Terms & Conditions

Introduction:

  • These Terms govern the use of the IAFS Database by Accreditation Bodies.
  • "We," "our," or "us" collectively refer to IAFS-DB and Quality Trade Pty Ltd.
  • The Accreditation Body using the IAFS Database is addressed as "you" and "your."
  • Acceptance of these Terms is implied by your use of the IAFS Database.

    • Definitions:

  • Adopts terms defined in the IAFS Mandatory Document (IAFS MD).

    • Additional terms:

  • Accreditation Body: Entity signatory to the International Accreditation Forum Multilateral Recognition Arrangement under ISO/IEC 17021-1.
  • Accreditation Body Data: Information uploaded by Accreditation Bodies on the IAFS Database about accredited Certification Bodies, as per IAFS MD requirements.
  • Your Accreditation Body Data: Data uploaded by you to the IAFS Database.
  • Accreditation Body Analytical Data: Analyzed data, including Your Accreditation Body Data and Certified Entity Data, aggregated and anonymized.
  • Anonymised Analytical Data: Aggregated and anonymized data derived from Accreditation Body Data and Certified Entity Data.
  • Certification: Certification granted by a Certification Body.
  • Certification Body: Entity accredited under ISO/IEC 17021-1.
  • Your Certification Body: Certification Body accredited by you.
  • Certification Body Analytical Data: Data derived from Certified Entity Data in the IAFS Database related to Certified Entities and their certifications.

    • Acceptance of Terms:

  • Your use of the IAFS Database implies acceptance of these Terms. These terms outline the conditions and definitions governing the use of the IAFS Database by Accreditation Bodies

    • Certification Body Analytical Data:

  • Data derived from Certified Entity Data in the IAFS Database that is anonymized and aggregated.
  • Benchmarking of data described in subclause 1.4(a) against data described in subclause 1.4(b).

    • Certified Entity:

  • Entity issued accredited management systems certification(s) under ISO/IEC 17021-1 by a Certification Body.

    • Certified Entity Data:

  • Information about a Certified Entity required by IAFS to be uploaded to the IAFS Database.

    • IAFS:

  • International Accreditation Forum Inc.

    • IAFS Database:

  • Database known as "IAFS Certsearch," owned and maintained by or on behalf of IAFS-DB.
  • Stores and processes Accreditation Body Data and Certified Entity Data for specified purposes.

    • IAFS-DB Website:

  • Website owned by IAFS-DB, located at www.internationalaccreditationforumsystem.org

    • Personal Data:

  • Information uploaded to the IAFS Database that identifies or can identify a specific individual.

    • Purpose:

  • Collection and storage of information about Accreditation Bodies, Certification Bodies, and Certified Entities.
  • Enable Users to validate information about accreditations and certifications.
  • Make available market information and trends in the form of Anonymized Analytical Data, Verification Data, Accreditation Body Analytical Data, and Certification Body Analytical Data.

    • Quality Trade Pty Ltd:

  • Software development, data hosting, and management services organization contracted by IAFS-DB.
  • Certified to ISO/IEC 27001 Information Security Management System and ISO/IEC 27701 Privacy Information Management System.

    • Safeguards:

  • Technological measures outlined in Annexure A.

    • System:

  • Comprised of the Upload Facility, the IAFS Database, and the IAFS-DB Website.

    • Uploaded Data:

  • Data provided by Accreditation Body to the IAFS Database via the Upload Facility and/or other designated means.

    • Upload Facility

  • Accreditation Body login-protected portal created by IAFS Database for uploading Accreditation Body Data.

    • User:

  • User of the IAFS-DB Website or the IAFS Database via electronic format.

    • Verification Data:

  • Information, data, analytics, sound, video, graphics, and images in the IAFS Database, including Accreditation Body Data and Certified Entity Data.

    • Upload of Accreditation Body Data:

  • Make reasonable efforts to upload Accreditation Body Data following the IAFSMD.
  • Ensure that Accreditation Body Data is free from Personal Data.
  • Take measures to guarantee that uploaded data is free from Harmful Code,which refers to technologies intending to harm or impede computer systemsor networks.

    • Usage and Processing of Uploaded Data:

  • IAFS- may use, process, and distribute Accreditation Body Data in line withthe Purpose.
  • Inconsistencies between IAFS and these Terms will be resolved in favor of IAFS.
  • IAFS may use, process, publish, and distribute information about Accreditation Body and/or Certification Body for verification purposes.

