How to form an IP Risk Committee
Fifth in a Series from Former DuPont CISO on Trade Secret Protection for Manufacturers
Based on the common experience of Digital Guardian’s manufacturing industry customers, we’ve come up with some key intellectual property protection tips that provide some guidance to follow. These are practical recommendations will help you evaluate if your organization’s current IP defenses are sufficient.
The best IP protection programs take a holistic approach, where senior leadership takes ownership but everyone in the organization and the extended enterprise has an equal stake in its success. The governance structure of IP protection programs when done correctly is hierarchical as well as cross-functional. Your IP protection framework must establish high-level responsibility to organize and manage risks, objectives, and reporting.
The CEO retains ownership, remains routinely engaged, reviews the program periodically and helps drive a successful effort across the organization and beyond.
The Company’s Governance Team – which typically includes function leaders from IT, Risk & Audit, HR, Legal and key business units – can help support the program by influencing their executive peers, eliminating barriers to success, recommending and approving data protection policy.
The IP Protection Program Leader can be from corporate IT (e.g. CIO), information security (CISO) or corporate security (CSO). This program leader heads a collaborative cross-functional IP Risk Committee.
The IP Risk Committee includes the executives above, plus the company’s compliance lead and duly appointed IP protection leaders from select functional areas such as R&D, Engineering or Operations. In addition, every business line should appoint someone who’s responsible for IP protection to smooth IP identification and classification, business process changes and user education initiatives.
The duties of the IP Risk Committee include:
- Identify and assess threats, likelihood, likelihood of harm and potential damage.
- Write IP confidentiality policies incorporating organizational principles & processes.
- Implement safeguards to prevent unauthorized access, use or disclosure.
- Manage response plans developed by committee member organizations.
- Enforce policy with all parties, subject to security and confidentiality protocols.
- Audit policy metrics to assess effectiveness, fix deficiencies and adjust to new threats.
Download my e-book that covers all the elements of a truly holistic program.
Read the full series:
- The Threats to Your Trade Secrets are Real
- Why Offshoring Complicates IP Protection
- Calculating the True Cost of IP Theft
- Make the Case for Investment in Ongoing IP Protection
- How to Form an IP Risk Committee
- 7 Elements of a Holistic IP Protection Plan
- Defining Intellectual Property
- Lock up your IP and Control Access to it
- Discover the Weaknesses in Your IP Security
- Improve Your Ability to Detect Cyber-Attacks