During Management System audits, IMS will require access to organisational records in order to verify and validate compliance against the relevant standard being assessed. If there are any records which cannot be made available for review by the audit team for reasons of confidentiality or sensitive information IMS will need to be informed prior to any certification activity taking place.
IMS shall undertake a review of the information given to us and determine whether the Management System can be adequately audited in the absence of these records. If conclusion is made that it is not possible to adequately audit the Management System without reviewing the identified confidential or sensitive records, the organisation shall be informed that the certification audit cannot take place until appropriate access arrangements have been granted.
It is often possible to see the same process without seeing certain records, we can look at a similar one instead. This is often the case where ITAR is applied.