Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module P6 Principle 6: Establish and Maintain a Management Process for Intellectual Property, Proprietary Information, and Competition-Sensitive Data Learning.

Published byEmily Cox Modified over 6 years ago

Similar presentations

Presentation on theme: "Module P6 Principle 6: Establish and Maintain a Management Process for Intellectual Property, Proprietary Information, and Competition-Sensitive Data Learning."— Presentation transcript:

1 Module P6 Principle 6: Establish and Maintain a Management Process for Intellectual Property, Proprietary Information, and Competition-Sensitive Data Learning Objectives Understand DM roles and responsibilities for IP access and security Understand the various types of IP Presentation: Pop ups with voice over Explanatory Material: This module addresses the issues and responsibilities of managing intellectual property. Learning objectives: In this module, the student will learn to understand Data Management roles and responsibilities for intellectual property and security methods as well as understand the various types of intellectual property and their respective sources. References: GEIA-859, Principle 6 GEIA-HB-859, Appendix B

2 Module P6 Principle 6: Establish and Maintain a Management Process for Intellectual Property, Proprietary Information, and Competition-Sensitive Data Learning Outcomes: Apply security and access rules to all types of IP Apply IP negotiations to data rights for all contributors (internal and external) for deliverable data Presentation: Pop ups with voice over Explanatory materials: The learning outcomes for the student include the ability to: Apply security and access rules to all types of IP Apply IP negotiations to data rights for all contributors for deliverable data References: GEIA-859, Principle 6 GEIA-HB-859, Appendix B

3 Intellectual Property
Principle 6: Establish and Maintain a Management Process for Intellectual Property, Proprietary Information, and Competition-Sensitive Data Intellectual Property Comprised of real but intangible assets Patents Copyrights Trademarks Trade secrets Provides competitive positions Contributes to financial success Presentation: Text can be voice over, with graphic boxes automated to add through the voice material Explanatory Material: Paraphrased from GEIA-HB-859: Having an understanding of intellectual property concepts provides a basis for protecting an enterprise’s valuable knowledge assets, assets that have commercial (monetary) value. These assets are in the form of ideas and expressions of ideas. An idea must be implemented into the design of a product that competes in the marketplace, usually with similar products, for the idea to have commercial value. The key to understanding IP is the identification process leading to its protection. The key to protection IP is in marking for retrieval and storage. Most of us understand that personal property is something one owns. Intangible property can also have ownership and this is based upon who discovered an idea and who funded the discovery. In most industry companies, individuals are paid to make discoveries that are owned by the company funding the research. The ownership of these ideas is limited to a specific timeframe as defined in law. After the time runs out, the legal ownership expires, and the idea goes into the public domain and is no longer owned by the inventor. Ownership is defined in terms of rights, the right to use the idea and the right to sell it for profit. For the government sector, rights in technical data are embodies in the Federal Acquisition Regulation (FAR). For the industry sector (defense and commercial) rights are found in patent, copyright and trade secret law. Paraphrased from ANSI/GEIA-859: Patents, copyrights, trademarks and trade secrets are some of the intangible assets that comprise Intellectual property (IP). These IP assets are at the center of an enterprise’s competitive position and ultimately contribute to financial success. Protection of these assets is necessary to maintain competitiveness. In many cases, it is necessary to comply with legal obligations to trading partners, including suppliers and customers. Since IP assets come from a variety of sources, suppliers, subcontractors, and trading partners, as well as internally developed items, the related data is identified and tracked for protection based on data rights. From a process standpoint, protection of classified data and protection of intellectual property are more alike than different, in that they both have stringent controls for management, storage and access to data. Here the emphasis is on intellectual property. The rules for management of classified data can be found in agency-specific government documents. References: ANSI/GEIA-859, Section 6. GEIA-HB-859, Appendix B

4 Rights In Data recognized by FAR:
Principle 6: Establish and Maintain a Management Process for Intellectual Property, Proprietary Information, and Competition-Sensitive Data Rights In Data recognized by FAR: Marked with data rights Limited Restricted Government Purpose License Rights Etc. Contract specific and negotiated based on IP type and source Presentation: Text can be voice over, with graphic boxes automated to add through the voice material Explanatory Material: Paraphrased from GEIA-HB-859: The federal sector acknowledges industry IP rights, which are grouped as proprietary information and marked with data rights legends, the most common being “limited,” “restricted,” and “government purpose license rights.” The responsibility of personnel performing the Data Management function is to ensure that all data is properly marked and protected according to the type and ownership of IP. This may include participation in contract negotiations with customers and suppliers to support both the customer need and the supplier’s protection. References: ANSI/GEIA-859, Section 6. GEIA-HB-859, Appendix B.

