The Limited Times

Now you can see non-English news...

Data protection: the DGSI warns companies that use external auditors

2022-12-01T16:09:17.801Z

For the internal intelligence service, external audits allow certain dishonest actors to recover sensitive data from a company.



The General Directorate of Internal Security (DGSI) calls on companies to be wary of external audits.

They generally do so in a context of commercial growth, when they enter a new market or when they carry out a merger or sale of activity.

For the internal intelligence service, these audits “

can promote the capture of company data and that of its customers

”, but also of subcontractors and business partners.

To discover

  • Prime Macron 2022: conditions, amount, date of payment... how does it work?

Behind these external audits, the DGSI groups commercial audits, acquisition audits, regulatory compliance audits and export audits as part of the integration of a product into a new market.

To carry them out, companies call on consulting firms, evaluation centers specializing in compliance, investment funds or third-party companies.

But some actors can turn out to be dishonest.

Read alsoEspionage: compliance as a legal Trojan horse

The DGSI details the example of a foreign investment fund which is suspected of having acted as an intermediary for the transmission of data to competitors.

In its last note of November, the organization indicates that after "

having signed a confidentiality agreement and before drafting a letter of intent, the fund carried out a detailed audit giving it access in particular to the work of non-patented research developed by the company

”.

Following this control operation, the French company had no news from the investment fund and now fears that it has been the victim of the capture of sensitive data.

Another example, a tricolor industrial group operating partly in a foreign State was forced, by a new local regulation, to accept “

particularly intrusive audits

”.

The authorities could demand “

access to precise information on French society, such as the exact composition of the products, the origin of the raw materials or the identity of the suppliers

”.

So much information that could make it possible to "

facilitate the production of counterfeits

", note the internal security services.

To guard against this type of fraud, the DGSI recommends being particularly vigilant when choosing the service provider in charge of the audit, by studying its reputation.

It also recommends “

identifying sensitive company data to which the audit firm should not have access

”.

Once the auditors are on site, the company must define their scope of action and “

raise staff awareness so that any suspicious behavior is reported

”.

Finally, the company should not hesitate to “

strengthen the contractual clauses established with the audit service provider

”.

However, if data capture is already suspected, the DGSI recommends contacting it and considering legal action.

Source: lefigaro

All business articles on 2022-12-01

You may like

Trends 24h

Business 2023-01-27T06:51:29.804Z

Latest

© Communities 2019 - Privacy