Background

----------

ISO/IEC 27002:2022 clause 5.32 indicates that "The organization should implement
appropriate procedures to protect intellectual property rights [in order] to ensure
compliance with legal, statutory, regulatory and contractual requirements related
to intellectual property rights and use of proprietary products."

Policy statements
-----------------

1. Information risks relating to intellectual property beloinging to the

organisation and to third paerties should be identified, evaluated and treated in
the normal manner.

2, A balance should be struck between protecting and exploiting intellectual

property, considering its value and the business contexts.

3. Develop procedures to respect intellectual property rights e.g. acquire

software only from known and reputable sources, through conventional procurement
practices; maintain suitable records about intellectual property rights; retain
adequate proof of software licenses; check that only authorised software and
licensed products are installed; check compliance with license terms and applicable
laws.

Notes
-----

This is a �skeleton� policy providing just the bare bones, the basic foundations on
which to construct a custom policy for your organisation. Jump-start the process
by visiting www.SecAware.com for a more comprehensive customisable policy template
in MS Word.