And does your purchasing department know what to send, and what not to?
Many commercial EMS and OEM companies have a gaping hole in the system to protect the intellectual property (IP) of their customers.
I can’t count the number of emails from customers requesting a quote for a printed circuit board that include not only the Gerber file(s) for that PCB, but also the assembly drawing, the bill of materials, and the schematic drawing for the entire product.
Companies in our industry take a number of steps to protect customer IP. They require signed nondisclosure agreements for all involved in the manufacture of their PCBs. They verify the identity of any visitors to their secured US manufacturing facilities and assign outsiders mandatory escorts. They may ban cellphones or any other devices that could be used to record inside those facilities.
However, with a press of the Send button, all that IP protection goes out the door.
It’s no secret the vendors I recommend for PCB manufacture are based in Asia. Yet routinely, without any precautions, all the information required to build a particular product is emailed to me and my team, which is located on the other side of the world.
I don’t know whether to laugh or cry.
Is it any wonder the theft of intellectual property is such a pressing problem, in our industry, as well as in many others?
It’s not necessarily the fault of PCB buyers or program managers. With everything converted to bits of data and the number of purchasing personnel greatly reduced, buyers and program managers may not get the same opportunities they once did to understand the end-products being produced, let alone who they are produced for. And they may not even understand the circuit boards they’ve been tasked to buy.
While buyers may have received cursory training in protecting customer IP, many still simply forward files to overseas PCB vendors, not realizing what they’re doing.
In other words, they don’t know any better because they lack the knowledge needed to review PCB fab specs themselves. Unfortunately, custom-made PCBs have come to be viewed as just another commodity that does not require specialized training, and concern for IP protection (at least in the quoting phase) often goes by the wayside.
The same lack of understanding often surfaces in orders for military and ITAR PCBs, where the consequences for mishandling information can be dire, including fines, vendor disqualification, and lost revenue. In many cases, sensitive documents related to military and ITAR orders are not clearly marked.
So how do OEM and EMS companies plug that gaping hole in customer IP protection?
It begins with the sales department. Have a documented discussion with your customers about which information needs protection and which does not. This documented discussion should be required reading for buyers and program managers.
Avoid the temptation to label every aspect of a project as intellectual property (when it’s not actually necessary), as that will make it harder for your quoting and manufacturing teams to function in a timely manner.
Your organization also needs a designated department (usually engineering or quality) with the ability to review all customer files (electronic and hard copy) and determine which information needs IP protection and which does not. This department should label protected documents with an easily recognizable code or prefix, making it clear to all personnel that the information contained therein is confidential and is not to leave the facility without appropriate precautions.
Having such a department assigned the responsibility of designating protected customer IP makes it easier for quoting and purchasing teams. They can focus on their jobs, while your customers (and management) can rest easy knowing information is properly handled.
PCB buyers today seem responsible for the acquisition of everything from HDI boards to cable assemblies to, sometimes, even the office toilet paper. Unfortunately, most have been given only on-the-job training for their wide-ranging responsibilities. This is often inadequate to the task.
EMS and OEM firms, especially those that tout their ISO certification and supply-chain prowess, should provide professional corporate training to ensure their procurement departments are not inadvertently releasing unsecured information that could be harmful to their customers and their own bottom lines.