Rephine recently was informed that a client had sold a copy of Rephine’s audit report and the password to access it, and in doing so disregarded their responsibilities relating to the confidential information and Rephine’s intellectual property. Rephine took legal action against this company who has admitted their fault and paid damages to Rephine.
Rephine has strict policies and processes in place to ensure the security of all data including its audit reports. Rephine’s audit reports are the intellectual property of Rephine and are copyright protected. The reports contain confidential information of the audited manufacturer and Rephine has Agreements in place with these companies to guarantee a report will not be shared with any party without their written permission. A Technical Agreement to purchase a Rephine audit report is signed between Rephine and any client which makes clear the terms and conditions related to the audit report as stated above. Audit reports are transferred to clients as password protected PDFs.
As a result of the breach of confidentiality carried out by the offending company, Rephine has reviewed its policies and processes related to data security and the method in which reports are transferred to clients, as well as the security attached to audit report files. It trusts its customers and partners to treat the audit reports with the same level of confidentiality and security, and to respect Rephine’s intellectual property. Rephine is working towards certification for ISO 27001, a specification for an information security management system (ISMS) in order to further ensure the security of data and to provide clients and partners trust in Rephine.