1

BEIntelligent

Finalmente hemos llegado al último post en lo que concierne a la asignatura de Sistemas de Información Empresarial. Esta vez me gustaría desviarme un poco del enfoque tan «puro» a la hora de hablar de un tema, olvidarnos un poco de palabras técnicas y no extenderme tanto como otras veces.

Si te dijera que pensaras en todas la veces que cometiste un error, que tomaste la decisión errónea, que no supiste ver venir algo… ¿Cuántas cosas recordarías? Probablemente bastantes. Hay veces en las que no tenemos ningún poder en lo que ocurre alrededor, o incluso en lo que directamente nos ocurre a nosotros, llamémoslo destino, sin embargo hay otras en la que nos equivocamos, en las que no supimos ver en contexto, nos faltó capacidad de análisis… Por ejemplo, vamos a imaginar dos casos, dos vidas distintas, dos personas. Una se llama Gaia, y la otra Kaskarot.

Gaia es una persona a la que le gusta recordar las cosas importantes que hace, sus vivencias, y debido a esto escribe un diario. Además, a Gaia le gusta tomarse su tiempo a la hora de tomar una decisión, cambiar de trabajo, vivienda… Tiende a analizarlo todo mucho, tener en cuenta lo vivido y llegar a conclusiones que considera inteligentes. Por otra parte, Kaskarot, es una persona que se deja llevar bastante. Es verdad que Kaskarot no es tonto, cuando se encuentra en un problema, o tiene que decidir algo que puede ser importante, le da vueltas, pero el problema está en que no suele recordar las decisiones que ha ido tomando a lo largo de su vida. Por ello, a veces tropieza dos veces con la misma piedra, o se equivoca, cuando recordando otras decisiones u otras cosas vividas o aprendidas, hubiera salido ganando en muchas situaciones.

Si te tuviera que preguntar qué tipo de persona quieres ser, si como Gaia o como Kaskarot, probablemente me digas que como Gaia, ya que seguramente ser como ella te lleve a tomar decisiones más inteligentes, a tener más éxito, y a ser más feliz en ciertos aspectos de tu vida. Sin embargo, en muchas ocasiones, la mayoría de nosotros nos comportamos como Kaskarot, ya que aunque no tomemos las decisiones a la ligera, y le demos bastantes vueltas, a veces esto no es suficiente. Hemos perdido información, contexto, sabiduría al fin a al cabo, por no registrar las cosas importantes que hemos ido aprendiendo a lo largo de la vida, por no recordar ciertas cosas que nos podrían ayudar en un futuro. Además, también tendemos a ignorar ciertas cosas que pasan a nuestro alrededor, y no ser tan analíticos como podríamos ser.

Bien, te estarás preguntando a que viene todo lo anterior. Pues viene a que si trasladamos este «modelo de vida» explicado anteriormente al mundo de las empresas, nos encontramos ante la explotación de datos, análisis, toma de decisiones… Nos encontramos con que, al igual que en  nuestra vida, el memorizar (registrar) lo que hacemos y lo que pasa a nuestro alrededor, lo que aprendemos de otros, los datos y sabiduría que manejamos, y el análisis de los mismos, nos lleva a tomar mejores decisiones. Y esto, en el mundo empresarial, se traduce en éxito de negocio. Bien, pues esto ya existe, y se llama Business Intelligence, término que probablemente ya habrás oído anteriormente, o lo habrás leído en mil sitios como BI, acompañado de Big Data… Pero mi intención con este post no era dar a conocerlo, sino que nos demos cuenta de la importancia que puede llegar a tener, del valor que realmente tiene y el potencial de negocio que puede suponer para nuestra empresa.

Así, con este post final, espero haber aportado algo a alguien, en vez de escribir un montón de información disponible en mil lugares y que aburriría a cualquiera. Un saludo.




Gestión del Conocimiento

En esta ocasión me gustaría hablar sobre la gestión del conocimiento a nivel empresarial, su importancia, relación con los objetivos de la empresa, sistemas de información… Ya que en el mundo de la tecnología acostumbramos a centrarnos mucho en las tendencias, en métodos de dirección, formas de hacer negocio, contratar trabajadores eficientes, los mejores sistemas… Pero nos olvidamos del mayor tesoro de la empresa: el conocimiento que posee. Lo que sabe una empresa es lo que permite ser competitivo, lo que le permite hacer las cosas bien, y muchas veces no se gestiona correctamente, hay fugas, se pierden oportunidades…

Antes que nada, voy a presentar una serie de definiciones que considero necesarias para entender el texto:

