IP Compliance Audits
(Author:Sophia Hou; Source: Rouse)
Doing business in China can be risky for IP owners – and risks to key IPR assets come not just from third party infringers, but also from the IP owner’s own suppliers or manufacturers. Companies engaging external suppliers or manufacturers should seek to reduce the risks inherent in the relationship by conducting an IP audit. An IP audit will raise the manufacturer or suppliers’ awareness of IP issues, and ensure that they have proper procedures in place – it will also help ensure that the IP owner’s own management procedures are as good as they should be.
Our IP Audit team has, over the years, conducted a wide range of audits. Below is a summary of the main issues involved.
What are the typical IP risks when dealing with manufacturers and suppliers in China?
Following are the broad categories of risk our clients frequently encounter.
- Risk of loss of confidential information and know-how, including design details. The manufacturer or supplier, or their personnel, may make unauthorised use of trade secrets, or leak them to competitors. This information may or may not be protected by registered IP rights.
- Misuse of tools and moulds or finished products. Manufacturers or suppliers, or their personnel, may make excess products or key components and on-sell them to third parties. Proprietary tools and moulds may also be rented or sold to other manufacturers to make identical products. These items may or may not be protected by registered IP rights.
- In 1 and 2 above, it is assumed that the relevant IP is owned by the customer. It may be, however, that the relevant IP is jointly owned, or that some of the relevant IP relates to products or components that have been developed by the manufacturer or supplier. In this situation, there is a risk is that the manufacturer or supplier does not actually own the IP it claims to own; or that it has registered, in its name, IP that properly belongs to the customer.
What does an IP audit involve?
The audit process may vary, but these are the steps that will generally be involved.
Phase 1: Understanding the background – reviewing existing agreements and control procedures
This step is fundamental – it forms the basis of the audit. All relevant IP and valuable know-how should be identified; all relevant contractual documents examined; and a clear understanding obtained of all relevant company procedures.
Phase 2: Visit to suppliers/factory premises
A visit to the manufacturer or supplier and its premises, and those of any sub-manufacturer or supplier, is made to assess first-hand the risks to tangible and intangible IP. This phase of the audit will generally involve:
1) Premises inspection
2) Staff Interviews
3) Physical security (this includes entry and exit security; CCTV monitoring; documentation filing and control; print-out control; samples control; mould/tooling control; camera control; mobile phone control etc)
4) Technical security (computer management)
5) Other e.g. working practices with sub-suppliers; training records; new and outgoing employee procedures.
Phase 3: Practical recommendations & remedial measures
At this stage, a report of our findings is prepared, highlighting any risks and making recommendations. We generally help the IP owner and the manufacturer or supplier form a task force which will be responsible for implementing the recommendations.
Phase 4: Follow-up
It is important to conduct a follow-up after a certain period of time to see if the recommendations are being implemented effectively and to make any necessary adjustments. This is an important step and one that should not be overlooked.
In appropriate situations, our in-house investigation team can be engaged to conduct covert checks on a manufacturer or supplier. This may include background checks on the company’s public records, its owners and affiliates and operating history, interviews with workers, or approaches under a business pretext to find out if an IP owner’s tangible or intangible IP is being offered to third parties.
Phase 5: Review and Training
An audit should not be treated as a one-off event – regular reviews are necessary to ensure ongoing awareness and compliance.
In relation to confidential information, it is often said that effective protection is 70% management and 30% technology. It is, therefore, very important that company employees are aware of the confidential information, its value, and how to protect it. Regular periodic presentations in relation to the identification and protection of the company’s confidential information should be scheduled. These should be held at least once a year and attendance should be mandatory. This will strengthen employees’ commitment and vigilance in relation to the protection of confidential information.
Appropriate training in relation to other forms of IP should also be regularly undertaken so that there is a high level of awareness among employees; both of the company’s IP and its value, and of the employee’s obligations in relation to it.
What does an IP audit achieve?
Manufacture or supply chain audits give both the IP owner and the manufacturer or supplier a clearer picture of the IP risks inherent in the relationship; and invariably they result in some improvements in IP management practices on both sides. Sometimes, particularly when the audit has been carried out as a result of problems with IP leakage, they result in significant changes to IP management and security processes.
Nevertheless, it is important to take a realistic approach to the level of control that an IP owner can achieve in its partnership with manufacturers and suppliers. We recognize that in complex, fast moving and interdependent supply chains, information needs to flow quickly in order for production to be orchestrated effectively – burdensome restrictions on the flow of information or goods can impede this. Effective IP audits will, therefore, be realistic, aiming to identify and reduce risk, not remove it altogether.
Often, the most important result of an audit will be the increased understanding among the supplier’s personnel of the importance that the customer places on its IP, and of the importance of compliance with all relevant procedures and processes.
(Courtesy: Rouse & Co, http://www.rouse.com/)