Skip to content

QM-Corner: Dealing with confidential documents

QM Corner stands for one topic, one hour and virtual. In the second session, the established format dealt with the topic of handling confidential documents and the role of quality management.

Dealing with confidential documents is an essential part of quality assurance and the integrity of a company in mechanical and plant engineering. It is the responsibility of quality management to implement appropriate policies, procedures and controls to protect confidential information and ensure compliance with relevant regulations. In light of the fact that the German Accreditation Body (DAkkS) is increasingly demanding company documents as part of the verification process, this topic is becoming even more important.

On 9 April 2024, ProduktionNRW organized the second NRW-QM-Corner to raise awareness of this topic in the mechanical and plant engineering sector and to offer direct support.

Dealing with confidential documents

Dr. Frank Bünting, Deputy Head of Department at VDMA Business Advisory, reported that auditors are increasingly demanding proof of conformity and non-conformity from companies. This also applies in some cases to information classified by companies as sensitive or confidential. The reason given is a stricter requirement of the DAkkS, which does not exist in this form.

Specific verification requirements include the documented information on the management system, which must be recorded, updated and permanently stored. Among the specific verification requirements, audit findings must fulfill the following points:
– describe (fact-finding and evaluation by the auditor)
– determine (comparison with customer/verification against standard)
– classify (evaluation of criticality and risk assessment)
– record (substantiation by objective evidence)

Companies must make arrangements for access to confidential documents in order to be able to implement the verification process. It is helpful to classify the documents, define how they are handled and establish measures for protection and confidentiality. For example, companies can determine what information can be made available to the auditor and in what form. In this way, they can make clear contractual arrangements with the service provider regarding the provision of evidence, rights to information, access to information and the protection of confidential information.

Exchange of experience and discussion

The concluding discussion revealed that many companies from the mechanical and plant engineering sector pass on confidential documents to auditors without having a clear structure for classifying their documents.

Until now, many companies have resorted to non-disclosure agreements (NDAs) to protect their own documents and intellectual property. This regularly leads to discussions about what information should be passed on. When a customer requests data, the handling of confidential documents is even more challenging, as the customer should be won over or retained for the company’s own business. It was therefore considered extremely useful to classify documents according to their level of confidentiality.

Further information


The event was organized by ProduktionNRW. ProduktionNRW is the cluster for mechanical engineering and production technology in North Rhine-Westphalia and is organized by VDMA NRW. ProduktionNRW sees itself as a platform for networking, informing and marketing companies, institutions and networks with each other and along the value chain. Significant parts of the services provided by ProduktionNRW are funded by the Ministry of Economic Affairs, Industry, Climate Protection and Energy of the State of North Rhine-Westphalia.