  • Dato: Los datos son la mínima unidad semántica, y se corresponden con elementos primarios de información que por sí solos son irrelevantes como apoyo a la toma de decisiones. También se pueden ver como un conjunto discreto de valores, que no dicen nada sobre el por qué de las cosas y no son orientativos para la acción. Ejemplos: un número de teléfono o el nombre de una persona, sólo, sin contexto ni nada.
  • Información: conjunto de datos procesados y que tienen un significado (relevancia, propósito y contexto), y que por lo tanto son de utilidad para quién debe tomar decisiones, al disminuir su incertidumbre. Los datos se pueden transforman en información añadiéndoles valor.
  • Conocimiento: El conocimiento es una mezcla de experiencia, valores, información y know-how que sirve como marco para la incorporación de nuevas experiencias e información, y es útil para la acción. Se origina y aplica en la mente de los conocedores. En las organizaciones con frecuencia no sólo se encuentra dentro de documentos o almacenes de datos, sino que también esta en rutinas organizativas, procesos, prácticas, y normas.
  • Propiedad Intelectual: ideas, productos… fruto de la creatividad, que pueden ser fruto de negocio. Esto puede incluir el ámbito artístico, la música… Pero en nuestro caso, nos vamos a centrar en las ideas que pueden suponer la creación de productos propios de una organización, y por tanto oportunidad de negocio.
  • Sistema de información: Un sistema de información es un conjunto de elementos que interactúan entre sí con el fin de apoyar las actividades de una empresa o negocio.

Una vez aclarados ciertos conceptos podemos pasar al tema que nos compete. Cuando pensamos en los activos más importantes de las organizaciones siempre pensamos en los sistemas que posee, hardware y software de alta calidad y prestaciones, trabajadores competentes, grandes jefes… Pero el mayor activo de una empresa es su conocimiento. Y, en mi opinión, principalmente los know-how y la IP (Propiedad Intelectual), así como las buenas prácticas. De poco sirve tener buenos trabajadores si estos no comparten lo que saben, si no se gestionan correctamente las ideas generadas y se pierden, y si se llega a un correcto funcionamiento de departamentos o grupos de trabajadores, pero no se registra y se comparte el sistema por el cuál está funcionando todo tan bien. El conocimiento no compartido es conocimiento perdido.

Así pues, desde el punto de vista del know-how y las buenas prácticas, es necesario asegurar el registro y la disponibilidad del conocimiento, fomentar espacios y condiciones adecuadas para el intercambio de conocimientos, así como proveer las condiciones para compartir y crear nuevo conocimiento. Esto se puede hacer, por una parte, haciendo uso de «técnicas» o formas de fomentación de interacción entre trabajadores, como pueden ser las reuniones, pequeñas «fiestas» u otras formas de interacción social dentro del ámbito profesional. Pero, por otra parte, esto puede hacerse mediante el uso de sistemas informáticos. El uso de intranet, extranet, data mining, IA, sistemas de soporte para la toma de decisiones… Todos conocidos y usados en muchos casos, pero sin conocer realmente la importancia que pueden llegar a tener. Hay que buscar que el trabajador se sienta parte de la empresa, genere ideas, conocimiento, lo registre, lo comparta y haga uso del conocimiento existente.

Por otra parte, centrándonos en la IP, es importantísimo asegurar su correcta gestión. Seleccionar un lugar de almacenamiento seguro, realizar correctamente el procesado de la información que puede ser de interés para el desarrollo de productos, facilitar el acceso al mismo por parte de las personas que lo necesiten, gestionar los controles de acceso, asegurar la seguridad de la infraestructura… Además de todo esto, es interesante tener en plantilla, o realizar una contratación externa, personas que conozcan este ámbito, y puedan ayudarnos a gestionar nuestros productos, tanto legalmente como desde el punto de vista de gestión general.

El conocimiento tácito existente en las personas es esencial en el buen funcionamiento de una organización, y este se pierde si estas personas dejan la organización, además de que no se aprovechan de manera adecuada y puede llevar a cometer los mismos errores. Para ello, por ejemplo, se puede hacer uso de la documentación de conocimiento, la publicación de manera interna en la empresa por medio de sistemas de compartición…

Desde el punto de vista clásico de los sistemas de información, como sistema de apoyo a la dirección de la empresa/departamento y la ayuda en la toma de decisiones, el concepto de conocimiento resulta esencial. Pero no bastan con contar con un buen sistema que procese rápido, la información generada debe ser analizada y se debe llevar a cabo una correcta reflexión por parte de las personas, se debe llegar a ciertas conclusiones, y si este conocimiento generado resulta de interés, compartirlo e incluso utilizarlo para realimentar el sistema de información.

En resumen, la gestión del conocimiento puede ayudar a cualquier empresa, y en muchos casos puede ser esencial para el éxito de la organización. Para ello, se debe hacer un uso correcto de los sistemas de información y los sistemas informáticos en general, seguir una pautas y corregir nuestro camino cuando sea necesario apoyándonos en el conocimiento generado dentro de la empresa.




Overview and dark side of IPs

This is the last post of the serie of posts that I have been publishing about Intellectual Property. As we have already talked about the main topics concerning IPs and their protection, in this case, in order to analyse the concept from another point of view, I want to focus in ethics in relation with IPs in the industry. Yes, ethics, the topic that is frequently forgotten by a lot of companies and people.

