The Barrack St Compliance Co (BSCC) is committed to protecting the privacy of the organisations we provide services to and the personal information they provide. We are a registered organisation under the Privacy Act 1988 and the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth).

Our Privacy Statement is provided to prospective clients in the proposal documentation they receive and this copy is maintained on our website.

1. Collection of personal information

We provide internal auditing services to private entities and regulatory auditing services to federal and state government agencies as well as conducting conformity assessment services to clients registered under the NDIS. During an audit or conformity assessment service, we review and may record a range of personal information to meet our contractual obligations in line with Vocational Education and Training (VET) standards and other government regulations and guidelines including the Joint Accreditation System – Australia and New Zealand (JAS-ANZ).

This information is collected to inform the completion of internal Audit Reports, Audit Reports and Conformity Assessment reports conducted on behalf of regulatory bodies.

2. What happens if an organisation does not provide personal information as requested?

An organisation may choose not to provide us with the information requested, however, this action may affect our ability to deliver services to that organisation. Depending on the type of service BSCC is providing refusal to provide the required information it may be in breach of its legislated obligations and penalties or sanctions may be applied by the relevant regulatory body.

3. Who do we disclose personal information to?

Summary information of an organisation’s staff and students may be included in internal and regulatory Audit Reports produced by the BSCC. A copy of audit reports are generally provided to the organisation’s Chief Executive or to a regulatory body as required.

4. How do we store personal information?

We will securely store any personal information provided to us during an audit process in line with BSCC policy and procedures. Our document management policy meets the requirements of all regulatory bodies that govern the operations of BSCC.

5. Access to personal information

Generally, the BSCC will not retain the personal information of individuals. As such, any requests for access to personal information will be referred to the relevant organisation. Where the BSCC has retained personal information of an individual that request is to be directed to the BSCC Privacy Officer.

6. Disposal of Information

Internal Audits

At the conclusion of each audit process, the BSCC will return to the organisation or securely destroy the information provided by the organisation for the purpose of conducting the audit.

Conformity Assessment Activities

All records relating to conformity assessment activities will be retained by BSCC for a period of no less than 7 years.

Regulatory Audits

At the conclusion of each audit process, the BSCC will return the information provided by the organisation to the regulator and / or securely destroy the information (as directed by the regulator).

7. How to Make a Complaint

If an organisation has a concern about the BSCC’s handling of personal information they are encouraged to detail their concerns by lodging a Complaint and Appeal as per the BSCC Complaints and Appeals Policy located on the BSCC website. BSCC will work to resolve the concern in an efficient and timely manner.

If after the conclusion of this process the organisation believes the BSCC has failed to resolve their concerns, they may make a direct complaint to the Privacy Commissioner by calling 1300 363 992 or emailing This email address is being protected from spambots. You need JavaScript enabled to view it. or visiting the website

8. Contact Details

The Privacy Officer
Barrack St Compliance Co
(02) 6100 6560