Five Tips for Protecting Your IP when Outsource

Download Five Tips for Protecting Your IP when Outsource

Post on 12-Apr-2017




4 download


<ul><li><p>5 TIPS FOR PROTECTING YOUR IP WHEN OUTSOURCE</p><p>The first step is to inventory the IP you plan to outsource. IP can take many forms (copyrights, trademarks, trade secrets and patents); it can be structured into databases, embedded in software code or written on a whiteboard in a conference room or event, just like your business ideas.</p><p>Identify what your IP consists of; where it is located; who controls it; who uses it; who enhances it; who secures it; how it is protected and how vulnerable it is to attacks.</p><p>Examine your IP licensing agreements those from you to others and from third-parties to you. Determine whether these agreements prohibit outsourcing the IP without the permission of your licensing partner or not.</p><p>1. KNOW WHAT YOU ARE OUTSOURCING</p><p>Country assessment: You must assess the legal environment in the jurisdiction where your offshore vendor is located. Determine whether the courts in that jurisdiction will provide you with legal protection and a remedy if something goes wrong.Company assessment: Evaluate the companys reputation and history in the following aspects:</p><p>Quality of services provided to their clients and partners;Number and competence of staff and managersFinancial stability of the company and commercial record;Employee retention rate;QualityQuality assurance and security management standards currently followed by the company (e.g. certified compliance with CMMi, ISO 9000 and ISO/IEC 27001, Scrum certificates);TTechnology partnerships and certificates of the company with leading technology companies (e.g. Are they a Microsoft partner, Oracle partner or Salesforce certified engineers?).</p><p>Criteria for selecting an outsourcer shall take into account the following: 2. CHOOSE THE RIGHT PARTNER</p><p>Before you start the relationship, a Nondisclosure agreement (NDA) between the two companies has to be signed. When you move to the contract phase, ensure your contract terms are covered:</p><p>Nondisclosure agreements and confidentiality contracts should be signed by all offshore employees assigned to your project. This ensures that employees will comply with agreed-upon standards of IP protection and privacy.</p><p>License and ownership of the work product</p><p>Confidentiality and Nondisclosure: definition of confidential information, ownership and disclosure of confidential information</p><p>Restriction on disclosure and use of confidential information</p><p>3. HAVE A LEGAL FRAMEWORK IN PLACE</p><p>Software outsourcing generally is all about people. Make sure that your contractors and consultants are subjected to background checks. Work with your offshore vendor to ensure that any employee who works in your project is background checked too. Such screening shall take into consideration the level of trust and responsibility associated with the position and (where permitted by local laws): </p><p>CCheck with your offshore partner if suitable information security awareness, training and education are provided to all employees, clarifying their responsibilities relating to your companys (if available) and vendors information security policies, standards, procedures and guidelines (e.g. privacy policy, acceptable use policy, procedure for reporting information security incidents etc.) and all relevant obligations defined in the contract.</p><p>Proof of the persons identity (e.g. ID card, passport);Proof of their academic qualifications (e.g. certificates); Proof of their work experience (e.g. resume/CV and references);Criminal record check;Credit check.</p><p>4. PERSONNEL SECURITY</p><p>You want to ensure that your offshore vendor has a suitable system in place to manage information security. An ISO globally recognized information security certificate such as ISO 27001 would be the standard, but if they do not have it below are some tips to protect your intellectual property. If the vendor is not certified yet, it is critical to recommend that your vendor implement the Information Security Management System (ISMS) that covers at least the following aspects:</p><p>5. INFORMATION SECURITY MANAGEMENT SYSTEM </p><p>Information classificationOwners and usersInformation inventoryInformation retrieval and destruction</p><p>DATA MANAGEMENT</p><p>Logical access controlPhysical access control to network and protected systems. Separation of each customers assets and VLAN from othersWorkstation security</p><p>ACCESS CONTROL</p><p>Ensure that the business continuity plan is comprehensively addressed by all the key elementsEnsure a vulnerability assessment is done regularly to identify security gaps and prepare action plans</p><p>BUSINESS CONTINUITY</p><p></p></li></ul>