First of all, in order to conclude with the main topics that most of the people will consider the most important part, I want to present an overview of what have been published in the previous posts: definition, relevance/importance and controls and auditing. So, what is Intellectual Property?  As is presented by the World Intellectual Property Organization[1]: “Intellectual property (IP) refers to creations of the mind, such as inventions; literary and artistic works; designs; and symbols, names and images used in commerce“. These IPs are protected with laws, including patents, copyrights and trademarks. The relevance of IPs in industry is much more than evident, as a huge part of the actual economy is based in or is strongly influenced by IPs[2][3]. Taking into account the importance of IPs, they should be protected and respected, and this fact generates risks for companies, as they should be fast in this area, apply the correct methods and avoid legal issues. For this objective, it should be considered essential the use of a formed auditing team in this topic, which will detect the actual risks in the company in relation with IPs, and propose the necessary controls to fix the existing problems and avoid possible troubles[4].

Once reviewed all the previously presented scope, let’s talk about the ethics inside the world of Intellectual Property. What is acceptable to protect? Any type of idea? Just technology for “leisure”? Any type of medicaments and medical technology?[5] When is it acceptable to protect during a certain time period and then open to the public (certain technologies that can help to improve the actual technology strongly…), and when it must be considered necessary to publish an idea and do not protect it(medicines…)?. The necessity of laws to protect IPs is obvious, but I consider the necessity to avoid the hiding of information, ideas or products essential to save lives or make the society and the world better, much stronger than any business interest. So, in my opinion, it should be put much more interest and pressure in this field, creating new laws and applying it in a very severe way. It is true that the period to maintain patents are more strict when talking about patents in medical fields, but I consider it still inefficient, as we can find periods of 14 years[6] or more for medical IPs protection[7]! The companies are in some way moral agents, and they have, apart from rights, ethical responsibilities[8]. It cannot be allowed what is happening in the actual situation, in which, for example, pharmaceutical companies protect patents during years. Patents that can save people’s lives, that can help people to live more, or live with less pain. And then, they use legal tricks, taking advantage of the “loopholes” in laws, to continue protecting their benefit at the expense of the health and lives of people. Such as waiting until their patent is about to expire, to modify or add something to their product, in order to protect it again and continue with their business. It makes me sick. And not only that, this situation provokes the emergence of monopolies that make the medicaments or other necessary products pretty expensive for a lot of people, “force” the state to pay part of that unfair price, and all the society face the music, reducing our life quality[9]. Let’s apply bioethics[10] and social ethics to the Intellectual Property field and its protection laws.

Another point to be analysed when talking about ethics in the field of IPs, is the technological development and the innovation. Some people consider that the patents and other ways of protecting IPs are slowing down the progress[11], while other people think that it is stimulating the creation of new ideas and products[12]. In this debate, it is hard to positionate in one side, as each case is different, and in my opinion sometimes these laws can be negative, and sometimes positive, depending on how they are applied, what is protected and how much time. This field is harder to analyse, much more subjective, and generalizations can be double-edged. So, I think that it is important to be analytic each time a situation of this type happens, and consider all the possible consequences, not only from the point of view of the company that is trying to protect an idea or product, but when the organizations and institutions that offer these protections play their role too.

In conclusion, the importance and relevance of IP in industry is evident, as well as their protection, including the necessity of laws and the auditing in companies to avoid steal of ideas. But, the IP laws should be used to encourage the creation of new ideas, the evolution of technology and society, to protect the ideas and give to the author the authority (yes, redundant) and reward her/him in some way. Not for creating unfair monopolies and make money at expense of the necessity of people, ignoring the good that an idea can do to society, environment and the world in general.

 


 

References:

[1] http://www.wipo.int/about-ip/en/

[2] Intellectual Property and the U.S. Economy: Industries in Focus (2016 Update). U.S. Economics and Statistics Administration and U.S. Patent and Trademark Office.

[3] Intellectual property rights intensive industries and economic performance in the European Union. European Patent Office and European Union Intellectual Property Office.

[4] https://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/QUIntellectualPropertyRisk

[5] https://www.ugr.es/~eianez/Biotecnologia/biopatentes_1.htm#_Toc490914354

[6] The Pharmaceutical Industry and the Patent System. Bruce Lehman President, International Intellectual Property Institute.

[7] https://www.ncbi.nlm.nih.gov/pmc/articles/PMC81031/

[8] https://www.isaca.org/Journal/archives/2012/Volume-6/Documents/12v6-Risk-and-Responsibility.pdf

[9] La ética y el acceso a los medicamentos. Juan Esteva de Sagrera, professor of Legislation and Pharmaceutical Deontology.

[10] https://en.wikipedia.org/wiki/Bioethics

[11] https://www.washingtonpost.com/news/innovations/wp/2015/03/11/heres-why-patents-are-innovations-worst-enemy/?utm_term=.7eb59f5a3724

[12] ¿La única patente buena es la patente muerta?. Santiago Navajas Gómez de Aranda (available in Deusto Electronic Library Resources – Oceano).




IP risks: controlling and auditing

In the previous post, we have talked about the main risks around Intellectual Property and its management from different points of view,  as well as present the main characteristics of each one. In this post, continuing from the last presented content, we are going to present the appropriate controls and auditing to be applied to the mentioned risks.

