Background
----------

ISO/IEC 27002:2022 clause 5.32 indicates that "The organization should implement appropriate procedures to protect intellectual property rights [in order] to ensure compliance with legal, statutory, regulatory and contractual requirements related to intellectual property rights and use of proprietary products."


Policy statements
-----------------

1.	Information risks relating to intellectual property beloinging to the organisation and to third paerties should be identified, evaluated and treated in the normal manner. 

2,	A balance should be struck between protecting and exploiting intellectual property, considering its value and the business contexts.   

3.	Develop procedures to respect intellectual property rights e.g. acquire software only from known and reputable sources, through conventional procurement practices; maintain suitable records about intellectual property rights; retain adequate proof of software licenses; check that only authorised software and licensed products are installed; check compliance with license terms and applicable laws.


Notes
-----

This is a “skeleton” policy providing just the bare bones, the basic foundations on which to construct a custom policy for your organisation.  Jump-start the process by visiting www.SecAware.com for a more comprehensive customisable policy template in MS Word.