Business Law Checklists Intellectual Property Legal Topics

Have You Done a Trade Secret Audit?

secret_105634725The best way to analyze a company’s trade secrets (and how well protected they are) is through a formal audit. Here’s an overview of how to do a trade secret audit.

A trade secret audit is a proactive, dynamic analysis of a company’s proprietary assets and how those assets are protected. An audit should including the following steps:

  1. Assemble an audit team. The audit team should consist of outside or inside counsel and appropriate business teams. Audits should be assisted by someone who is experienced with computer fraud, network security issues, and computer forensics, including managing and protecting electronically stored data. And don’t forget human resources professionals.
  2. Determine the scope of the audit.  The audit team must identify the company’s overall objectives related to its trade secrets and what levels of protection the company seeks. The audit team should further determine whether patent or other intellectual property attorneys should be consulted to tailor the most appropriate kind of protection for the company’s particular intellectual property assets.
  3. Identify potential trade secrets. The audit team should identify the company’s intellectual property assets that are valuable and worth protecting, as well as any existing security protections in place to protect those assets. This process should include identifying risk areas where information assets may be susceptible to loss.
  4. Review current policies and procedures. Companies often have some policies or procedures in place to help protect their trade secrets, but many are inadequate, difficult to implement or understand, or ineffective. Review case decisions on whether particular company measures taken to protect trade secrets were legally adequate or inadequate.
  5. Review current physical and electronic security measures. The audit team should review the company’s physical and computer data security practices and make recommendations to help ensure adequate security and prevent theft. This often includes recommendations about facility access, security layout, computer access, network system layout, and protection of electronic data.
  6. Account for technological advances. Technology changes rapidly, and companies need to keep up with the latest developments. For example, moving trade secrets into the cloud raises numerous legal, security, and business concerns.
  7. Review current protective agreements. Companies must monitor their current protective agreements regularly to keep them up to date on current technologies and the law. The audit team should review the company’s various protective agreements (e.g., employee confidentiality agreements, blogging policies, and technology use agreements) and third party nondisclosure agreements to ensure that they safeguard the company’s trade secrets appropriately.

The importance of a trade secret audit to ensure that trade secrets are adequately protected cannot be overemphasized—given the stakes, we’re likely to continue to see high-profile cases of alleged trade secret theft.

You’ll find a sample trade secret audit checklist along with everything you need to know about protecting trade secrets in CEB’s Trade Secrets Practice in California.

Related CEB blog posts:

© The Regents of the University of California, 2013. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited.

5 replies on “Have You Done a Trade Secret Audit?”

Leave a Reply to Before Starting Up a Start-Up | CEB Blog - Your Partner In Practice Cancel reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s