First of all, let’s consider the necessity of the auditor and her/his paper in IP risk detection and controlling. In my opinion, the necessity of IP risk audition in this field is totally obvious, as the problems that may generate a bad management of the IP risks can finish even with our company. The paper of the auditor in this case is detecting the possible problems that can occur related with IP, both with IP inside our company and in relation with other companies’ IPs. So, it is supposed that we should have an auditor for this task, who has the necessary knowledge in this field: IP risks, copyright laws, controls to be applied, good practices…

As learned in previous posts, the importance of IPs in industry and the necessity to protect them, as well as to respect them, is increasing every year. Because of this fact, the importance of auditing IP risks and applying the proper controls to the organization is increasing too[1], and becoming more and more necessary inside the company. So, on the one hand, the auditor has to care about the patents, copyrights and trade secrets that must be protected inside the company[2], as well as the management and protections that are being applied to them. On the other hand, the auditor must not forget about respecting other companies IPs too, in order to avoid legal problems.

So, the audition team have to analyse the actual state of the company in relation with IPs: list of protected IPs, how they are protected, which controls are followed to ensure that continue being protected, where are applied the laws with which are protected, which problems have been previously with patents violations from the company and from others to ours… They are a lot of tasks to be performed by the audition team regarding IPs risks, but, essentially, as in other type of auditions, it is based in analysing the actual state, analysing the risks and proposing controls in order to solve the problems and prevent risks, avoiding damages for the company and the consequent loss of money[3].

I am not really interested in listing tens or hundreds of controls and auditing steps, as we can find a lot of examples in documents like Intellectual Property Process Audit Report[4]. So, I am going to present some controls that the audition team of a company should propose for the risks presented in the previous post:

 

Risk Description Control
1 Lose a good idea with potential to become a business due to ignorance
  • Detect the actual IPs, list them and analyse their value and potential, in order to apply the proper protection.
  • Analyse the way in which they are developed the products and are documented the ideas, as well as how it is analysed the value of each one in order to detect possible business.
  • Analyse the actual patenting process, and consider if it should be improved in order to be faster and ensure the protection of the IPs.
2 Lose money or not earn as much as possible due to bad protection of IPs
  • Look at the laws and ways of protection that the company is following actually for their IPs, how strong they are..
  • Analyse how the company manage their protected IPs in terms of time referring the dates in which the protected IPs should be reviewed and the protection renewed.
3 Loss of information related with IPs from inside the company due to lack of regulations or good practices and low security
  • How are being the IPs protected from internal attacks?
  • How is being performed the detection of information stealer inside the company?
  • Which are the access privileges provided to each employee?
  • Which practices are being followed to ensure the integrity of the information in relation with developing of products and ideas?
  • How is it being controlled the access to DBs and other infrastructures that contains sensitive information?
4 Loss of information related with IPs from outside the company due to low security or bad management of the information Controls related with IT security and good practices for the sensitive information treatise:

  • Where is stored the sensitive information? How is being protected?
  • Which IT security standards are being followed?
5 Violation of other companies’ patents or protected products by copyright laws
  • Is developed any plan to deal with patent violation problems?
  • Is being applied any practice to detect possible patent violation cases when developing a product or idea?
  • Is designed any plan to change the direction of projects when they can be violated IPs protecting laws?


This is just an example of how should an audition team work when dealing with risks. But, my main intention is to understand the general overview. In the field of IP risks, an auditor must focus mainly in
confidentiality, integrity and availability[5], as they are the supports of the security], while knowing and understanding the surrounding legal scope. So, the auditor should analyse and act around topics related with IPs like policies, procedures and records, the responsible team for IP protection in the company, management of IPs and risks, security and confidentiality management, training and capacity, monitoring and measurement and frameworks for corrective actions and improvements[6].

In conclusion, as in other IT auditings, the knowledge and capacity to detect risks and propose the necessary controls is essential, and in the case of IPs, it must be considered a priority to audit the company in relation with that field, as for a lot of companies the own ideas and the originality of their products is the key of their business, so its analysis and protection is essential.

 


 

References:

[1] https://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/QUIntellectualPropertyRisk

[2] https://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/ChecklistsGuidesProtectingIntellectualPropertyAssets

[3] http://www.wipo.int/sme/en/documents/ip_audit_fulltext.html

[4] https://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/auditreportintellectualpropertyprocess

[5] Information Technology Risk and Controls. The Institute of Internal Auditors.

[6] http://www.rmmagazine.com/2013/10/01/understanding-the-risks-eight-elements-of-an-effective-ip-protection-program/




Risks around Intellectual Property

In the previous post, we have talked about the relevance of IP in industry, concluding that in the actual world it must be considered essential, taking into account that the industry is highly based in and influenced by technology. This time, we are going to learn about another key point around the Intellectual Property, the risks. As in other areas, topics, fields… of industry or technology, we can find some risks around the Intellectual Property, when protecting it, when applicating the laws… So, in order to go deeper in the area of IP, let’s talk about the risks around it.

