7 Elements of a Holistic IP Protection Plan



Sixth in a Series from Former DuPont CISO on Trade Secret Protection for Manufacturers

As I began explaining in my last post, the best programs for intellectual property protection take a holistic approach, where everyone in the organization and the extended enterprise has an equal stake in its success. The IP protection framework outlined in this blog series takes effective governance, risk and compliance programs as its model.

Your program should have the following seven elements to organize and manage risks, objectives, and reporting:

  1. Written Policies & Procedures
    It goes without saying that IP protection relies on unambiguous, clearly communicated policies and procedures. These define what is required of employees, outsourcers, suppliers, contractors, consultants, vendors, and all other third parties when accessing, utilizing, and properly handling the company’s trade secrets. These rules need not be draconian, just reasonably capable of reducing the risk of mistake or misconduct. Compliance with these policies must be a condition of employment, contracting, and procurement by the corporation.
  2. Regular Risk Assessments
  3. Audit, Monitor, & Report
    Borrowed from compliance programs, the next two elements of our framework focus on routine measurement and course correction. Are the recommended IP protection procedures being followed? Are our policies too confusing? Are corporate standards too strict or too loose? Once a year, risks to trade secrets should be reassessed and reprioritized. The IP risk committee can use metrics, audits, and incident reports to make improvements to the program as necessary, over time.
  4. Effective Education
    The quickest route to success is to create an ownership culture where all are committed to safeguarding secrets. Anyone who handles sensitive or proprietary data in the course of their jobs should be trained on company standards, policies, and procedures. Communication methods range from mandatory computer-based training to newsletters, bulletins, and videos. Educate everyone on the realities of both outsider and insider threats such as the disgruntled employee, careless contractor, or honest mistakes by the loyal supplier. Users can be human detectors watching for phishing attacks and other IP loss red flags. A truly committed trainee goes beyond doing the minimum necessary, understanding that their livelihood is at stake when trade secrets are lost.
  5. Delegation of Authority
  6. Consistent Enforcement
  7. Response to Violations
    The last three elements describe effective administration of a consistent IP protection program. Strict “need-to-know” guidelines should be implemented, granting IP access authority only to those who have earned that trust. Maintain multiple avenues for reporting potential breach incidents (e.g. a hotline and email). It’s everyone’s responsibility to be on the lookout for violations of data protection policy. Corrective actions should be taken swiftly and consistently at all levels – assuming the violator was previously trained, of course. Don’t be shy about reporting these incidents across the company. This is not to instill paranoia but rather to teach by example. Recognize and reward those involved for their vigilance.

You might want to download my e-book covering 5 key IP protection tips to follow based on the practical experience of Digital Guardian’s manufacturing industry customers.

Read the full series:

  1. The Threats to Your Trade Secrets are Real
  2. Why Offshoring Complicates IP Protection
  3. Calculating the True Cost of IP Theft
  4. Make the Case for Investment in Ongoing IP Protection
  5. How to Form an IP Risk Committee
  6. 7 Elements of a Holistic IP Protection Plan
  7. Defining Intellectual Property
  8. Lock up your IP and Control Access to it
  9. Discover the Weaknesses in Your IP Security
  10. Improve Your Ability to Detect Cyber-Attacks

 

Larry Brock

5 Practical Tips to Protect Manufacturing Trade Secrets

Five key recommendations to help evaluate if your organization’s security program can protect your IP from cyber espionage attacks. 

Get the e-book today

Related Articles
IP Protection in the Manufacturing Industry, an Interview with Larry Brock, Former CISO at DuPont

We interviewed Larry, former DuPont CISO, to get some insights into IP protection in the manufacturing industry.

Ex-Apple Employee Accused of Stealing Self-Driving Car IP

Federal agents apprehended a former Apple employee last week suspected of stealing intellectual property, including engineering schematics on the company's secret self-driving car technology.

Lock up your IP and Control Access to it

Eighth in a Series from Former DuPont CISO on Trade Secret Protection for Manufacturers

Larry Brock

Larry Brock (CISM) is the former global CISO at DuPont, a post he held for 11 years. He also served as CIO of DuPont’s Nylon Flooring business unit, as Information Security Officer in the U.S. Air Force and at the National Security Agency (NSA) for four years. Mr. Brock currently consults to companies helping them to improve their IP protection capabilities.

Please post your comments here