturer in training courses, provided that, where these courses relate to information security management, related management systems or auditing, certification bodies shall confine themselves to the provision of generic information and advice which is publicly available.
b) making available or publishing on request information describing the certification body’s interpretation of the requirements of the certification audit standards;
c) activities prior to audit, solely aimed at determining readiness for certification audit; however, such activities shall not result in the provision of recommendations or advice that would contravene this clause and the certification body shall be able to confirm that such activities do not contravene these requirements and that they are not used to justify a reduction in the eventual certification audit duration;
d) performing second and third-party audits according to standards or regulations other than those being part of the scope of accreditation;
e) adding value during certification audits and surveillance visits. AJA Bangladesh do not provide internal information security reviews of the client’s ISMS subject to certification. Furthermore, AJA Bangladesh shall be independent from the body or bodies (including any individuals) which provide the internal ISMS audit.