5 Principle 6: Establish and Maintain a Management Process for Intellectual Property, Proprietary Information, and Competition-Sensitive Data Presentation: Voice over, pop-ups, video, graphic, etc Explanatory Material: Paraphrased from ANSI/GEIA-859 and GEIA-HB-859: How IP is managed is determined by the rights obtained from the provider through documented agreements, such as statements of work, license agreements, and contract negotiations. These documents also define the limitations, obligations and requirements for sharing the information to a third party. Information available to the general public, such as general business information, information to be used only within the enterprise, information developed by the enterprise that has monetary value, and enterprise-developed information that has been officially registered with a legal authority, are all examples of intellectual property. Competition sensitive data is that information which might be construed as providing an enterprise advantage within industry, such as best practices, proposal information, and tools implementations. Enterprise policies for management of IP provide a standardized way to type, mark, and identify the information; control and track ownership; manage rights to use and sell; control access; distribute; and dispose of IP within the enterprise. Management of IP requires the following: Identify items that need to be protected and tracked. Store items in a protected environment or repository with limited access. Control access to and distribution of data dependent on data type and source. Provide security as required by agreements and legal obligations. Transfers of IP should take place under stipulated conditions and be carefully controlled to protect the rights of the data originators and owners. Regardless of the type or source of IP, it should be managed as an asset of the enterprise. Failure to successfully manage IP can have personal, enterprise, national, and international implications. References: ANSI/GEIA-859, Section 6.1, Principle 4, Principle 5 and Principle 7

6 6.1 Enabler: Establish and Maintain a Process for Data Access and Distribution
Presentation: Voice over, pop-ups, video, graphic, etc. Explanatory Material: Paraphrased from ANSI/GEIA-859: A method for managing data access and distribution needs to be in place to effectively manage IP. The access to and distribution of data are critical to the protection of data rights. The process to support Enabler 6-1 is delineated in this figure. As the details of this process are discussed, keep in mind that in a manual environment, IP may be managed through limited access facilities such as locked files or areas. In an electronic environment, electronic methods such as organizational and role-based access control are generally required to limit the electronic access to data. When enterprise policies and procedures do not exist, the access constraints for the various types and varieties of data enterprise should be documented. Once this process is defined, it can be applied to all sources of data at all levels of the enterprise. References: ANSI/GEIA-859, Section 6.1 GEIA-HB-859, Appendix B

7 6.1 Enabler: Establish and Maintain a Process for Data Access and Distribution
Evaluate rights to data Enterprise developed – review IP types Supplier provided – review documented agreements Customer requested - review contract requirements Identify distribution requirements Contractually required Business needs Collaborative environments Presentation: Voice over, pop-ups, video, graphic, etc. Explanatory material: Paraphrased from ANSI/GEIA-859: Evaluating rights to data is a multi-dimensional process, which may involve several types and sources of data. Data that is developed within the enterprise may be identified as registered or unregistered intellectual property. If a supplier has ownership of the data needed, an evaluation must be performed and a determination must regarding what rights are appropriate for the potential users. For example, software is purchased from a supplier for development of a product. As part of that purchase, a license agreement is issued. Within that license agreement are terms and conditions for the use of the software you purchased. Use of the software beyond the terms of the license agreement is illegal. Therefore, while the software may be used to develop software in house, it may not be licensed for delivery to a customer. If the product developed contains drivers or software libraries from the purchased software, negotiations will need to take place for the rights to deliver those items to a customer. Review documented agreements to verify that access rights support the intended use by the enterprise. Contract negotiations, subcontract negotiations, licensing agreements, royalty payments, and similar legal documentation define the rights to data. If access is authorized through a documented agreement, verify the type of data needed by the user, as well as the distribution method and access level required to support the user’s needs. Distribution requirements usually differ from project to project. Identifying the requirements of the users, both internal and external, at the beginning of the project will provide the information needed to establish a distribution system. This distribution system can take many forms, from actual delivery of hard copy data, to electronic access of PDM or portal systems with automatic notification. The distribution methods can be extremely simple or very complex. At any rate, to establish the appropriate system for the project, requirements are gathered and compiled, and then compared against the rights to data to ensure that all activities and distribution/access are appropriately established. Reference: ANSI/GEIA-859, Section 6.1, Principle 7. GEIA-HB-859, Appendix B

