|
Program summary card
|
|
Issue |
Program rules/comments |
|
Standard |
AS3806 integrating the National Privacy Principles of Australia |
|
Any other relevant document |
Nil |
|
Target audience |
Company/business units/divisions involved collecting or processing private information |
|
Global-Mark output document |
Certificate of approval |
|
Other Global-Mark output document |
|
|
Certificate validity period |
3 years |
|
Certification mark that can be used by the client |
Trust-Mark® Privacy Compliance Management System |
|
Can this mark be used on product? |
No |
|
Periodicity of post certification reviews |
6, 9, 9, 12 (then stays at 12) monthly |
|
Periodicity of re-certification review |
3 years |
|
Steps to and post certification |
|
|
Application |
ü |
|
Document review |
ü |
|
Pre-certification review |
Optional |
|
Certification review |
ü |
|
Technical file review |
Nil |
|
Follow-up review |
ü |
|
Post certification review |
ü |
|
Re-certification review |
ü |
Does your organisation collect, use or disclose personal information? The National Privacy Principles provide a minimum standard regarding the way in which private sector organisations deal with this personal information and will require many private sector organisations to re-examine their systems and processes.
Most businesses with a turnover of more than $3 million, and all health providers must comply with the Principles that are embodied in Commonwealth legislation (the Privacy Act 1998). There are penalties for failure to comply.
Our certification program is based on the framework provided by AS3806: within this framework, we will assess how you comply with the National Privacy Principles.
Our certification program will assess if an organisation complies with the Principles and standard. It will include a document review, on site audit (we call it a business review), witnessing data collection activities and processing, as appropriate.
Most purchasing organisations are keen to have confidence in the credentials of the suppliers/contractors with which they will or do contract.
Certification to this program allows firms to prove and support their credibility, by putting themselves, their people, systems and processes to an independent (and on-going) examination.
AS3806 is an innovative compliance management framework, which organisations of all sizes and nature can adopt.
The standard provides a management system framework for the identification and control of compliance issues. The program has been tailored to assess compliance with the 10 National Privacy Principles, which are:
- Principle 1 Collection
- Principle 2 Use and disclosure
- Principle 3 Data quality
- Principle 4 Data security
- Principle 5 Openness
- Principle 6 Access and correction
- Principle 7 Identifiers
- Principle 8 Anonymity
- Principle 9 Transborder data flows
- Principle 10 Sensitive information
Further, the standard also requires that a number of tools and disciplines including:
- Management commitment
- Responsibilities and authorities
- Document control
- Planning
- Training and communications
- Complaint and incident reporting
- Etc
To achieve certification you will need to have a management system that complies with the requirements of AS3806. This includes policies, documented procedures, records and other support documents to control and support your organisation’s day to day business activities and processes.
In order to understand our program, you should also access and be aware of the following documents:
· G-00: Client Pack
· MSP-00: Introduction to our management systems
· MSP-01: Nomenclature and definitions
· MSP-24 Appeals
How to Apply | 