    • Ownership of Data:

  • All Accreditation Body Data remains your property.
  • Derivative works created by IAFS-DB, including Accreditation Body Analytical

    • Data, Certification Body Analytical Data, Verification Data, and Anonymized Analytical Data, remain the property of IAFS-DB.

    Licence for Access and Use:

  • In compliance with IAFS MD and these Terms, IAFS-DB grants you a free licence to access and use Accreditation Body Analytical Data and Certification Body Analytical Data.

    • Scope of Licence:

  • The licence does not include access to analytical data of a Certification Bodythat you do not accredit, except when aggregated and anonymized.
  • It includes access to data derived from Your Accreditation Body Data and Certified Entity Data uploaded by you or Your Certification Bodies.

    • Licence Grant:

  • The IAFS grants you a licence to use, republish, and redistribute the Accreditation Body Analytical Data and Certification Body Analytical Data.

  • Internal Use:

  • This licence allows you to use the data for your internal purposes. Republishing and Redistribution Conditions:
  • Permits you to republish and redistribute the data as described in above written clause
  • Allows the use of Accreditation Body Analytical Data and Certification Body Analytical Data for internal analysis and decision-making.

    • Reasonable Volume and Frequency:

  • The volume and frequency of publication and distribution should be reasonable and not harm the IAFS interests.

    • Lawful Purposes:

  • Publication and distribution must not be for unlawful purposes.

    • Anonymised Analytical Data:

  • Pe
  • rmits the publication and distribution of Anonymised Analytical Data. Excessive or Detrimental Actions:
  • The publication and distribution should not be excessive or detrimental to the IAFS, hindering third-party subscriptions.

    • Automatic Reports:

  • Accreditation Body Analytical Data and Certification Body Analytical Data are automatically generated reports accessible through the IAFS Database.

    • Licence Revocation Conditions:

  • The IAFS-DB may revoke the licence under various circumstances such as membership or signatory status changes, non-compliance with obligations, or termination of these Terms.

    • Acknowledgment Requirements:

  • When republishing or redistributing data, acknowledgment must be made of the specific URL link to the IAFS Database as the data source. The date of the last verification or access must also be provided in a clear and conspicuous manner next to the data.

    • Contiguous Placement:

  • Acknowledgments and dates of access should be contiguous to the republished or redistributed data, either in brackets or a footnote on the same page.

    • Proper Use of Symbols:

  • Properly use registration and/or trademark symbols of IAFS Database when acknowledging it as the source of republished or redistributed data.

    • Maintenance of Current Data:

  • Maintain the most current version of all distributed or published data. Clearly state if the products/services/applications may not reflect the latest data accessed from the IAFS Database on a specified date.

    • Accreditation Body Obligations:

  • Act in good faith to support the Purpose.

    • Follow specific guidelines:

  • Publish Anonymised Analytical Data according to these Terms.
  • Access the IAFS Database only as permitted by IAFS.
  • Obtain prior written approval from IAFS-DB before providing any third party with access to the Upload Facility.
  • Adhere to authorised methods when accessing Accreditation Body Data and/or Certified Entity Data uploaded by another entity.
  • Avoid interfering with the proper operation of the System.

    • Restrictions on Actions:

    Do not:

  • Extract software or other functions provided by IAFS Database Operator.
  • Disassemble, decompile, reverse engineer, or attempt such actions on the System.
  • Allow actions that may damage the reputation of the IAFS Database or bring disrepute to IAFS Database Operator.
  • Attempt unauthorised access to Certified Entity Data or Certification Body Analytical Data.

    • Unauthorised Access Clarification:

  • Do not attempt to gain unauthorised access to Certified Entity Data or Certification Body Analytical Data belonging to entities not accredited by you.

    • Proper Acknowledgment:

  • When acknowledging IAFS Database as the source, use registration and/or trademark symbols correctly.

    • Maintaining Data Accuracy:

  • Ensure that distributed or published data reflects the most current version.
  • Clearly state if products/services/applications do not reflect data accessed from the IAFS Database on a specified date.