First of all, I think that is important to present in a clear way what a risk is. For this, I consider the best definition the one provided by the International Organization for Standardization, as specified in the ISO/IEC 27005: “Information security risk is associated with the potential that threats will exploit vulnerabilities of an information asset or group of information assets and thereby cause harm to an organization”[1]. I think that this definition is great, but in order to get the essence of what a risk is and what it suppose, let’s present the definition of risk provided by the FAIR Institute: “the probable frequency and probable magnitude of future loss[2]. This basically means the probability of something bad to happen and the impact that this will have in the company, institution…

In order to understand better what a risk is, we can imagine for example the risk of updating the Windows systems of your company. This will have some risks that must be analysed, because, for example, this can suppose that your key employees are not able to execute their daily job due to the systems hang or do not perform. This, probably, will not happen too frequently, but the impact that can have is pretty high.

Once having clear what a risk is, we will analyse the most important risks around Intellectual Property in a general way per risk type[3], in order to go to more specific examples:

  • Availability Risk: It is necessary for a company to make information available, and yet it is necessary for all information to be well-protected against possible infringements.
  • Compliance Risk: Due to the number of legal issues pertaining to IP rights, it is important to be aware of their legal implications.
  • Brand Risk: A company’s brand is part of its IP and can be one of its largest assets. It is important to protect the company images and brand reputation.
  • Access Risk: Access risk includes the risk that access to information (data or programs) will be inappropriately granted or refused. Access risk ensures protection of trade secrets.
  • Business Value: It is important to be aware of and track a company’s IP and know their associated business value.

So, after having a overview of the risks around IP, I will present the risks that I consider most important, ordered by priority, and following the criteria of most frequent and biggest from the point of view of the impact:

  1. Lose a good idea with potential to become a business due to ignorance: not listing the IPs of a company and ignoring their associated business value can finish with the loss of that opportunity because another company or person develop the same idea and is faster protecting it. Obviously, it is hard to put examples about this topic due to its naturality, but we can imagine easily that this happens quite frequently nowadays with companies interested in the same products of fields.
  2. Lose money or not earn as much as possible due to bad protection of IPs: not understanding the importance of the protection, ignoring the laws… can suppose the loss of an IP, the possibility of copies due to the existence of legal loopholes, a bad temporal exploitation of the ideas…
  3. Loss of information related with IPs from inside the company due to lack of regulations or good practices and low security: not documenting or logging the work and inventions properly, not controlling the storing of sensitive information… It is easy to put an example of this risk, as it happens very frequently. One famous case is the one of the stole of 100.000 documents of AMD from inside[4].
  4. Loss of information related with IPs from outside the company due to low security or bad management of the information: easy to hack servers, putting sensitive information in easily accessible databases… As example, there is a case known by many people: The boy who stole Half-Life 2[5].
  5. Violation of other companies’ patents or protected products by copyright laws: not analysing the market of patents and developing of ideas without knowing surrounding companies’ developing products may conclude with complaints due to IP violations. I do not consider necessary to put examples of violations of patents, as this type of legal issues can be constantly between big companies, like Samsung and Apple.

In the following table, we can find the respective level of each risk (H – High, M – Medium, L – Low) in relation with the likelihood and the financial impact. To understand better the Likelihood Scale and the Impact Scale (financial), I highly recommend the reading of the pages 13 and 14 from the document Developing the IT Audit Plan inside the Global Technology Audit Guide, written by the Institute of Internal Auditors[6].

Risk Likelihood Impact Justification
1 H H In the actual industry, full of competence, in which the faster is frequently the one that get the business, it is essential to register all the new good ideas and which is their value . The impact of not doing this is high, but can be huge if we are talking about millionaire o billionaire ideas.
2 M H Protection of ideas is essential, by patents, copyright or trademark laws. A bad protection can be exploited by the competence, being high its impact in the company.
3 L H Maybe the probability to be stolen by your employees is low, but it is important to control it, as the impact can be high in the business, because the employees know what to look for if they want to steal, and can have access to a lot of sensible information. Apart from that, following good practices can decrease the probability to lose information.
4 M M-H Cyber attacks can happen, and its impact can go from low impact to a very high one.
5 L M-H It is difficult not to see that an idea is actually patented when it suppose a high source of money, as it will be published quickly, but the consequences of not considering it can go from little money loss to big problems with justice.


In conclusion, knowing and understanding the risks around the Intellectual Properties is essential in industry, due to the technology in constant developing and the big competence in business. So, developing some expertise around the presented content can result in the prevention of possible bad events

 


 

 

References:

[1] https://www.iso.org/obp/ui/#iso:std:iso-iec:27005:ed-2:v1:en

[2] http://www.opensecurityarchitecture.org/cms/definitions/it-risk

[3] https://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/QUIntellectualPropertyRisk

[4] https://arstechnica.com/tech-policy/2013/01/amd-accuses-former-top-employees-of-stealing-over-100000-documents/

[5] http://www.securitybydefault.com/2013/01/hackeos-memorables-el-codigo-fuente-del.html

[6] https://www.iia.org.uk/media/54857/gtag11_developing_the_it_audit_plan.pdf




Intellectual Property and its relevance in industry

In the previous post, we have talked about the Intellectual Property in order to introduce it. We have seen what does it mean, it’s characteristics, implications, importance… So, we can say that we have been introduced in the concept of IP. In this post, in order to go deeper in the area of IP, I am going to talk about the relevance of the topic in industry. To make it more practical, I am going to present some cases and present information from real applicated ideas in the actual industry.

