72) The SAI needs to put in place policies to appropriately provide or protect information and apply controls to eliminate or reduce to an acceptable level potential risks to confidentiality infringements.

73) Examples of controls that the SAI may use:

a) establishing policies for communication with stakeholders, including the media;

b) regularly emphasising the importance of confidentiality;

c) obtaining appropriate declarations of staff’s compliance with confidentiality rules;

d) providing guidance on what information, documents and materials need to be treated as confidential, and the stage of work at which they need to be treated as confidential, which might include a system of classification and labelling of confidential information;

e) consulting with regard to applying confidentiality rules and legal requirements concerning conditions of disclosure;

f) providing guidance and advice for cases when professional obligation to maintain confidentiality may be overridden by other legal responsibilities regulated by national laws, and assigning specific procedures for reporting on such cases;

g) safe storage conditions of information in any form (paper, electronic, audio, etc.);

h) appropriate allocation of access rights to archives, IT systems and physical areas;

i) procedures for disposing of data storage devices, either in paper or electronic form.

(parent: 4. [Application Guidance for] Fundamental Ethical Values)

INTOSAI ref. Code of Ethics(pdf) (ISSAI-P 30).
#tagcoding hashtag: #issai0372

en en.gif
fr fr.gif
nl nl.gif