Once confidential information is determined to be a trade secret, it is converted to a trade secret through increased security measures to protect it. Because there are so many ways trade secrets can be lost, a trade secret security audit is probably one of the best methods to ensure trade secrets are adequately protected. The audit inventories physical, computer, and written security measures being used by the company to determine how and where trade secret security is maintained.
Returning now to the topic of auditing companies systems the three forms of security, the first, physical security, the following questions are addressed: How does the company physically secure engineering drawings? What methods does a company employ to physically restrict access to proprietary information? How does a company dispose of engineering drawings and other proprietary information? How does a company select individuals to whom proprietary information is disclosed? Does a company restrict outsider access to portions of its physical premises containing proprietary information? Does a company know what information is considered proprietary?
When auditing computer security the following questions are addressed: Does a company have any policies for limiting the transmission of proprietary information over the Internet? Does a company have a secure email system? What procedures has a company implemented for preventing terminated employees from absconding with sensitive computer files? Has the company implemented firewall systems to prevent access by outsiders to confidential information?
When auditing written security measures the following questions are considered: Does the company have any written procedures or policies for protecting the flow of sensitive paperwork within the enterprise? Does a company have employment agreements addressing ownership and use of proprietary information? Does the company have written agreements with its customers and suppliers regarding the treatment of its proprietary information? Does the company have an exit interview procedure which addresses the use of confidential information? Has the company provided a security manual to its employees? To what extent does a company need to disclose confidential information to its suppliers or customers? Does a company have more than one facility and if so to what extent is confidential information to be shared among facilities? What know-how (defined his knowledge the company has on how to make, market, distribute, or sell its products) does the company have? What is the nature of the company’s know-how and how is it disseminated within the company? To what extent does a company’s confidential information disseminated by email? To what extent does a company rely on patents versus trade secrets? Does the sale of the company’s products fully disclose any trade secrets used in making the products? Does the company impose any secrecy restrictions on its sales force in selling its products? Has the company been victimized by the loss of confidential information in the past? To what extent does the company rely upon confidential information provided by third parties? To what extent does a company encourage the free exchange of ideas among the employees to further its business objectives?