First of all, we must have clear an idea: the IP is very very important, not only in the industry, but in the world. Why? The IP and all the involving laws, regulations… are allowing the companies to protect their ideas and to develop their products, as they are able to continue researching and working in their products without the fear of having their ideas and products stolen. This secure environment for the researching and developing of technology, allows the companies that really have the ability to create new ideas, to have some securities involving their work. So, nowadays, protecting own ideas, when it is considered important to do it, is essential to survive in this industrial world.

The protection of IP is increasingly becoming a challenge for organizations. All the legal problems and battles between companies is highlighting the importance of protecting intellectual property in order to gain competitive advantage[1]. For example, let’s analyse this topic for the US. As it is considered one the the most important industrial potencies, and probably the most important involving the generation of technological ideas and IPs, we can say that this reality is essential to understand the relevance of IP in the industry and in the world. As reported by the Economics and Statistics Administration and the Patent and Trademark Office of the United States in 2016 about 2014[2], is estimated that more than 6.6 trillion dollars in value added in IP-intensive industries, in other words, the 38.2 percent of U.S. gross domestic product. And not only this, we find that:

  • The entire U.S. economy relies on some form of IP, because virtually every industry either produces or uses it.
  • 81 industries from a total of 313 are considered IP-intensive, which directly accounted for 27.9 million American jobs, up 0.8 million from 2010.
  • At the same time, these sectors indirectly supported 17.6 million more supply chain jobs, so, every two jobs in IP-intensive industries support an additional one job. In total, 45.5 million jobs, 30 percent of all jobs, were directly or indirectly attributable to the most IP-intensive industries.

In addition, these numbers have grown up a lot from 2010 to the data reported in the previous points. But, someone can say that these points are focused only in the United States, but, on one hand,  U.S.’s industry is one of the biggest and most important and influencer in the world, and on the other hand, this reality of the relevance of IP in the industry can be seen in other countries too, as in Europe. So let’s present just some data: As reported by the European Union Intellectual Property Office and the European Patent Office in 2013[3], IP-intensive industries accounted for 39% of the EU’s economic output and 26% of the employment during the period 2008-2010. So, we are not just talking about some companies and few countries, the relevance of IP is evident in the world industry.

This is only some data about the relevance of IP in industry, but we have not to go so deep, as we just have to think about some of the biggest companies in the world: Apple, Intel, Microsoft… And some of the biggest fields: Computer technology, Digital communication, Electrical machinery, apparatus and energy, Medical technology… For these companies and fields, IP and its protection is essential in order to survive and continue developing their ideas and products.

In order to protect the ideas of the companies, that have a high potential to become a source of money, and it is considered important to protect it, they have been created laws around IP and copyright. So, for example, in the U.S., the Article I, Section 8, talks about the authority of the Congress to grant authors and inventors exclusive right to their creations[4]. The IP laws passed by Congress are administered by two government agencies: U.S. Patent and Trademark Office, and the U.S. Copyright Office. In Spain, for example, we can talk about the law of IP, which have been created in 1996 an updated in 2017[5] in order to regularize and clear all the legal materia. Each country has their own laws involving IP, so each country’s courts can apply the law in this area, but all this laws talk about same ideas: the authority of an idea and the importance to protect it against copies.

In order to finish the post, I want to present one of the most important cases of application of IP laws in order to protect products: A&M Records vs Napster[6]. This case is known by a lot of people. In 1999, Shawn Fanning, an 18 year old student of computer science, created Napster, a peer-to-peer music sharing service which allowed users to download MP3s for free. We can see the importance of this fact, as nowadays the illegal downloads of music files is so common, and it can be considered that point the starting point of this reality. So, Napster was accused of contributory and vicarious copyright infringement, and in 2002, Napster was shut down.

In conclusion, the importance and relevance of IP in industry is evident. I have presented a lot of data along the document that reaffirms that reality, from statistics from important institutions to real cases, highlighting the perspective of local and international institutions, the importance of the developed laws and the trend of IP and the reality around us.

 


 

 

References:

[1] https://www.isaca.org/Journal/archives/2014/Volume-1/Pages/Key-Considerations-in-Protecting-Sensitive-Data-Leakage-Using-Data-Loss-Prevention-Tools-Portuguese.aspx

[2] Intellectual Property and the U.S. Economy: Industries in Focus (2016 Update). U.S. Economics and Statistics Administration and U.S. Patent and Trademark Office.

[3] Intellectual property rights intensive industries and economic performance in the European Union. European Patent Office and European Union Intellectual Property Office.

[4] https://www.hg.org/intell.html

[5] http://www.wipo.int/wipolex/es/details.jsp?id=17102

[6] https://www.smithsonianmag.com/history/ten-famous-intellectual-property-disputes-18521880/

 

 




¿Por qué?

En el siguiente texto me voy a centrar en la importancia de la reflexión, partiendo de una pregunta que todos nos hemos hecho alguna vez, muy recurrida cuando éramos niños: ¿Por qué? Así pues, también voy a destacar su relación con nuestros objetivos y vida en general, además de su importancia cuando estamos hablando del mundo empresarial. A lo largo del texto voy a incluir algunos textos de manera literal, ideas propias reflexionadas durante la asignatura de Sistemas de Información Empresarial, además de otras independientes, pero debido a la «naturaleza subjetiva» del texto y el hecho de que su contenido haya venido trabajándose a lo largo de un periodo medianamente largo, no voy a incluir fuentes de ningún tipo al final.

