Criterion: Intellectual Property
Requirements for protecting intellectual property rights and confidential information
Full Description
D3. Intellectual Property
Code 7.0
Intellectual property rights are to be respected; transfer of technology and know-how is to be done in a manner that protects intellectual property rights and customer and supplier information is to be safeguarded.
Elements to Demonstrate Compliance to RBA Code
1. Policy
Ensure facility ethics and/or intellectual property protection policy includes the following elements:
- a. Information received from suppliers and customers as part of the contracting process is protected.
- b. IP and IP ownership are protected.
- c. IT measures and guidelines about the handling, distribution/dissemination of information to protect information from suppliers and customers and IP.
2. Procedures & Practices
Procedures & Practices are in place such that:
- a. Adequate and effective process and administrative control IT measures for access to IT systems and IP.
- b. Protection agreements (NDA, confidentiality…) are in place for:
- i. Employees
- ii. Workers
- iii. Suppliers
- iv. Customers
3. Controls & Monitoring
Controls & Monitoring should include:
- a. There are procedures in place to review intellectual property ownership and to ensure intellectual property rights are upheld and respected (their own and that of their customers).
4. Serious conditions that will result in a severe finding
- IP is not protected.
Profiles using this criterion
RBA Assessment Program
- VAP Full Assessment | 8.0.0
- VAP Full Assessment | 7.1.2
Conformity Alignment
Priority
Pass: No
Definition: "Critical non-conformance requiring immediate action"
Remediation: 30 days
Major
Pass: No
Definition: "Significant non-conformance requiring corrective action"
Remediation: 90 days
Minor
Pass: Yes
Definition: "Non-conformance with limited impact"
Conditions: Corrective action plan required
Remediation: 180 days
Opportunity
Pass: Yes
Definition: "Opportunity for improvement identified"
Conformance
Pass: Yes
Definition: "Full conformance with criterion requirements"
Related Criterion
VAP: Privacy
Relationship: Related
Protection of confidential information
VAP: Business Integrity and No Improper Advantage
Relationship: Related
Ethical handling of sensitive business information
VAP: Ethics Management System
Relationship: Parent
Management system for ethics practices
VAP: Supplier Responsibility
Relationship: Related
Supplier IP protection requirements
Change Log
2.0.0 (2022-06-01)
Changed
- New 'IP is not protected' Priority trigger; NDA scope expanded to suppliers and customers: The provision was renumbered D4 -> D3 (cosmetic). Two changes can flip a 7.0.0 pass to a fail. A new Priority/severe-finding trigger 'IP is not protected' was added (7.0.0 had no IP-related fail outcome). The mandatory protection-agreement (NDA/confidentiality) scope was expanded from 'workers and management' to Employees, Workers, Suppliers, and Customers; a facility with NDAs only for workers/management passed 7.0.0 but fails the new supplier/customer requirement. Offsetting loosenings exist (the trigger dropped 'identified risk or'; Major/Minor rating bands genericised to 'See finding severity definition'), but the net direction is breaking.
1.0.0 (2021-01-01)
Changed
- Initial historical baseline — Intellectual Property (RBA Code of Conduct 7.0, criterion D4): Earliest imported version, published as criterion D4 in VAP 7.0.0. Required an adequate and effective policy/program to protect information received from suppliers and customers and to protect IP ownership; IT guidelines on information distribution/dissemination; non-disclosure agreements for workers and management; and procedures to identify and protect IP, notify customers/suppliers of violations, and investigate unauthorized disclosures. No IP-related Priority/severe finding existed; the rating was Major ('No detailed and understandable policy and procedures implemented') / Minor ('Partial policy or procedures or implementation').