But you can put various things in place. E.g. limited access, (external) audits, etc. Such things are entirely standard and expected for any big company.
Saying "cannot guarantee" is too much nitpicking. Such needs (limit the access, etc) happens all the time. Say you want to takeover another (competitor) company. During that process you'll need to figure out a lot of information. However, you're competitors and you aren't allowed to do that. The common solution is to "ring fence" that team. Such "ring fencing" is a normal occurrence.
Similarly, you can also educate what is allowed and what not on a regular basis.
The company I work for has annual repeating courses for various basis things. Meaning, GDPR, competition law, fraud, etc. They're highly annoying and enough people try to ignore the course and go straight to the questions. It'll be difficult to pass if you didn't do it. Not doing those course will get you an email
After doing all that you'll still have enough cases where people were found to have committed fraud, etc. But that's entirely different than 'cannot guarantee'.
I know you went into things I said above. However, immediately saying "cannot guarantee" is too much of a technical answer. Yeah, there might be cases. But your whole response is a lot of proactive things. You also need to check after the fact, plus do more than just a policy. There is more than enough possible. Further, the question that was asked is entirely normal.
But you can put various things in place. E.g. limited access, (external) audits, etc. Such things are entirely standard and expected for any big company.
Saying "cannot guarantee" is too much nitpicking. Such needs (limit the access, etc) happens all the time. Say you want to takeover another (competitor) company. During that process you'll need to figure out a lot of information. However, you're competitors and you aren't allowed to do that. The common solution is to "ring fence" that team. Such "ring fencing" is a normal occurrence.
Similarly, you can also educate what is allowed and what not on a regular basis.
The company I work for has annual repeating courses for various basis things. Meaning, GDPR, competition law, fraud, etc. They're highly annoying and enough people try to ignore the course and go straight to the questions. It'll be difficult to pass if you didn't do it. Not doing those course will get you an email
After doing all that you'll still have enough cases where people were found to have committed fraud, etc. But that's entirely different than 'cannot guarantee'.
I know you went into things I said above. However, immediately saying "cannot guarantee" is too much of a technical answer. Yeah, there might be cases. But your whole response is a lot of proactive things. You also need to check after the fact, plus do more than just a policy. There is more than enough possible. Further, the question that was asked is entirely normal.
reply