Top Risks

Testing & Certification Leaks

Target Process
Production
Target Asset
In Production
Impact
Moderate

EXAMPLES


  • Facility fails to secure product samples before/during testing, and they are illicitly photographed by staff.
  • Facility fails to secure product samples after tests are complete, and they are removed by staff for personal use or discarded with office trash.
  • Results of tests or certification are published to an accessible database or website before embargo date, with embargoed images, product names, or copy included.
  • Authorized digital images created by facility are screen clipped or photographed with personal device by staff.
  • Retail staff take personal pictures in stock staging areas.
  • Personal cell phones are used by staff to take official photographs and are never deleted.

PREVENTATIVE CONTROLS


  • Licensee provides and requires agreement to adhere to confidentiality requirements and embargo dates to any facility receiving product samples, prior to product arrival.
  • Licensee requires facilities to implement cell phone restrictions in areas where embargoed product is stored and handled.
  • Licensee requires facilities to track and restrict access to all product parts through lengthy or destructive tests, and return all remains of embargoed product samples to the Licensee once usage is complete.
  • Licensee requires facilities to withhold IP content (images, product names, copy) from public facing reports and systems, and to refrain from distributing reports to any third parties, until content is revealed.

BEST PRACTICES


  • Licensees establish safety, customs, and other certification needs with parties requiring them, and proactively fulfil without sharing confidential items whenever possible.
  • Licensor and licensee establish acceptable delays based on embargo date to import product into countries that have testing or certification processes with unacceptably high known leak risks.

DETECTIVE CONTROLS


  • Licensee provides product samples physically marked with a prominent, unique identifier to facilities, and log the recipient of each identifying mark.
  • Require the use of individual watermarking and approved capture and transmission channels for any images of embargoed product being generated for business needs.
  • Require the use of an identifying backdrop, containing the facility name or logo, when official images are captured. Link to Creating Documentation Photo/Video Assets best practices.