The purpose of this document is to confirm the policy and procedure for handling of data in the SITMA Scheme. This policy covers applicants, candidates and testers. This document should be read in conjunction with QMS019.

Types of Data

SITMA handles the following types of data
Data about applicants
Date about candidates
Data about testers
Data for Lodgement, which includes confidential information about testers testinglocations, raw data, and results.
Emails, which may contain confidential information.
Letters, which may contain confidential information.
Scheme Information
   Personnel records
        + Contracts
        + Training
        + Qualifications
        + Payroll
   Quality Management System records
        + Internal Audits
        + Management Review
        + Document Control

Security
3.1 Data held by SITMA (applicants, candidates, testers, letters and scheme information)is held in Microsoft SharePoint which is held in the cloud.
3.1.1 Data is automatically backed up as soon as any file is saved.
3.1.2 SITMA has a ‘business’ Microsoft account which provides additional security features, such as ‘Previous Versions’ which allow the recovery of older versions of files, should the current versions be corrupted or lost.
3.1.3 Only users authorised by the scheme manager can access the files stored in SharePoint.
3.1.4 In order for the account to be accessed, a two-step verification is required. Firstly, a complex password requiring alpha numeric, non-alpha numeric and a number is required. To then gain access, a 6 digit password is sent to the Scheme Managers mobile telephone each time access is required. 
3.2 Lodgement Data
3.2.1 Lodgement data, i.e. the data held for each company’s sound tightness tests, is held on our secure Microsoft Azure server 
3.2.2 Lodgement data includes data about the tester. 
3.2.3 In order to access Lodgement, you need to be set up on the website. You are then asked to register a password and a security question. The password is kept secret. SITMA, nor any of its personnel have access to this password.
3.3 Emails
3.3.1 Emailing is hosted by Microsoft Office 365 who provide us with emails via Microsoft’s email platform. Passwords are set by the users when registering.
3.3.2 All computers are password protected and have antivirus software installed to minimise the risk of malware and viruses.
3.4 Letters / Mail
3.4.1 All mail is shredded once scanned (if applicable).

Uses of Data
SITMA will never give or sell applicants, candidates, testers or any other form of data to any company.
SITMA will never release information from applicants, candidates, testers without the prior explicit consent (as defined in QMS009) except required by law.
SITMA may provide lodgement data, minus any personal or identifying information, to research bodies that are pre-approved by SITMA. The data that may be shared will only be:
• Building type
• Construction Type
• Result
• Target
• Town and or Postcode of Site
Examples of companies that may use this data for research purposes are:
• Universities
• Home Nation Governments*
• Public Health Authority
• HSE
*Home nation governments may periodically request specific data from the scheme,
such as
• Membership Numbers
• Complaints
• Financial Information (not for public dissemination)
• Information regarding third party audits (not for public dissemination)
Should a request be made for data that falls outside of research use (i.e. a company wishing to purchase data), we would require permission from each tester in order to do so. This would be done on a case by case basis. There is no blanket ‘yes’ or ‘no’ for all data being shared.

SITMA Record Keeping
5.1 A membership database (Lodgement system) is maintained which contains the following information:
• Name, address and contact details of Testers, applicants, candidates and certificants
• Names of Companies they are associated with (if applicable)
• Qualifications (Level) of each Tester.
• Number for each Tester
• Audit plans and records, including Witness Test dates and records;
• Annual fees
• Correspondence and other relevant information
5.2 Document Storage
5.2.1 All documents and information related to a tester are stored electronically.
5.2.2 Documents are stored securely in the individual testers file.
5.2.3 Electronic files are held on the SITMA sharepoint as described above.
5.3 Document Retention
5.3.1 All documentation shall be retained for five years after membership ceases.
5.3.2 If an individual is refused approval as a Tester, documents shall be retained for a minimum of five years, but may be archived after two years. A list of testers and individuals refused approval will be maintained within the database.
5.3.3 If an individual ceases to be registered, documents will be archived and retained for a minimum of five years. A list of previous Firms and Testers will be maintained within the database.
5.3.4 Disposal of paper copies of documents will take place through a confidential waste disposal.
5.4 Database Contractor and Website
5.4.1 The database of test results is back-upped continuously off-site.
6 Tester Record Keeping
6.1 As a guideline, testers should keep and securely store records of their operations and responsibilities, including (not exclusively) the following:
o Training and qualifications;
o Testing contracts;
o Reports and results, together with lodgement details and the SITMA Test
Certificate reference;
o Audits and corrective actions;
o Complaints;
o Testing equipment;
o Calibration certificates, validity and expiry dates;
Note: it is advisable to keep an equipment and calibration log which will flag up expiry or recalibration dates sufficiently in advance.
7 Document Retention
7.1 Records of testing contracts, reports and results, lodgement references, audit reports and corrective actions, complaints and other testing-relevant information should be kept securely for a period of not less than 10 years.
8 Certification Verification
8.1 Records of certification are held on the public website (https://www.bcta.group/sitma/members/sound-testing-members-uk/). This how members of the public and stakeholders can check verification of a SITMA tester and their current certification status.