Intellectual Property (IP) management is fraught with risk. From routine legal and administrative risks to more unpredictable risks such as freedom-to- operate, cyber-risk and knowledge leaks. In addition, with increasing digitalization, growth of intangible assets, and open innovation, organizations face growing cross-border risks, and unintended loss of knowledge assets such as know-how and trade secrets.

To manage a growing menagerie of risk, IP managers need to be able to identify risk sources, assess threats and vulnerabilities, and determine their potential impact on the organizations that engage them.

Is there a common framework from which to start? Well, Yes and No.

At the highest levels, there is the Organisation of Economic Co-Operation and Development (OECD) which sets the stage for risk management as a part of corporate governance and compliance. Supplementing the OECD are open-source standards and normative risk standards (such as the International Standards Organization, ISO).

From the risk management perspective, there exists a generic and well-known risk management standard, the ISO 31000, which teaches a sequence of risk identification, analysis, evaluation and treatment. From the IP management perspective, two independently developed IP management standards exist. The broader of the two, the German-led DIN 77006, approaches organization-wide IP management from a quality management perspective and cites the widely-accredited and auditable ISO 9001 as a normative reference. The ISO 56005 on the other hand, introduces IP management in the innovation phase, and is part of the ISO 56000 family on innovation management.

However, no normative standard for IP risk management currently exists.

In this thesis, two independently developed IP management standards, the DIN 77006 and the ISO 56005 are examined for their risk-approaches. 26 risk themes are identified in the DIN 77006 and compared against risk approaches in the ISO 31000, the ISO 9001, and the ISO 56005. Based on this study, contradictions and alignment of risk management principles for IP management are determined. In addition, an IP risk management framework (IPRMF) based on these four normative standards and centred on the DIN77006 and ISO 9001 is presented, which sets the path toward a quality-centred IP audit. Finally, further supplementary risk standards, such as the ISO 27005, the ISO 31022 and the ISO 22380 are incorporated into the IPRMF and applied towards trade secret risk management processes in organizations.

This research project was conducted by MIPLM graduate Dr. Shu Pei Oei and supervised by Prof. Dr. Alexander Wurzer and Dr. Thibaud Lelong both CEIPI.

Dr. Shu- Pei Oei is in-house Patent Counsel at Novomatic AG, an Austrian-based Gaming company with global subsidiaries in over 40 countries. A European Patent Attorney with more than a decade’s experience in patent prosecution, Shu-Pei has advised clients on global filing strategies and prosecuted patents for both Multinational companies (MNCs) and start-ups in the electronic and automotive industries. Trained in Munich (Germany), Shu-Pei has 7 years of technical and research experience in Engineering, and international exposure spanning 3 continents and 5 countries. Shu-Pei holds an LL.M in Law and IP Management from CEIPI, University of Strasbourg, a Ph.D in Engineering from Cambridge, an M.Sc in Electrical Engineering from Stanford, and a B.Eng in EEE from UCL, UK (1st class). Shu-Pei is certified in advanced freedom to operate (FTO) search & analysis (CIIPM), patent valuation (Incremental Advantage), and attended the Oxford Cybersecurity for Business Leaders Programme (Säid Business School). As an IP practitioner, Shu-Pei’s focuses are in developing IP Strategies, processes, standardization, risk management, communication and leadership.

Here is a description of the research project: