After determining the threats to the innovation, analysis is conducted to determine the susceptibility and vulnerably of the innovation. This information allows your organization to tailor protection strategies for the identified innovation specifically to the threat. Protection must be afforded to information, materials, and / or processes that would allow a competitor to replicate or steal your innovation. Once innovation requiring protection is identified, a cost benefit analysis must be conducted to weigh the benefits of protection against innovation loss.
Protection must be implemented in a systematic manner. For example, if the innovation provides or will provide you an economic advantage you may designate it a Trade Secret. According to the Trade Secrets Act, designation is not enough, but reasonable steps must also be taken to ensure the informations secrecy. To be enforceable in court in the event of theft, the information must be properly safeguarded is the bottom line. This includes steps such as proper labeling and storage and perhaps even measures such as encryption for the data at rest or on the organizational networks.
When establishing an IPP, substantial savings in terms of cost, schedule and performance will be gained by researching and applying the lessons learned from Federal Agencies such as the Department of Defense (DoD) and the National Aeronautics and Space Administration (NASA) which have established programs to protect innovation from theft and unauthorized disclosure.
Within the DoD, the IPP is termed Research and Technology Protection (RTP), with the innovations requiring protection termed Critical Program Information (CPI). Whereas within NASA, the IPP is called Technology Protection, with the innovation requiring protection termed Mission Critical Information (MCI). Both programs identify the research or technology (innovations) that competitors could not replicate without stealing the information or investing heavily in their own independent research and development.
Likewise, your IPP must be tailored to your organization. Simply replicating an IPP from another organization is not a viable option. Establishing and implementing a truly effective IPP requires that it be uniquely tailored to meet your specific organization. Business areas, product lines, competitors, corporate culture, regulatory requirements, mission and vision, and stakeholder priorities are unique to each organization. These factors will shape the overall design and implementation of an effective IPP. ##
Ryan Averbeck is a Program Manager for NASA's Technology Protection Program and is currently completing his PhD dissertation in computer and information security at Northcentral University. Gregory A. Gaddy, Ph.D., is a Program Manager for several US Army Technology Protection Programs and is part of the NASA Technology Protection team.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.