To obtain and maintain confidence, it is essential that Auva’s decisions be based on objective evidence of conformity (or nonconformity) obtained by Auva, and that its decisions are not influenced by other interests or by other parties.
An Impartiality Committee is in place to help ensure that Auva’s activities remain impartial and that we are not influenced by outside pressures. This process is managed per Procedure 2.
A Risk Declaration shall be completed by any person who can influence the certification process (Auditor, Decision Maker, Impartiality Committee Member, Directors) to ascertain their impartiality and threat to the business.
A review of these documents shall be completed by the CEO and any outcome of these reviews shall be dealt with as necessary. A risk rating shall be given to each risk review which will highlight the significance of that body or person on the impartiality of the business. The Impartiality Committee shall oversee this process to advise the CEO on appropriate controls over identified risks. A log of related bodies is maintained with all current related bodies within Google Drive and will be provided to the Impartiality Committee for review.
Auva does not provide consultancy services and do not have any direct links to any consultancy body. Within the ISO 27006 (ISMS) scheme; Auva are permitted to be involved with certain activities without them being considered as consultancy or having potential conflict of interest. These activities include:
- Planning and being present at information meetings, examination of documents, auditing and follow up of non-conformities
- Arranging and participating as a lecturer in training courses, provided that, where the courses relate to information security management, related management systems or auditing. Auva’ involvement shall not provide specific information and shall remain generic in content which is freely available in the public domain.
- Publishing on request, information describing our interpretation of the requirements
- Activities prior to the audit, solely aimed at determining readiness for certification audit (sometimes known as a gap analysis). These activities shall not result in any certification recommendations or advice that would threat impartiality. These activities shall also not be used as justification to reduce the eventual certification audit duration.
- Performing second and third party audits to standards or regulations which are not part of the scope of accreditation.
- Identifying and making recommendations for improvement as long as they are not specific