    • Accreditation Body's Good Faith and Fair Dealing Obligations:

  • Act in good faith to support the Purpose.
  • Avoid publishing Anonymised Analytical Data outside the terms of these Terms.
  • Do not attempt unauthorised access to the IAFS Database or use it for purposes not permitted.
  • Obtain written approval before providing third parties with access to the Upload Facility.
  • Respect the restrictions on accessing Accreditation Body Data and Certified Entity Data.
  • Avoid extracting software or functions from the System without permission.
  • Do not interfere with the proper operation of the System or damage the reputation of the IAFS Database.
  • Refrain from attempting unauthorised access to Certified Entity Data or Certification Body Analytical Data not accredited by you.

    • Accreditation Body Responsibilities:

    Security Issues Reporting:

  • If you notice any issues with the System's secure operation, including misuse or data breaches, report them to IAFS-DB within 72 hours via email at info@IAFScertsearch.org.

    • System Use and Issues:

  • Use the System for its intended purpose and promptly report any technological or operational issues, including data breaches, to IAFS-DB.

    • IAFS Responsibilities:

    Information Accuracy:

  • IAFS will make reasonable efforts to keep information in the IAFS Database current, but accuracy depends on each Accreditation Body's compliance.

  • Assistance and Security Measures:

  • Provide reasonable assistance for Accreditation Body's use of the Upload Facility.
  • Maintain safeguards and conduct annual third-party penetration testing for data security.
  • Notify Accreditation Bodies of material data security issues.

    • Privacy Compliance:

  • Comply with applicable privacy laws, including the General Data Protection Regulation (GDPR).
  • Clarify roles: IAFS is the 'data controller,' and Quality Trade Pty Ltd is the 'data processor' for processing Personal Data under GDPR.

    • Additional Matters:

    Data Retention:

  • Retain Uploaded Data and other provided information for a reasonable period necessary for the Purpose.

    • Personal Data Upload:

    You're not required to upload Personal Data in Accreditation Body Data, but if you or your Users voluntarily provide it (e.g., email address), refer to the "Privacy Policy."

    Limitation of Liability:

    Disclaimer and Liability Limits:

  • Display terms in the IAFS Website & Database regarding indemnification, disclaimer, and limitation of liability to protect Accreditation Bodies and Certification Bodies.
  • We won't be liable for consequential, incidental, or special damages. Our total liability won't exceed the available insurance proceeds approved by our insurer.
  • You won't be liable to us for any direct or indirect damages, even if advised of the possibility, whether in contract, tort, or otherwise.

    • Insurance Certificates:

  • We will provide certificates of insurance within three Business Days upon your written request.

    • Indemnification:

  • We will indemnify and defend you, including your officers, directors, employees, agents, etc., from third-party claims, suits, actions, or expenses related to our obligations under these Terms.
  • Make reasonable efforts to minimize your loss.
  • Provide prompt written notice of the claim, including detailed information and relevant documents.
  • Failure to promptly notify or cooperate won't affect your right to seek indemnification unless it materially affects our defense.
  • We have the right to control the defense, but you can have your own counsel at your expense.
  • Our obligation to indemnify doesn't apply if the liability arises from your negligence, willful misconduct, or breach of these Terms.

    • Term:

  • The term begins upon consent and continues until terminated.
  • Either party can terminate without cause by providing 90 days' written notice.
  • Either party can terminate for a material breach, with a 30-day cure period after notice.
  • We can terminate immediately if your IAFS MLA status ends, is suspended, or withdrawn for any reason.

    • Upon termination:

  • All respective rights and obligations end, except for liabilities from breaches before termination.
  • Provisions (Limitation of Liability), (Indemnification), and (Miscellaneous) persist.

    • Miscellaneous:

  • Nothing in these Terms creates an employment, joint venture, franchisee, agent, or partnership relationship.
  • Failure to enforce any term doesn't waive the right to enforce it later.
  • Notices and demands will be in writing, transmitted by email to the provided addresses.
  • If a provision is illegal or unenforceable in a country, it may be severed, and the rest of the terms remain.
  • These Terms can only be modified in writing, signed by all Parties.
  • Governed by the internal laws of Delaware, without regard to conflicts of law principles.
  • Any dispute will be settled by arbitration under UNCITRAL rules in The Hague, Netherlands.
  • These Terms are binding and enforceable by successors and assigns, with no assignment without written consent.
  • These Terms, including any annexures (incorporated by reference), constitute the entire agreement, superseding prior agreements.
  • Nothing overrides the IAFS Website or IAFS Database Terms of Use or Privacy Policies.
  • Headings for reference only and not part of the Terms.