8 6.1 Enabler: Establish and Maintain a Process for Data Access and Distribution
Define Access Requirements Verify requirements Enterprise User Validate security process and procedures Protection of IP data Presentation: Voice over, pop-ups, video, graphic, etc. Explanatory material: Paraphrased from ANSI/GEIA-859: If rights to data are not apparent or have not been authorized, evaluate data to determine the currency of the business need within the enterprise. Items no longer current or needed should be disposed of in accordance with the enterprise or department retention schedules and authorization for the intended use. If access is authorized through a documented agreement, verify the type of data needed by the user, as well as the distribution method and access level required to support the user’s needs. When interchange data environments are required or used, define the levels of and definitions for access rights and establish the mechanism for authorizing that access. Reference: ANSI/GEIA-859, Section 6.1, Principle 7. GEIA-HB-859, Appendix B

9 6.1 Enabler: Establish and Maintain a Process for Data Access and Distribution
Grant user read/write access Appropriate to user need Within the scope of data rights Establish a distribution process Auditable and current Presentation: Voice over, pop-ups, video, graphic, etc. Explanatory material: Paraphrased from ANSI/GEIA-859: The next step in the process is to extablish the user accounts and level of access appropriate to the user needs and the scope of data rights granted. Internal and external users should only be granted access to the level of access appropriate to their role. Engineering should have the ability to view and edit data that is in development for those items for which they have responsibility or a need for review. Customers should have review access to data defined by their need for oversight. One customer does not have a requirement to access another customer’s data. Likewise two suppliers should not have access to each others data, even in a collaborative environment unless the proper agreements are in place. The enterprise should ensure that the owner of the data (an organization or individual representative) has authorized or validated the user’s need for access. Maintain records of access rights granted, distribution methods, and account authorizations for verification and validation purposes. These records should be reviewed regularly to ensure that data remains secure and access rights are current. Failure to provide this assurance that users are granted appropriate access and the currency of that access could jeopardize the legal position of the enterprise in the case of a government audit or law suit. Before data is distributed, the enterprise should validate that the information is approved or authorized for use. If not authorized, the data should be evaluated to determine the reasons. Data is distributed or used only after authorization by a review authority. If authorized, the data should be distributed in accordance with the defined process and the user rights. This distribution may be performed manually, through , by means of an electronic interchange data environment, or any other method that meets the requirements of the process. Reference: ANSI/GEIA-859, Section 6.1, Principle 7 GEIA-HB-859, Appendix B

10 6.1 Enabler: Establish and Maintain a Process for Data Access and Distribution
Ensure Entitlement to Access and Use of Data Is Validated and Documented by the Proper Authority Agreements validate legal rights, authorities and responsibilities Presentation: Voice over, pop-ups, graphics, etc. Explanatory Materials: use Paraphrased from ANSI/GEIA-859: Data is not distributed or used until the legal right to do so has been verified. It is particularly important to review contractual requirements and legal rights and responsibilities before providing access or distribution of data to trading partners, subcontractors, suppliers, and customers. Audit activities will validate the security of the data and should be performed periodically to eliminate the possibility of enterprise and individual monetary fines or penalties for allowing unauthorized use. An audit can address the following items: IP is properly identified by type and source. IP is properly marked and tracked. Patents exist where appropriate. Copyrights are registered where appropriate. IP rights granted are current and followed. Import and export evidence exists where appropriate. IP user access rights are reviewed. IP distribution is reviewed. IP disposition schedules and methods are followed. Disposition of data or information is handled in accordance with Principle 7. References: ANSI/GEIA-859, Section 6.1.2, Principle 7 GEIA-HB-859, Appendix B

11 6.2 Enabler: Establish and Maintain an Identification Process for IP, Proprietary Information, and Competition-Sensitive Data Presentation: Voice over, pop-ups, graphics, etc. Explanatory material: Paraphrased from ANSI/GEIA-859: This diagram depicts the process to support enablers 6.2 and At the enterprise level, documented policies define the process for distinguishing IP from other data and managing it. A process should be used to determine the data requirements for development of the product. When products contain customer deliverable information, an evaluation occurs regarding IP and the legal responsibility to protect it. Negotiations must occur with potential suppliers to establish an agreement to use or resell the data. The documented outcome of those negotiations forms the basis for what can legally be contracted to another party. When a customer (potential or contracted) requests the delivery of data where legal rights for delivery of the data to a third party do not exist, resolution needs to be reached between the interested parties through negotiations. Even if data is not contractually deliverable, it must be identified and secured to protect the rights of the provider. The enterprise is responsible for the evaluation of the obligations and legal responsibility for data protection. Reference: ANSI/GEIA-859, Section 6.2

