It’s no secret that one of the greatest challenges facing buyers and suppliers of custom manufactured parts today is data protection.
Whether it's intellectual property in the form of CAD/CAM files, sensitive company information communicated across a supply chain, or an exciting innovation coming from a start-up company, businesses large and small have sensitive data they must protect to maintain their competitive advantage.
In a recent article examining How SMBs Can Stay Ahead of New Cyber Security Threats in 2016, Vijilan Security chief sales and marketing officer, Gary Mullen, said "Small businesses are prime candidates for attacks, but lack the threat expertise and resources to monitor their security posture 24/7, leaving them exposed to hackers."
But that needn't be the case.
From Lumension to Digital Guardian, there are countless software suites, protocols, and programs capable of helping you take the necessary in-house precautions to keep your trade secrets a secret.
But sourcing isn't in-house. Intrinsically, it means sharing engineering documents with suppliers, partners, and contractors -- often over the Internet on websites and web apps like MFG.com. That means your proprietary engineering data could be compromised or even stolen, rendering your in-house solutions obsolete.
In 2014, 21% of manufacturers were hit with intellectual property theft, with IP and internal operational intelligence being the two crucial data groups manufacturers most feared being compromised.
Here are 3 ways sourcing platforms like MFG.com help you perform adequate due diligence and most importantly, keep your data protected.
Leverage the Power of Two-Tiered NDAs
In the simpelist of terms, non-disclosure agreements are contracts binding two or more independent parties from sharing confidential information with any third party. These contracts prohibit the signer of the NDA from disclosing information to and among subsidiary suppliers, contractors, or partners -- third parties.
What Makes Up An NDA
- An outline of the parties involved;
- A thorough definition of what is to be held confidential;
- What actions should be taken following the end of the agreement(s);
- The disclosure period of the agreement(s) (e.g. 3 months after the agreement date);
- The obligations of the signee, such as to whom the signee may or may not divulge information; and
- What factors will exclude the signee from being bound by the agreement(s), including instances such as:
- A signee having prior knowledge of the information or data;
- A data set being readily available to the public; or
- A data set being subject to a government subpoena
How MFG.com Protects Your IP With Two Levels of NDA Protection
MFG.com affords all of our buyers two NDA protection options.
- Single-tiered NDAs; and
- Two-tiered NDAs
Option 1 covers more than 95% of the parts requiring NDA protection within the MFG.com Marketplace. With Option 1, buyers require all suppliers downloading intellectual property files to digitally sign the legally binding MFG.com NDA -- or an NDA of the buyer's choosing.
Option 2 gives buyers even more control of who sees their confidential data.
Working in conjunction with the single-tiered NDA model, the two-tiered NDA system adds an additional measure to the vetting process. Through this system:
- A potential supplier signs an NDA covered in Option 1 -- MFG.com's legally binding NDA or one of the buyer's choosing;
- Then, that potential supplier is placed into a pool of other suppliers who have also agreed to the terms laid out in Option 1;
- Once this process has been completed, the buyer is then able to cherry-pick which supplier(s) will, based on ratings and other factors, be able to view the confidential engineering files.
Partner With SOC 2 Compliant Companies
Also known as Service Organization Control Type 2, SOC 2 is a set of auditing and security standards that extends to document management, workflow management, and financial accounting management.
These standards help many Software as a Service (SaaS) companies and cloud-based service providers keep customers' data safe and secure.
MFG.com is SOC 2 compliant, but what does that mean for you? Focused on audit security, process integrity, privacy, and confidentiality, SOC 2 protocols ensure that your data is invulnerable to outside threats, such as hackers.
The American Institute of CPAs (AICPA) developed the SOC 2 standards to better help private companies, nonprofit organizations, federal, state, and local governments, suppliers, and customers protect their data in a fluctuating world of heightened connectivity and risk.
Trust Service Principles
According to the AICPA, "Trust Services are a set of professional attestation and advisory services based on a core set of principles and criteria that address the risks ... of [SaaS/cloud-based system] and privacy programs." They include:
- Security: The strength of the system to withstand unauthorized access attempts;
- Availability: The availability of the system as laid out and agreed upon by customer(s) and provider(s);
- Processing Integrity: The accuracy, timeliness, and authorization of the system's processing capabilities;
- Confidentiality: The level of protection capability provided by the system for confidential information; and
- Privacy: The collection, use, disclosure, and disposal of confidential and private information in accordance with the system's privacy clause(s). These actions must also align "with criteria set forth in Generally Accepted Privacy Principles issued by the AICPA and CICA."
Adhering to these 5 SOC 2 standard principles, MFG.com provides you with an extra layer of due diligence and sourcing confidence. Our state of the art encryption algorithms and intrusion prevention systems monitor and protect your engineering files, helping you efficiently mitigate risk. Regularly audited by MFG.com security specialists, Marketplace procedures stay ahead of technology to ensure system-wide preparedness and protection.
Only Communicate Through HTTPS Encrypted Channels
As you know, corresponding over the Internet can be risky business, especially when you're sharing confidential data such as CAD/CAM files and other sensitive engineering documents. With traditional Internet security protocols, third parties could potentially "eavesdrop" on your conversations and steal your data...
But that's where Hypertext Transfer Protocol Secure comes in.
HTTPS Secures Your Data Communications
Allowing for secure communications over the Internet, HTTPS helps protect both your privacy and the integrity of any data exchanged with secondary parties over websites like MFG.com.
Furthermore, omnidirectional encryption inherent in the HTTPS model ensures that both client and server (e.g. buyers and suppliers) are protected from theft and forgery.
According to the FBI, the automotive industry loses more than $12 billion to the sale of counterfeit automotive parts every year. Many of those counterfeit parts were forged via stolen data from unsecured communications channels.
Sites that neglect to conform to HTTPS protocols are undermining the veracity of their privacy controls and data protection measures, neglecting vital information about both you and your intellectual property and allowing it to leak into the Internet.
MFG.com is not one of those websites.
Just as we adhere to NDA and SOC 2 standards, so de we to current Internet guidelines -- including HTTPS.
What's more, once you're inside the MFG.com web app, your communications are protected further by our robust communications tracking system. Essentially a digital paper trail, this security protocol allows MFG.com security specialists to record and store all communications between buyers and suppliers, safeguarding your IP from unlawful forgery.
It's just another perk of being a part of the MFG.com community.
Looking Ahead: Intellectual Property Protection is a Hot-Button Topic
Experts agree that cyber security will continue to be a hot-button topic in 2016. No longer will cybersecurity and the protection of intellectual property be an ancillary goal of buyers and suppliers of manufactured parts. Moving forward, it will be a key driver of ROI, underpinning sourcing and production decisions more than ever before.