    • Safeguards:

    Independent annual penetration testing focusing on critical vulnerabilities. Testing security controls like authentication, authorization, encryption, etc. Testing vulnerabilities like SQL injection, cross-site scripting, etc. Testing Security Controls:

  • Authentication
  • Authorization
  • Encryption
  • Session Management
  • Denial of Service
  • Data Leakage
  • Data Validation

    • Testing Vulnerabilities:

  • SQL Injection
  • Access Control Bypass
  • Cross-Site Scripting
  • Insecure Administrative Interfaces
  • Vulnerable Software
  • Command Injection
  • SMTP Injection
  • Insecure File Upload Controls
  • Information Leakage

    • The System platform will be hosted on secure servers in the cloud, managed by an organization accredited with certification from an IAFS MLA Signatory for ISO/IEC 27001. This includes:

  • Utilizing a Web Application Firewall or a similar tool to safeguard web applications and APIs against web exploits.
  • Regular backup procedures with all data hosted in the EU.
  • Implementation of inline attack mitigation.
  • Deployment of advanced security functions, such as tailored detection based

    • on application traffic patterns, health-based detection, advanced attack mitigation, proactive event response, visibility and attack notification, centralized protection management, and real-time AI bot detection. All applications and services essential for the System's operation will be shielded by current anti-malware/virus protection.

    You are responsible for indemnifying, defending, and holding harmless IAFS Database, Accreditation Bodies, Certification Bodies, and third-party service providers against any claims, suits, actions, or expenses arising from:

  • Your use of the Website, Database, Verification Data, and/or Subscription Service.
  • Non-compliance with or breach of these Terms.
  • Your use of Third-Party Products.
  • Unauthorized use of the Subscription Service by others using your User information.

    • Disclaimer of Accuracy and Reliability:

    The IAFS Database strives to provide relevant and helpful information for lawful purposes. However, we make no guarantees about the accuracy, reliability, currentness, or error-free nature of the information in the IAFS Database. We do not assure that the database will function without disruptions, delays, or malfunctions.
  • IAFS Database, Accreditation Bodies, and Certification Bodies make no representations or warranties regarding the suitability, reliability, availability, timeliness, security, or accuracy of the Subscription Service, Certified Entity Data, data from the Subscription Service, and/or Verification Data for any purpose.
  • To the maximum extent permitted by law, the Subscription Service, Certified Entity Data, data from the Database or Subscription Service, and Verification.
    • Data are provided "as is" without warranty or condition of any kind.

    Disclaimer of Representations and Warranties:

    To the maximum extent permitted by applicable law, IAFS Database (and its officers, directors, employees, agents, third-party service providers, licensors) make no representations or warranties.

  • IAFS Database, Accreditation Bodies, and Certification Bodies provide no assurances regarding the Subscription Service, Certified Entity Data, data from the Database or Subscription Service, and Verification Data.
  • These services are provided "as is" without warranty or condition of any kind.

    • Disclaimer of Warranties:

    Accreditation Bodies and Certification Bodies disclaim all warranties and conditions regarding the Subscription Service, Certified Entity Data, data from the Database or

    Subscription Service, and Verification Data.

    This includes implied warranties or conditions of merchantability, fitness for a particular purpose, title, and non-infringement.

    IAFS Database, its licensors, distributors, agents, employees, Accreditation Bodies, Certification Bodies, and third parties involved make no representations or warranties.

  • Regarding the Website, Database, Certified Entity Data, data from the Database or Subscription Service, and Verification Data.
  • Users assume the entire risk concerning the performance, results, consequences of downloading files, quality, accuracy, reliability, suitability, and standing of any person or entity mentioned in the Database.

    • Limitation of Liability:

    In no event will IAFS Database, its officers, directors, employees, agents, third-party service providers, licensors, Accreditation Bodies, and Certification Bodies be liable for:

  • Direct, indirect, punitive, incidental, special, or consequential damages.
  • Including lost profits, lost data, or lost business.

    • Note: The limitation of liability applies to the maximum extent permitted by law.