En primer lugar, deberíamos hacernos la pregunta más clara y paradójica, ¿por qué pararnos a preguntarnos por qué? Bueno, creo que es bastante obvio que todos nos hemos preguntado muchísimas veces el por qué de las cosas, pero hay algo que estas preguntas generan en nosotros que deberíamos tener en cuenta las veces que no nos las hacemos. El hecho de preguntarnos el por qué de las cosas, el reflexionar sobre nuestras acciones, por qué hacemos las cosas como las hacemos, por qué perseguimos ciertas cosas… Nos genera motivación y nos da una razón de ser, proporcionándonos unos objetivos y ayudándonos finalmente a ser más felices. Y ahora, estaría bien plantearnos la cuestión a la inversa, ¿qué nos puede traer no pararnos a pensar demasiado en el por qué de las cosas? Pues:

  • Monotonía, hacer siempre lo mismo, este mal o bien.
  • Hacer las cosas como todos.
  • «Falso confort».
  • Falta de motivación.
  • Falta de objetivos y visión.
  • Infelicidad sin conocer el por qué, y por ende, sin saber cómo solucionar el problema.
  • Sensación de malgastar el tiempo y la vida en general.

La solución a estos problemas, además de aplicar ciertos cambios y movernos posteriormente, por supuesto, se podría solucionar parándonos todos los días, o al menos cada poco tiempo, a reflexionar sobre la situación en la que estamos, cómo hacemos las cosas, por qué, para qué, dónde estamos, hacia dónde queremos ir… Por qué vivimos cómo vivimos y por qué hacemos lo que hacemos, al fin y al cabo.  El no reflexionar asiduamente o al menos de manera correcta y clara, con una serie de cambios y acciones que la sigan, nos trae los problemas mencionados anteriormente, que se ven reflejados en muchas conversaciones, canciones… Por ello, me gustaría incluir dos fragmentos de dos canciones de mi gusto, que me parece que reflejan a la perfección los problemas antes descritos de manera muy real en la sociedad:

Flowklorikos – Por amor al odio

No sé paliar mi odio con el crono en movimiento,
que pronto se hace tarde le escribí gritando al tiempo,
el tiempo pasa, un día más es un día menos…

…Odio caer, odio tener que levantarme,
odio madrugar, odio despertarme tarde.

Kaotiko – Chihuahua

Yo soy un hombre normal, lucho por sobrevivir
¡la vida no es como el anuncio, yo vivo en la p*** realidad!
Acabo de currar me voy con los colegas
al mismo bar de ayer para beber lo mismo
cuando me pongo bien me voy a casa
pongo el despertador maldito trabajo.

Y mientras sale el sol para alumbrar el mundo
yo tengo que correr como un cabrón al curro
para poder comer, para comprar un carro,
para poder tener mi televisor.

Una vez visto el sentido de por qué preguntarnos por qué, y la importancia de pararnos a reflexionar, podemos extrapolar de manera sencilla las ideas presentadas al mundo empresarial. Destacando la importancia de las acciones descritas previamente, por una parte, para la felicidad de todos los compañeros que conforman la empresa, lo que se traduce en un mejor ambiente de trabajo y funcionamiento de la empresa, y por otra parte para la razón de ser de la empresa, su misión, su visión, sus objetivos… Lo que le confiere su naturaleza, su forma de trabajar, su plan estratégico… Sin una reflexión previamente trabajada, un análisis profundo del por qué de las cosas, una empresa está sentenciada al fracaso. No todo se puede ir haciendo sobre la marcha, no todo se puede dejar sin especificar y sin tener las cosas claras para que toda la empresa reme en la misma dirección. Y esto no se aplica únicamente en el momento de la creación de la empresa, sino en toda su vida. La reflexión, el pararse a preguntarnos: ¿por qué estamos aquí? ¿por qué estamos haciendo esto así? ¿ Y por qué no así?… Nos va a traer a largo plazo increíbles beneficios, y ese tiempo de reflexión no va a ser tiempo perdido, sino tiempo invertido.

Finalmente, para ver la utilidad de las ideas propuestas, creo que todos deberíamos recuperar esta práctica tan popular entre los niños de preguntar por qué a todo, y hacernos ciertas preguntas a nosotros mismos, aplicables a la sociedad «moderna» de ahora: ¿Por qué seguimos utilizando «micromachismos» y términos que son despectivos con ciertos colectivos, si nosotros no somos así? ¿Por qué compramos cierto tipo de productos o marcas, cuando se sabe que estas están estancando el cambio a mejor de la sociedad y el mundo en general, explotando personas y animales, destruyendo el medio ambiente…? ¿Por qué priorizamos tantas veces el trabajo o los estudios sobre la salud, la felicidad… si lo que buscamos con trabajar es disfrutar y vivir, y no pasarlo mal y vivir para trabajar? ¿Por qué no cambiar de trabajo, aires, y vida en general, y buscar nuestro lugar? Y otras también aplicables en el mundo empresarial: ¿Por qué existimos? ¿Qué queremos? ¿Por qué lo estamos haciendo de esta forma? Al fin y al cabo creo que todos deberíamos parar a preguntarnos muchos por qués y su vez aclarar qué es lo que queremos, qué no, y qué hacer para obtener lo primero y eliminar lo segundo, con el fin de darle un sentido claro y una motivación a nuestras vidas y a nuestras empresas, saber cuál es nuestro lugar y movernos hacía ahí.