12 6.2 Enabler: Establish and Maintain an Identification Process for IP, Proprietary Information, and Competition-Sensitive Data Distinguish Contractually Deliverable Data Review of all agreements and associated documentation Establish and Maintain Identification Methods Enterprise policies Additional identification attributes to identify intellectual property Presentation: Voice over, pop-ups, graphics, etc. Explanatory Material: Reviews of contractual documentation and other agreements provide a basis for the identification of contractually deliverable data. While many government contracting agencies still use CDRL/SDRL formats such as the DD 1423 form, other agencies and companies embed the requirements for deliverables inside other contract documents. Reviews of Statements of work, all contracting clauses, Performance Specifications and all associated attachments may uncover some requirements that would not have been found otherwise. One example may be a contract with no clear requirement for method of delivery for CDRLs listed on DD 1423 forms, but with an obscure requirement within other contract documentation that identified the need for a collaborative environment to be established for CDRL delivery within 30 days of contract award. Enterprise identification processes and methods should exist that address contractual data as well as other data within the enterprise. Unique identifiers are used to identify data and data requirements, as delineated in Principle 4. At the project level, the identification methods should be documented if they deviate from an enterprise policy or if an enterprise policy does not exist. This includes an additional layer of identification for IP to ensure data is managed in accordance with IP policies and legal obligations. Data generated internally can be typed for protection and easily identified. Internally developed and funded data should be evaluated by the enterprise to determine if a patent, trademark, or copyright is feasible in the business environment. In the United States, patents and trademarks are registered with the U.S. Patent and Trademark Office ( Copyrights are automatic, but in some instances (e.g., protection of data rights in a global market), it is advantageous to register a copyright with the U.S. Copyright Office ( Review data obtained from an external source to determine if it is registered IP. Verify documented rights prior to use to ensure that the data is appropriately protected. An enterprise policy or process for import and export control should address the legal obligations for importing and exporting data outside the country of origin. Data should be reviewed before export to ensure compliance with enterprise processes and legal obligations. Additional information about and assistance with U.S. policies can be obtained through the Bureau of Export Administration, U.S. Department of Commerce ( Principles 4 and 5 address identification and control of data. However, additional elements of metadata need to be tracked for IP. Tracking mechanisms and evidence are fundamental for the following items: Distribution is appropriate to rights granted. Appropriate maintenance of data is possible. Configuration status of IP is maintained. Import and export forms are maintained. Licensed quantities and locations are tracked. Appropriate rights are negotiated or granted for updated items. Distribution (list of names, addresses, restrictions, etc.) is appropriate to rights granted. Once identified, IP should be marked appropriate to its type or variety. Proprietary information or IP provided to the U.S. government is marked using government notices or legends. Disclosure of proprietary information in any other context requires an agreement establishing the limits on disclosure. Such an agreement restricts the use and disclosure of the information being shared. If the information is provided to a non-U.S. citizen, export control requirements need to be satisfied prior to disclosure. This includes printed, electronic, or verbal disclosure of information. References: ANSI/GEIA-859 Section 6.2.1, Principle 4, Principle 5 GEIA-HB-859, Appendix B

13 6.3 Enabler: Establish and Maintain an Effective Data Control Process
Establish and Maintain Control Methods Intellectual Property attributes Change impacts for IP Establish Mechanisms for Tracking and Determining Status of Data Rights in data status Retention requirements/status Presentation: Voice over, pop-ups, graphics, etc. Explanatory Material: Paraphrased from ANSI/GEIA-859: Within the enterprise, processes should exist for data control methods that ensure changes to data are reviewed and authorized by the appropriate personnel and results are provided on a need-to-know basis. See Principle 5 for details of the change process. Control methods may be different based on owners and use of data and include appropriate approval mechanisms and updated documented agreements for data rights. This provides another layer of IP control to ensure that the data is handled in accordance with IP policies and legal obligations. Internally developed and funded data should be evaluated to assess the impact of the change on a patent, trademark, or copyright. If appropriate, patents and trademarks should be reregistered with the U.S. Patent and Trademark Office and copyrights should be reregistered with the U.S. Copyright Office. When IP data changes, the enterprise should review documented agreements to assess the impact of the change. Areas of particular concern exist where the right to use the updated item is not part of the original agreement. In those instances, new agreements must be negotiated. Review and disposition methods for IP changes should be established based on the business needs. Methods for tracking IP continues when changes occur. The ability to trace users of IP data assists in determining the distribution for approved updates. As with other IP issues, changes need to be tracked and the data rights reviewed before distribution. At some point, rights to data expire or are no longer of value to the enterprise. If there is an enterprise retention policy, or a legal obligation to maintain the data, the enterprise should retain the IP information, including the documented agreements that define the data rights. Principle 7 provides guidelines for data retention and storage. Reference: ANSI/GEIA-859, Section 6.3, Principle 5, Principle 7. GEIA-HB-859, Appendix B

