LES Standards Committee Charter Document

LES Standards Committee Charter Document

IP in Supply Chain Standards Committee

Draft Version 1.13

May 13, 2016

Scope

The IP in Supply Chain Standards Committee is focused on creating competitive advantage through the defining of: (1) the performance standards and business processes that define the management systems required to protect all types of intellectual property (IP) in the global supply chain – both upstream with suppliers and downstream with distributors, partners, agents and customers – and, (2) a methodology for evaluating and verifying the adequacy and/or maturity level of a company’s IP protection system.

The primary focus of the standard will be on the business processes, rather than legal and contractual methods, that make up an IP management and protection system in the end-to-end supply chain. The Committee may decide to do this in phases with an initial focus on third-party suppliers. However, in developing the standard, the committee will need to address the fact that in many cases one Multi-National Company (MNC) is in the supply chain of another MNC – in some cases as a supplier and a customer.

In addition, the committee will need to determine if the purpose of the Supply Chain Standard is best served by creating a pass/fail certification standard or more of a progressive verification program that assesses the maturity level of the company’s IP protection system. Both approaches can utilize independent third parties to conduct the audit or verification.

Work Products

The Committee envisions developing three primary components to implement the supply chain standards program:

1.  Standard Document detailing the specific requirements a company will need to meet in order to be “certified” or to achieve certain maturity levels. It is envisioned that the standard will consist of:

A.  Specific performance criteria to be met internally and by third parties;

B.  Management system requirements for internal operations and for working with third parties, which can be broken down into components addressing some or all of the following:

i.  Policies and Procedures

a.  Requirements for employees and third parties to comply with IP law, company IP policies, and IP related agreements, etc.

b.  Procedures to support implementation of IP related policies

ii. Records

a.  Maintenance of adequate and accurate records to verify implementation

iii.  Senior Management Commitment and Assigned Responsibilities

a.  Assigned responsibilities

b.  Authority for implementation

c.  Messaging from senior management to employees and third parties

iv.  Risk Assessment

a.  Identification and tracking of IP protection risks, both internally and externally

b.  Evaluation, ranking and prioritization of risks

v. Management of Third Parties

a.  Due diligence process for IP protection

b.  Communication of IP protection expectations to third parties

vi.  Contract Provisions and Due Diligence

a.  Adherence to legal requirements

b.  Requirement for IP protection program

c.  Protection against misuse of supplied and/or other third party IP

d.  Compliance with anti-competitiveness laws, including “tying” of transactions

vii.  Information Technology and Physical Security

a.  Procedures for protection of IP

b.  Levels of security for tangible, computerized, and physical information and assets

c.  Procedures for controlled access to IP

viii.  Monitoring

a.  Auditing protocol aligned with the IP protection standards, both internally and externally

b.  Assigned responsibilities

ix.  Corrective Action System

a.  Reporting and tracking of compliance issues

b.  Root cause corrective action system

c.  Authority for implementation into IP management system

x. Training and Awareness

a.  Employee awareness training

b.  Specialty training for personnel responsible for implementation of IP protection programs

c.  Targeted IP training for supply chain members

xi.  Continual Improvement

a.  Improvement plan for IP protection, management, and compliance

2.  “Certification” or “verification” program detailing who will conduct the certification audits or verifications and the criteria they will use. It is expected the program will follow ANSI guidelines.

3.  Guidance – this will be targeted to two audiences:

A.  Companies seeking certification/verification – practical information on developing the systems needed to meet the standard, as well as background on the performance standards;

B.  Auditors/assessors – guidance on how to audit to the IP protection standard and/or verify the maturity level.

Type of Standard

The type of standard developed will depend upon whether a pass/fail certification or a progressive maturity verification model is utilized.

If a pass/fail certification model is selected, it is envisioned that the standards will provide detailed, auditable requirements for performance criteria and management systems. Alternatively, if a progressive verification maturity model is selected, it is envisioned that the initial set of work products will provide guidelines for performance criteria and management systems and descriptions of tiered maturity levels.

Based on the high-level comparison of a pass/fail certification versus a maturity verification model presented below, the current recommendation of the committee is to pursue the maturity verification standard-type.

