Protect Your Intellectual Property (IP)
 
Contents:
 
  • Taking Responsibility for IP Protection
  • A New Approach to IP Protection
  • Rules for Classification and Control
  • Managed by IP Control Specialists
  • The Human Element
 
Taking Responsibility for IP Protection
 
Let’s look at it from the perspective of a large OEM who is the prime contractor on an aerospace and defense program. As the prime contractor, the OEM typically will engage with a number of other large organizations—known as Tier 1 suppliers—to handle major aspects of the program.
 
These engagements require the OEM to share detailed information about its products with its Tier 1 suppliers—some of whom might be competitors on other programs. That means the OEM must have a way of keeping detailed records on all of its IP to ensure that only the information necessary to fulfill the current contract—and nothing else—is passed to the Tier 1 suppliers and the need for protecting IP—like the supply chain—doesn’t stop at this level.
 
The Tier 1 suppliers have their own network of subcontractors with whom they must share sensitive product information, and the process continues until ultimately the OEM finds itself needing to keep track of information that’s traveling across a far flung network of contractors and suppliers spread out all over the globe.
 
Each time information moves down a level in the supply chain, the potential for IP theft or leakage grows, but the OEM’s responsibility for protecting its own IP never diminishes.
 
In an ideal world, each member of an extended supply chain would be fully committed to protecting IP—their own as well as their supply chain partners — and they would demonstrate that commitment by implementing proven tools and techniques for safeguarding that property.
 
As the brisk trafficking in black market goods proves, however, a lot of suppliers appear to have a vested interest in not protecting their supply chain partners’ IP. That means the larger companies—the OEMs and their top-tier suppliers—must assume that responsibility.
 
Currently, most companies that are attempting to protect IP are taking one of two approaches:
 
  • Manual, ad-hoc processes in which a small group of people in a document control department are assigned to track the usage and movement of data in much the same way books are checked out of and back into a library; or
  • IT-based processes that call for segregating data into multiple systems—often by location—and only giving certain individuals access to those systems.
 
Both approaches have major shortcomings. The first one offers no real IP protection, since manual processes are easily circumvented.
 
The second approach, in effect, puts the company’s IT staff in charge of controlling access to IP, rather than the people who actually use it and ultimately are responsible for its protection. This approach also makes it difficult for people to get information when they need it, which can stifle the type of free flowing collaboration that needs to take place within supply chains in order to design, develop and manufacture products in the timely, cost-effective manner that customers now demand. Managing IP in this manner also can lead to unnecessary IT costs, as multiple applications and the associated infrastructure continue to be maintained for the sole purpose of keeping data segregated.
 
A New Approach to IP Protection
 
Fortunately for manufacturers, another approach is now available—one that makes it easy to strike the right balance between the increasing need for seamless supply chain collaboration and the ongoing requirement for maintaining tight controls on IP.
 
This approach centers around the deployment of a next-generation Product Lifecycle Management (PLM) software platform that can federate data from multiple systems across an extended global supply chain, in effect creating a central repository for all data associated with a particular project or program regardless of where—or on what system—the data was created.
 
With this type of system in place, all requests for access to IP—no matter where they originate within the supply chain—are managed by this single system, which can determine within a matter of seconds whether any individual is authorized to access the information they are seeking.
 
A PLM platform is the perfect tool to support the twin goals of streamlining product development and protecting IP, because the PLM system is where product designs—which are the core piece of any company’s IP—are created. PLM systems also are increasingly being relied on as the primary platforms for sharing product design data with everyone involved in building, selling and servicing products.
 
For that reason alone it makes more sense for a PLM platform—as opposed to an ERP or supply chain management system—to take on the primary role of protecting the company’s IP. It becomes an even easier decision when the company can deploy a next-generation PLM platform like the ENOVIA® IP and Export Classification and Enforcement solution from Dassault Systems.
 
This system enables manufacturers to maintain strict control over data—while also ensuring that those who need specific pieces of information can get it without delay.
 
These functions are becoming increasingly critical as global economic pressures force manufacturers to constantly search for new methods of getting products to market faster at ever lower costs.
 
Rules for Classification and Control
 
Advances in communications and collaboration technology are making it easier for manufacturers to locate new business partners with innovative ideas for designing and building products, but those partners must be vetted carefully, particularly if they’re located in countries that don’t have strong IP protection laws. That’s why it’s important to have an IT system that enables the easy classification of both personnel and data. It simplifies the task of establishing— and enforcing—rules to ensure that no information ever makes it into the wrong hands.
 
These rules can come into play in a variety of processes common to all manufacturers, such as:
 
  • Collaborating with potential partners on requests for proposals;
  • Collaborating on new product designs;
  • Managing changes to existing designs; Transmitting manufacturing work instructions to contract manufacturers; or
  • Sharing engineering documents with MRO partners.
 
In any of these situations, an IP protection system should identify each person involved in a transaction according to one or more classifications—such as the location in which they normally work, the location from which they are attempting to access data at that moment, and the country or countries in which they hold citizenship. This type of information is vital to maintaining compliance with the U.S. government’s ITAR and EAR regulations, as well as the import-export rules of other governments.
 
