How to form an IP Risk Committee



Fifth in a Series from Former DuPont CISO on Trade Secret Protection for Manufacturers

Based on the common experience of Digital Guardian’s manufacturing industry customers, we’ve come up with some key intellectual property protection tips that provide some guidance to follow. These are practical recommendations will help you evaluate if your organization’s current IP defenses are sufficient.

The best IP protection programs take a holistic approach, where senior leadership takes ownership but everyone in the organization and the extended enterprise has an equal stake in its success. The governance structure of IP protection programs when done correctly is hierarchical as well as cross-functional. Your IP protection framework must establish high-level responsibility to organize and manage risks, objectives, and reporting.

The CEO retains ownership, remains routinely engaged, reviews the program periodically and helps drive a successful effort across the organization and beyond.

The Company’s Governance Team – which typically includes function leaders from IT, Risk & Audit, HR, Legal and key business units – can help support the program by influencing their executive peers, eliminating barriers to success, recommending and approving data protection policy.

The IP Protection Program Leader can be from corporate IT (e.g. CIO), information security (CISO) or corporate security (CSO). This program leader heads a collaborative cross-functional IP Risk Committee.

The IP Risk Committee includes the executives above, plus the company’s compliance lead and duly appointed IP protection leaders from select functional areas such as R&D, Engineering or Operations. In addition, every business line should appoint someone who’s responsible for IP protection to smooth IP identification and classification, business process changes and user education initiatives.

The duties of the IP Risk Committee include:

  • Identify and assess threats, likelihood, likelihood of harm and potential damage.
  • Write IP confidentiality policies incorporating organizational principles & processes.
  • Implement safeguards to prevent unauthorized access, use or disclosure.
  • Manage response plans developed by committee member organizations.
  • Enforce policy with all parties, subject to security and confidentiality protocols.
  • Audit policy metrics to assess effectiveness, fix deficiencies and adjust to new threats.

Download my e-book that covers all the elements of a truly holistic program.

Read the full series:

  1. The Threats to Your Trade Secrets are Real
  2. Why Offshoring Complicates IP Protection
  3. Calculating the True Cost of IP Theft
  4. Make the Case for Investment in Ongoing IP Protection
  5. How to Form an IP Risk Committee
  6. 7 Elements of a Holistic IP Protection Plan
  7. Defining Intellectual Property
  8. Lock up your IP and Control Access to it
  9. Discover the Weaknesses in Your IP Security
  10. Improve Your Ability to Detect Cyber-Attacks

 

Larry Brock

5 Practical Tips to Protect Manufacturing Trade Secrets

Five key recommendations to help evaluate if your organization’s security program can protect your IP from cyber espionage attacks. 

Get the e-book today

Related Articles
Sinovel Fined $1.5M in IP Theft Case

Sinovel, a Chinese turbine manufacturer behind one of the decade's classic insider threat cases, was ordered to pay $1.5M by a federal judge last week for the theft of trade secrets.

Industry Spies Do Mess With Texas

Texas Fracking Companies Targeted in Industrial Espionage

Defining Intellectual Property

Seventh in a Series from Former DuPont CISO on Trade Secret Protection for Manufacturers

Larry Brock

Larry Brock (CISM) is the former global CISO at DuPont, a post he held for 11 years. He also served as CIO of DuPont’s Nylon Flooring business unit, as Information Security Officer in the U.S. Air Force and at the National Security Agency (NSA) for four years. Mr. Brock currently consults to companies helping them to improve their IP protection capabilities.

Please post your comments here