6 replies to this topic

[AtomicDancer]

Our company policy is to only share our policies and procedures with auditors on-site only. 

With current technology, virtual audits are becoming a thing. How do you handle sharing policies and procedures during a virtual audit? 

 

The concern is that we don't allow our documents to be copied during an on-site visit, so how do you prevent someone from taking screenshots during a virtual audit? 

[SQFconsultant]

We used to have clients send us their entire doc system by overnight when doing doc reviews for consulting purposes.

 

Now we use DropBox - there is really no way however for you to prevent downloads, screen shots, etc - never been an issue, anytime we have had to download something or print something for reference once we were done it was burned or shredded.

[jfrey123]

Check around with the various options in Zoom, Teams, whatever app you're using.  Some have tools to prevent attendees from taking screenshots, recording, or copying the text of the chat.  There are articles showing Teams can do it if your company has Teams Premium, but I think I've seen the option in Zoom as well.

[beautiophile]

Check around with the various options in Zoom, Teams, whatever app you're using.  Some have tools to prevent attendees from taking screenshots, recording, or copying the text of the chat.  There are articles showing Teams can do it if your company has Teams Premium, but I think I've seen the option in Zoom as well.

 

People can bypass with screen-sound capturing by an 3rd party apps.

I worked a bit in the ICT domain. There are needs to develop policies, codes of conducts and NDA practices while proceeding audits, inspections, meetings, etc. which are parts of information system security, e.g. ISO27001.

Edited by beautiophile, 05 September 2025 - 01:47 AM.

[GMO]

I have to be honest.  Why on earth do you think someone would be interested in your personal hygiene policy?  

 

If there is formulation information which is confidential then fair enough but when someone comes to your site, there is no way you can really ensure that they don't have recording devices on them.  One of the factories in the UK was famously put on a whistleblower programme.  How did the person do it?  Google glasses.  Nobody noticed.  And tech has got better.

 

I'd really look at what information is genuinely secret and redact it before showing.  So, for example, you may redact the ingredient description and just show codes on a formulation.  Tell the auditor up front that's what you're intending to do if it really matters.

 

I'm finding to be honest though that remote audits are becoming less common in this post covid world.  The alternative I guess is asking if you could have it on site instead?  It might be at your cost though and as I said, if someone is really determined...

[AtomicDancer]

Thank you for these responses. What I'm getting from the responses is that it really comes down to having the NDA and trustworthy customers. 

The policy not to share virtually was in place before I took the position. All policies eventually need to be updated; perhaps it's time to update this one. 

[GMO]

I think there is reason to be cautious but also reason to be realistic.  There will be people interested in your formulations etc but almost certainly not as much as you think they are.

 

A podcast I love, called Revisionist History went into depth about a product I have no idea about because I live in the UK but it's apparently a very famous English muffin.  Hilarious in itself because while muffins are a thing, they're not exactly a big deal.  If I'm going to have a decent bread based food, it's going to be some proper sourdough as far as I'm concerned.

 

Anyway, I digress.  The owners of the company prevented an employee of that organisation going to a competitor because he might take "their secret recipe".

 

I will cut a long story short.

 

Their secret recipe is a bog standard English muffin.  Nothing special, nothing artisanal.  In fact to try and replicate the recipe they kept having to make it worse and deliberately make it stale.

 

I'm sure industrial espionage is a thing but cyber security is a more important one.  Someone malicious is more likely to hold your systems to ransom nowadays than steal your secret sauce.  Ask M&S and COOP in the UK.  When hackers got in their systems and presumably had access to every formulation specification they have, they didn't bother recreating Colin the Caterpillar cakes or Percy Pigs (if you know, you know) but they held their payment and ordering systems to ransom costing the company millions and millions of £s.

 

So I'd agree.  Review it and make it really risk focussed.