Once an individual’s classification has been established, whenever they try to retrieve data from the system, it should run a check to determine if they are allowed to have access to the data they are requesting. Dassault Systémes’ ENOVIA IP and Export Classification and Enforcement system does this, and more. It also allows for establishing rules for what all individuals on a project are allowed to do with any data they retrieve.
 
For instance, some data may be restricted to only certain uses due to export control regulations, while other data may be subject to rules governing its disclosure to competitors or potential competitors. And finally, some information may only be accessible to people with the proper government-issued security clearance.
With a system like this in place, multinational project teams can collaborate effectively while obeying the export control regulations, commercial IP laws and security protocols of all countries involved. This is possible because even though the system federates data from across the supply chain, it also has the ability to compartmentalize and segregate data when necessary to keep it from being accessed by the wrong individuals.
 
The company that deploys the system—which is likely to be an OEM or top-tier contractor—establishes its own system for classifying both people and data, and then sets the rules for who is allowed access to specific pieces of data. Once the rules for managing and protecting data have been established within the ENOVIA IP and Export Classification and Enforcement solution those rules can be reused— and modified as needed—to fit the needs of future programs.
 
Managed by IP Control Specialists
 
The ENOVIA IP and Export Classification and Enforcement solution also is designed to be managed by people with job titles such as project manager, compliance officer or export control administrator rather than IT personnel. These are the people who specialize in making sure the company complies with all legal agreements, regulations and security protocols in every country in which it does business. Therefore, they are the most qualified to set rules for controlling IP, as well as managing the system that enforces those rules.
 
While the system is extremely diligent in protecting data, it also gives users the flexibility to set exceptions for access to data for individuals who have a legitimate reason for viewing data that is not typically linked to their specific classification. This can be the case, for instance, if two companies enter a new partnership and a non-disclosure agreement (NDA) suddenly grants one partner temporary access to data they had not been allowed to see when the original IP classification and export control rules were established.
 
The specific reason for making an exception to the regular data-access rules— whether it’s due to a special export license, an NDA, a technical assistance agreement, or any other circumstance—can be documented in the system. an audit trail also is created for each exception, giving compliance officers the ability to know—at all times, and with absolute certainty—whether anyone accessing data is following normal procedures or operating under an authorized exception to the normal procedures. This is not the case in companies that rely on the IT department to manage their IT protection systems. Those companies generally follow security rules designed for IT systems, not IP protection solutions.
 
With the ENOVIA IP and Export Classification and Enforcement solution, any exception to the original data-access rules also can be set to expire after a certain time period, ensuring that all data is being afforded the appropriate levels of protection at all times.
 
Industry best practices dictate that exceptions to data-access rules only be applied to situations that don’t involve bypassing a government security clearance. It’s one thing to grant an exception to an export control regulation or a non-disclosure agreement. But it’s completely different—and far more risky—to grant exceptions to rules designed to protect military secrets.
 
The ENOVIA IP and Export Classification and Enforcement solution comes with a pre-defined list of clearance levels from multiple countries and international organizations, such as the U.S. military, NATO, and more. That allows user companies to easily set the precise clearance level—military secret, top secret, etc.—that should be granted to each individual who will be using the system.
 
The Human Element
 
The system’s method of establishing standard security classes and exceptions— and basing them on things like NDAs between business partners or special export licenses granted to specific businesses—makes it easy to maintain a record of exactly who is accessing what data, even when normal rules are not being followed. This capability proves especially useful when a company needs to demonstrate its ability to protect IP to government auditors or potential new business partners.
 
Examples of the system’s audit capabilities include the ability to create a dynamic record of all data accessed by a given user. That record also can differentiate between access governed by normal rules and access governed by exceptions such as an NDA. It’s also possible to generate lists of users who are authorized—or not authorized—to access specific classes of data. These lists can be created in real time if the need to verify users’ credentials arises.
 
While the ENOVIA IP and Export Classification and Enforcement solution sets a new standard for IP protection technology, it’s important to note that even the best systems can’t perform their designated functions if people refuse to use them. That means companies must take time to educate their employees on the importance of protecting IP—as well as the importance of using the systems the company has invested in to do so.
 
The risk of having IP stolen or compromised is a huge issue for manufacturers, but one that can be managed with the proper amount of diligence from both an organizational and technology standpoint. With the right people, processes and systems in place, manufacturers can meet the challenges of doing business in the 21st century without fear of having their most valuable assets—the ideas that eventually become profitable products—stolen or devalued.
 
As a world leader in 3D and Product Lifecycle Management (PLM) solutions, Dassault Systèmes brings value to more than 130,000 customers in 80 countries. A pioneer in the 3D software market since 1981, Dassault Systèmes applications provide a 3D vision of the entire lifecycle of products from conception to maintenance to recycling. The Dassault Systèmes portfolio consists of CATIA for designing the virtual product - DELMIA for virtual production - SIMULIA for virtual testing - ENOVIA for global collaborative lifecycle management, EXALEAD for search-based applications- SolidWorks for 3D mechanical design and 3DVIA for online 3D lifelike experiences.