For software product companies,intellectual property is their key asset and a core business. Safeguarding and protecting your product ideas, artifacts and data from intentional and unintentional theft is crucial to business growth and survival. This becomes all the more important in an outsourcing scenario where you rely on an external partner for supporting your product development. This document describes the guidelines, processes and procedures one should look at in implementing IP protection with an external product engineering partner. Identification of all touch points and minimizing the risk associated with customer IP protection, by implementing appropriate procedures and access controls , becomes critical for a successful engagement with your product engineering partner.
IP Protection Strategy
A clearly defined strategy that covers all aspects of IP protection, starting with the initial contract with the vendor, is the key to addressing the concerns and enforcing a viable IP protection.
The IP protection strategy should cover all touch points where there is a possibility of intellectual property being leaked. It should cover not only the physical aspects but also sharing of information or communication and resource assigned to the engagement.
There are various industry standards available that provide a comprehensive framework for vendors in implementing customer IP protection processes. Find out which standard your vendor has implemented as part of the internal QMS procedures for customer IP protection. The most prevalent standard is BS7799 and many vendors have QMS procedures that are tailored to meet the standards and guidelines as stated in BS7799.
What is typically included as part of customer IP protection
This varies from engagement to engagement and depends on the type of outsourcing. In a software product engineering scenario, the following items are usually included:
- Access to physical location
- Network and Systems
- Product Artifacts (Both digital and physical)
- Manuals/Work Items/Deliverables
- Knowledge gained by the associates
The following section covers the key customer IP procedures/activities related to Customer IP protection.
Access to a Physical Location
Depending on the size and average number of resources on the engagement, a separate physical location can be identified and appropriate physical security procedures can be implemented. This includes controlled entry/exit with separate ID for access, logging all the entries, continuous monitoring by security personnel, and restrictions on carrying any physical items in and out of the physical location.
Networks and Systems
This covers all of the SW/HW/Networks and related equipment used for the engagement. Appropriate identity management procedures, firewalls/access , protocols/restrictions can be defined and implemented for controlling access to the network, workstations and other equipment. Internet access can be disabled/controlled and access to removable storage mediums like floppy, CD-ROM can be curtailed by removing the storage devices from the work stations.
Customer supplied products/documentation can be controlled via configuration management procedures along with work items/deliverables created during the engagement process. All of the hard copies can be version controlled and numbered for monitoring and control. As part of the project/QMS procedures , these items can be recalled and should be returned to the customer or destroyed during the phase completion/project windup activities as per the agreed criteria.
Knowledge/Information acquired on customer projects
For knowledge acquired by the associates on the proprietary processes and technology of the customer, the following procedures can be implemented to address customer IP protection:
- All of the associates working on the engagement should sign the non-disclosure and confidentiality agreement.
- Associates working on the customer engagement should be identified and disclosed to the customer before they start work on projects
Documenting Customer IP procedures
A vendor should submit a plan with all customer IP procedures the vendor is planning to implement for customer review approval and the same should be documented in the project plan.
Any anomaly between approved procedure and the actual implementation should be intimated to the customer along with appropriate actions to address the deviations
Adaequare is a pioneer in cutting edge Data, Product and Test Engineering Solutions. Established in 2001, Adaequare is a CMMi Level 3 Certified company and has global presence across 3 different locations. Our thrust to be creative is our key to success in this contemporary world.
Data drives Performance! At Adaequare, we are committed to deliver state-of-the-art business solutions through engineering excellence. We enable organizations to improve business performance and realize higher returns on investments through the potential of our business solutions. With innovative, data-driven services and products, we ensure that our customers stay ahead of their competitors through rapid and effective decision making.
Our Data, Product and Engineering capabilities, along with our expertise and experience help organizations improve their business processes continually. We deliver value with cost-effective, high value-based and quality solutions that can precisely address your business challenges
Adaequare means ‘equal to requirement’ and it signifies our focus on providing precise, cost-effective solutions with outstanding quality. We deliver what it takes to turn your ideas into value – to your customers and employees alike!
Get in touch
For more details about our services and solutions, contact us now