Intellectual Property: protect your creations

First of all, let’s define the concept of “Intellectual property” as is presented by the World Intellectual Property Organization[1]: “Intellectual property (IP) refers to creations of the mind, such as inventions; literary and artistic works; designs; and symbols, names and images used in commerce“. From the perspective of a IT company, it is interesting to add to the definition that these intellectual properties are protected in law by, for example, patent, copyright and trademarks. It is essential to know about this reality and apply it when developing products or ideas, as they can be a business opportunity for the company, and not protecting it can suppose the lost of that opportunity, as other companies can “steal” or “copy” the developed product or idea.
So, as examples of intellectual properties that all the people will understand, we can find a song composed by an artist, or a software developed by a company. Both products are quite different, but both are creations made with the “intellect”, and both can be considered intellectual properties if their creators want them to be. In relation with this idea, it may be considered the concept of intellectual property rights (IPRs)[2]. These rights are granted to the creator of IP, and include trademarks, copyright, patents, industrial design rights, and in some jurisdictions trade secrets. And, as mentioned previously, artistic works as music and literature, can be protected as intellectual property. So, in resume, the concept of intellectual property, related closely with the concept of copyright, helps the creator of some content or product to protect that creation, and have the “monopoly” or authority over it, being “illegal” to copy that content without permission.

Focusing in the relation between IP and IT companies, IP laws are the protection that the companies use when they develop their own products or ideas. They can register these products as IP, so they will be protected against copies or appropriations from other companies. So, in most of the cases, these IPs are the company’s knowledge and ideas for future products, processes and technologies, in consequence, they must be adequately valued and protected. In order to achieve this objective, auditing the IP of companies is a essential task to develop[3]:

  • Detect the IPs and register them: it is essential to know which intellecual resources have a company and which ones are needed or it is interesting to patent. Some times, waiting too much can suppose the lose of a business oportunity.
  • Analyze the actual plan of the company to patent: see which steps are followed and try to make it better, faster and more secure.
  • Evaluate the IP effectively: analyze the state of the technology, its demand, the possibilities that it will provide to the company… It is important to consider all the situation and calculate the real value of an idea or product.

These are some key points to deal with the IP of a company, it is obvious that there are more steps or guidelines to follow when working with IP and patents, but they will be presented in next publications and analyzed more deeply. Once presented the main ideas of IP and its relation with IT companies, let’s talk about another aspects of IPs.

IPs, considered from the point of view of moral authority or property, and the supposed right over an idea, is not something new. Along the history they have been developed a lot of products and artistic creations, and their authors have tried to protect them from other authors or companies. Nowadays, we can see a lot of examples of this: the conflicts between IT companies as Samsung and Apple, Microsoft and Apple, composed similar songs in the scope of music composition… Some of this examples will be presented in the next post, but the important idea to obtain from this reality, is the existing risk related to IP and patents, the risk of copies, the risk of not being as fast as it is needed to patent a new technology, idea… So, when leading or auditing a company, mainly when it is a company related with IT or artistic creations, it is essential to have the needed knowledge around the IP and laws, patents, copyright… And know how to deal with them and the problems that can appear[4].

Apart from what has been presented, I consider important to analyze the IP from another point of view: the evolution of the technology. I think that having this idea present in our brains is important, because it is true that anyone want to protect a creation, get money for it… But it must be considered that in some cases protecting an idea or creation too much can lead to not sharing an idea, and stopping the evolution of technology, stopping the process of creation of new products, including important products as medicines, products that can be essential for humans and can make their life betters. So, as some authors like Stephan Kinsella argue, the IP laws can difficult the creativity and the scientific progress, and can suppose an high cost for the society[5].

In conclusion, I think that having the necessary knowledge about IP and the related laws it is important, as they can suppose the success of our company or the exploitation of a business oportunity, but it must be considered the real value of these creations, evaluate the real need of their protection, analyzing the risks involving their protection or the avoiding of the protection, and act in consequence, considering the impact that our acts will have in the wellness of the society and the scientific progress.

 


 

References:

[1] http://www.wipo.int/about-ip/en/

[2] https://en.wikipedia.org/wiki/Intellectual_property

[3] https://www.isaca.org/Journal/archives/2014/Volume-1/Pages/Key-Considerations-in-Protecting-Sensitive-Data-Leakage-Using-Data-Loss-Prevention-Tools-Portuguese.aspx

[4] https://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/ChecklistsGuidesProtectingIntellectualPropertyAssets!OpenDocument

[5] Against Intellectual Propery. Stephan Kinsella.