14 Quiz Questions – P6 The key to understanding Intellectual Property data is the identification process leading to protection. True or false? Security and access in an integrated environment is a data management task. True or false Intellectual property protection applies to which of the following data: a. Patents, copyrights, trademarks and trade secrets b. Supplier, subcontractor, trading partner data c. Financial and administrative data d. A and B e. A and C f. All of the above

15 Quiz Questions – P6 IP can only be obtained from internally developed data. True or false? Data is distributed or used when? a. As soon as it is received b. After validation and authorization by a review authority c. Once a delivery method is established d. All of the above The key to protecting Intellectual Property is marking for retrieval and storage.

16 Quiz Questions – P6 At the _____________level, policies are documented to define the process for distinguishing IP from other data and managing it. a. Enterprise b. Project level c. Department level d. All of the above e. None of the above Changes made to data do not impact documented agreements for data rights. True or False.

Download ppt "Module P6 Principle 6: Establish and Maintain a Management Process for Intellectual Property, Proprietary Information, and Competition-Sensitive Data Learning."

Similar presentations

Collaborative Intellectual Property

Collaborative Intellectual Property
Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.

Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.
INTELLECTUAL PROPERTY

INTELLECTUAL PROPERTY
Chapter 7: Key Process Areas for Level 2: Repeatable - Arvind Kabir Yateesh.

Chapter 7: Key Process Areas for Level 2: Repeatable - Arvind Kabir Yateesh.
More CMM Part Two : Details.

More CMM Part Two : Details.
Congress and Contractor Personal Conflicts of Interest May 21, 2008 Jon Etherton Etherton and Associates, Inc.

Congress and Contractor Personal Conflicts of Interest May 21, 2008 Jon Etherton Etherton and Associates, Inc.
Air Force Materiel Command I n t e g r i t y - S e r v i c e - E x c e l l e n c e Developing, Fielding, and Sustaining America’s Aerospace Force INTELLECTUAL.

Air Force Materiel Command I n t e g r i t y - S e r v i c e - E x c e l l e n c e Developing, Fielding, and Sustaining America’s Aerospace Force INTELLECTUAL.
Office of Business Development Training

Office of Business Development Training
INTERNET and CODE OF CONDUCT

INTERNET and CODE OF CONDUCT
Security Policies Group 1 - Week 8 policy for use of technology.

Security Policies Group 1 - Week 8 policy for use of technology.
Software Configuration Management

Software Configuration Management
Know More. Do More. Spend Less. January 24, 2006 Monica Loomis, Senior Sales Consultant Oracle Contract Management.

Know More. Do More. Spend Less. January 24, 2006 Monica Loomis, Senior Sales Consultant Oracle Contract Management.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Information Asset Classification

Information Asset Classification
Introduction to Software Quality Assurance (SQA)

Introduction to Software Quality Assurance (SQA)
G17: Recordkeeping for Business Activities Carried out by Contractors Patrick Power, Manager Government Recordkeeping Programme Archives New Zealand.

G17: Recordkeeping for Business Activities Carried out by Contractors Patrick Power, Manager Government Recordkeeping Programme Archives New Zealand.
Information Systems Security Computer System Life Cycle Security.

Information Systems Security Computer System Life Cycle Security.
2011 Industry Sponsored Research Workshop INTELLECTUAL PROPERTY Michael Jaremchuk Associate Director CVIP Phone: 577-6121 FAX: 545-3632

2011 Industry Sponsored Research Workshop INTELLECTUAL PROPERTY Michael Jaremchuk Associate Director CVIP Phone: FAX:
UARC Intellectual Property Management Burney Le Boeuf Director, Aligned Research Program of UARC Professor Emeritus UC Santa Cruz November 12, 2009.

UARC Intellectual Property Management Burney Le Boeuf Director, Aligned Research Program of UARC Professor Emeritus UC Santa Cruz November 12, 2009.
SENG521 (Fall SENG 521 Software Reliability & Testing Software Product & process Improvement using ISO 9000-3 (Part 3d) Department.

SENG521 (Fall SENG 521 Software Reliability & Testing Software Product & process Improvement using ISO (Part 3d) Department.

Similar presentations

Ads by Google