IP Risk Management: Process & System
IP Risk Mitigation
The focus should be on risk mitigation and not just of risk evaluation. Risk mitigation covers efforts taken to reduce either the probability or consequences of a threat. Risk mitigation efforts may range from physical measures to financial measures.
The obvious IP related risk is that a business may infringe the IP rights of a 3rd party. However, there may also be IP related risks associated with (among other things)
• Having too narrow a definition of IP, and ignoring potentially valuable IP assetsTo help readers conduct risk assessment in a structured manner, I suggest that there are a number of specific areas which need to be analysed when considering IP related risks, and from where IP related risks may originate...
• The IP terms and conditions in some development or commercial agreements with 3rd parties
• The publishing activities of the business
• Embracing open source software
• Being involved in certain interoperability standardisation activities
• Getting involved in some open innovation initiatives
• The use of subcontractors
• One's own IP out-licensing program
IP Risk Management Process
• The activities of entities within your company's own eco-system (suppliers, partners, distributors, customers)
• The activities of one's competitors
• The activities of other entities such as NPEs
• The activities of illegitimate entities such as hackers and counterfeiters
A process is an interrelated set of activities designed to transform inputs into outputs, which should accomplish your pre-defined business objectives. Processes produce an output of value, they very often span across organisational and functional boundaries and they exist whether you choose to document them or not.
A process can be seen as an agreement to do certain things in a certain way and the larger your organisation, the greater the need for agreements on ways of working. Processes are the memory of your organisation, and without them a lot of effort can be wasted by starting every procedure and process from scratch each time and possibly repeating the same mistakes.
At a very top level, the IP Risk Management process involves the following key phases:
• IdentificationIP Risk Mitigation Techniques
There are a variety of IP risk mitigation techniques available, but of course their effectiveness will vary from one business to another.
Some of the IP risk mitigation techniques are listed here, but this list if not exhaustive by any means …
• Leveraging technical cooperation with othersIt is important that a company builds up a good understanding and appreciation of the various IP solutions which exist, and if and when they should be deployed.
• Using Standards with fit for purpose IP policies
• Obtaining indemnities
• Participating in patent pools
• Licensing IP
• Designing around
• Finding prior art to invalidate 3rd party IP
• IP acquisition
• Taking out IP insurance
IP Risk Management System
“Good Risk Management fosters vigilance in times of calmand instils discipline in times of crisis.” Dr. Michael Ong
An IP Risk Management System is only part of the solution. I suggest that the components of a good IP risk management solution are as follows:
• IP and IP related Risk awareness and education
• IP Risk Management process
• IP Risk Management system / tool
• Data (IP related risks, actions, documents, reports)
• IP Risk Mitigation solutions
• IP Risk Management resourcing (people, budget)
• IP Risk Management governance
With Awareness and Governance being like the bookends, keeping everything else in proper order. That said, a good IP Risk Management System helps ensure that the process is an efficient and effective one. It can improve data integrity as well as better support how IP risks are articulated and reported.
IP Risk Management Tool
A Risk Management Tool is commonly used in business in such areas as project management and organisational risk assessments. It acts as a central repository for all risks identified and, for each risk, includes information such as risk probability, impact, counter-measures, and risk owner and so on. It can sometimes be referred to as a 'risk register' or 'risk log'.
An IP Risk Management Tool is no different and is an essential tool to be able to manage this particular risk area. It initially provides a way to articulate the various IP related risks in a very structured manner. It then acts as an important tool for the ongoing management of these IP risks.
Typically an IP Risk Management Tool should contain...
• A description of the IP related risk
• The impact should this event actually occur
• The probability of its occurrence
• Risk score (the multiplication of probability and impact)
• A summary of the planned response should the event occur
• A summary of the mitigation (the actions taken in advance to reduce the probability and/or impact of the event)
• Links to any associated documentation
In a "qualitative" risk tool descriptive terms are used: for example a risk might have a "High" impact and a "Medium" probability. In a "quantitative" risk tool the descriptions are enumerated: for example a risk might have a "$1 Million" impact and a "50%" probability.
A clever feature is to allow some calibration of the tool as different levels of impact and probability will differ from one company to another
Final thoughtsGraphics in this blogpost are all taken from the Alder IP Risk Management Tool
The skills needed to succeed with IP risk mitigation do not match exactly those needed to be successful with the other key IP processes, such as IP creation, IP portfolio management, IP exploitation and IP enforcement. The mind-set is just different for those charged with IP risk mitigation.
Who should be interested in IP Risk Management? Anyone…
• Operating in an IP litigious environment
• Coming up for exit or listing
• Anxious to get IP risk management under control
• Whose executive management team are demanding visibility of IP related risks
• Experiencing major business changes
• Facing a major IP risk and realising that they are unprepared
• Interested in proper governance of IP
“When dealing with people, remember you are not dealing with creatures of logic, but with creatures bristling with prejudice and motivated by pride and vanity.” ―Dale Carnegie
Readers might want to add some further bullet-points and observations of their own, providing an even more useful asset for anyone coming to the subject for the first time or seeking to improve an existing perspective on it.