São Paulo, 06.04.2023 - The process of Due diligence it is usually necessary for some procedures, such as mergers and acquisitions of companies, going public (IPO) and hiring representatives or distributors.
*Nathalia Soares
Which is Due diligence?
The term in English means “due diligence” and, in some contexts, it can be understood as “prior diligence”. In addition to the terminology, the concept of Due diligence covers the investigation, survey and analysis process that aims to diagnose strengths, vulnerabilities and risks in various areas of a company, such as financial, legal, environmental, technological, tax, among others, in addition to assigning value to its assets.
What is the use of Due diligence?
The process of Due diligence it is usually necessary for some procedures, such as mergers and acquisitions of companies, going public (IPO) and hiring representatives or distributors.
As a rule, the Due diligence It is an important instrument used to present the real situation of a company with regard to its assets, balance sheets, suppliers and employees. It is through this process that finance, the compliance, activities, strengths and vulnerabilities are mapped, identified and valued.
Thus, it can be summarized that the Due diligence it is a process dedicated to raising, identifying and assigning value to assets (tangible and intangible, such as activities and prospecting for new business, information, facilities, employees), as well as assessing the strengths and risks to which these assets are exposed.
Who should carry out Due diligence?
Taking into account that from Due Diligence several important decisions can be taken, it is safe to say that this analysis must be done with care and precision. Therefore, it is important that this procedure be conducted by a multidisciplinary professional team, impartial and prepared to identify potential exposures to risks.
This team can be internal, from the company itself to be analyzed. However, the independence and fairness of the assessment is better guaranteed with the execution of this analysis by a third party.
What is the importance of due Diligence for Information Security?
As stated earlier, the Due diligence aims, among other objectives, to survey the assets of a company and the risks linked to these assets.
Among these risks are those that are fundamentally related to the activity carried out by the organization, as well as those that are configured as assets of data, information and information systems. It is on these risks, linked to the company's activity and its information, that Information Security is based.
THE Due diligence provides the basis for the Risk Analysis (crucial for the ISO 27001 and ISO 27002 standards) to be properly and adhered to. From the survey of assets and the risks linked to them, it is possible to establish the financial volume exposed, as well as the degree of risk. In this way, it is possible to analyze and determine the best way and priorities for treating the risks raised.
*Nathalia Soares is Safeway's GRC consultant
HOW CAN WE HELP?
SAFEWAY is an Information Security consulting company recognized by its clients for offering high added value solutions through projects that fully meet the needs of the business. In 15 years of experience, we have accumulated several successful projects that have earned us credibility and prominence among our clients, which largely constitute the 100 largest companies in Brazil.
Today through 25 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best technology, process and people solutions. We have both the technical skills and the necessary experience to help your company carry out assessments and identify cyber risks, covering the pillars of people, processes and technology. If you want more information, contact one of our specialists!