Feature / Pass / Fail Certification / Maturity Verification
Overview / Auditor determines if the applicant organization passes the audit and is issued a certificate or fails and is not / Auditor determines the maturity level of the applicant’s IP protection management system (example: scale of 1 – 5)
Typical information provided to the applicant / Audit report showing major non-conformances that may have prevented certification and/or minor non-conformances that need to be addressed / Verified score with observations that support the maturity score and recommended actions for improving IP protection maturity
Pros / ·  Certified organizations all meet the same standard / ·  Can promote transparency and encourage improvement by applicants
·  Creates a defined path to improvement
Cons / ·  Organizations can be discouraged from pursuing certification if they think they will not pass
·  Can promote deceptive practices to pass the audit and obtain certification / ·  Organizations can be discouraged from sharing low maturity scores

Based on the current recommendation of the committee to pursue the maturity verification standard-type, it is currently envisioned that the audit program will follow the ANSI guidelines for creating independent accreditation and certification bodies. As per the above, the audit or verification program is currently envisioned to serve as a framework for evaluating existing maturity levels and developing a roadmap for obtaining, as desired, higher maturity levels through enhancement of an organization’s IP protection program.

An IP protection maturity assessment model will be developed for use by both internal and third party auditors that will include a process guide for planning, conducting and evaluating the results of the assessment. It is envisioned that the independent third party auditors will be certified via completion of a prescribed course of study offered through LES or a third party appointed and qualified by LES and having demonstrated experience in auditing and assessing the effectiveness of business practices to protect and safeguard IP.

The maturity assessment model will serve as guidance for organizations to develop an IP protection program that identifies risk factors that could lead to loss of IP and for establishing defined criteria for varying levels of internal controls. A maturity rating scale will be utilized and guidelines for rating criteria will be included. The structured model will aid an organization in improving processes and satisfying customer requirements for IP protection.

Self-assessments will establish the IP protection maturity of an organization and provide a method for tracking enhancements through subsequent assessments. Verification audits conducted by an independent third party will explore assessment responses with the organization and review select artifacts to ascertain accuracy of the self-assessment. Updates may be made to more accurately represent compliance to and effectiveness against the IP protection assessment criteria. Results will be presented in a report summarizing the maturity level and opportunities for continued improvement.

Timeline

This section will be completed.

Steps / Date
Charter draft completed / February 20, 2015
Committee recruitment finalized
First draft of the standard published to the committee for review
Initial comments from the committee submitted to committee or subcommittee leadership for review
Second draft of the standard published to the committee for review
Final comments from the committee submitted to the committee or subcommittee leadership for review
Committee voting on the draft standard
Submission date to the LES USA & Canada board for review
Approval by the LES USA & Canada board to submit the draft standard to the general membership for comments
Publication of the draft standard to the general membership for comment
Submission of comments to the draft standard by the general membership complete
Review of general membership comments by the committee
Publication of general membership comments and the publication of the committee’s response
Submission of the final draft standard to the LES USA & Canada board for review and approval to publish the draft standard for general membership voting
Publication of the draft standard for general membership voting
Voting complete
Publication of the new LES standard

Structure of the Committee

The committees will have a chair, vice-chair, and secretary, which will be voted on and approved by the larger committee.

Committee Recruitment

The committee believes that it will be critical to have a diverse group of participants including strong representation from emerging market companies. Their input will be critical to developing a standard that is considered beneficial and pragmatic, thus leading to wider adoption.

Committee Leadership

Jeff Whittle, LES Board, Committee Sponsor,

Craig Moss, COO, CREATe, Committee Chair,

Robin Corwin, IP Manager, Rockwell Collins, Committee Co-Chair/Secretary,

Committee Members

Julie Aubrey, Manager of Subcontracts, Rockwell Collins,

Nicole Galli, Managing Partner, Law Offices of N.D. Galli LLC,

Carrie Jennings, Intellectual Asset Manager, Poet Research,

Paul Jones, Principal, Jones & Co.,

Matt Kiser, Senior Licensing Manager, DSM Licensing,

Howard Overdyk, Cyber Security Architect, Rockwell Collins,

© LES USA & CanadaPage 6