> We have strict safeguards to prevent the theft of our confidential commercial information and trade secrets
This is just something companies have to say to keep their certifications / audits valid and not get sued by shareholders. In the end any system is leakable if workers really want to.
It's also to be defensible in court. If an opposing party can make the valid argument that "They leave the doors wide open and scatter IP willy-nilly, why wouldn't the IP get leaked?" it makes it harder to argue "Person X stole information when it was obvious that there was an expectation of secrecy"
This is just something companies have to say to keep their certifications / audits valid and not get sued by shareholders. In the end any system is leakable if workers really want to.