Licensing and Protecting Key Information During the Sourcing Cycle
This blog post was derived from a presentation given by Matt McLoughlin, Sr. VP, Compliance & Categories, at Scientist.com during a Learning Lab session put on by the Sourcing Industry Group.
You may be thinking, “of course it is important to protect your information” but have you ever wondered what types of information are most sensitive? Before we address that question, let’s begin by explaining what we mean by ‘information.’ The word’s definition can vary from business to business, but for the sake of this blog, we will refer to it as critical information relating to your business; for example, financial records, intellectual property (IP), copyrights, patents, internal trade secrets, etc. Essentially, it is the reason customers want to work with you and investors want to invest; information gives your business value, which is why protecting it is so crucial.
Now that we have covered the groundwork on what information is and why it is so important to protect it, we can move onto how you can protect your information. We will be focusing on the contractual protections available in three core areas.
The first area is employee and contractor agreements. If you take on a contractor or employee, it is critical that you ensure any work they do for you and the associated IP is owned by you, not them. This must be done before involving prospective employees and contractors in any projects to avoid costly issues down the road.
The next area is pre-contract. You want to ensure that if your internal stakeholders engage with external third parties, they are aware of the risks to your information. To prevent this, establish a Confidentiality or Nondisclosure Agreement ( “CDA” or ”NDA”) with the third party prior to sharing critical information. It is also important that you determine your position on key terms related to the engagement in case it progresses to a formal relationship.
Lastly, we have the primary agreement. Prior to work commencing you must put in place an agreement to protect your information and establish those key terms defined pre-contract to ensure your organization can realize the full benefit of the engagement.
We will now go more in-depth about some aspects of the Pre-contract area:
Different types of CDAs/NDAs should be considered to ensure they reflect the flow of information. Consider whether your company will be the only ones sharing confidential info or if both parties will. This will determine whether a one-way or mutual CDA is entered into. If a third party or more are involved, you will need an agreement between all parties.
Tip: If you don’t need to receive confidential information, it is arguably best not to. If you do, you will be obligated to protect it, and if you don’t, there could be major impacts since the liability around a confidentiality breach is typically not capped.
Here are some points to address when creating a CDA/NDA:
- Ensure that the information you disclose is protected by all parties
- Define the length of confidentiality
- What happens upon termination - delete, destroy, return, keep one copy, etc.?
- Determine jurisdiction and governing law
- Permitted access - consider who from the external party needs to have access
- Permitted disclosure - where required by law is standard but are any other disclosures permitted
- Avoid the requirement to mark things as confidential unless absolutely necessary.
Make sure stakeholders are aware of the CDA/NDA and properly trained in order to add an additional level of protection to your information. Remember, just because you have a CDA/NDA doesn’t mean you have to share information. Only share the bare minimum that is required for success.
One of the other major positions that must be defined prior to a formal engagement is the IP position. You need to determine who owns the background IP and associated improvements and who owns the foreground IP. Ensure that the owner of the results can freely exploit the results (or an alternative negotiated position if required). Ask yourself if you need to file any patents, trademarks, etc.
On a similar note is the topic of licenses. A license essentially provides you with guidance on what you can or can’t do or what you will allow someone else to do with the relevant IP. Some of the key questions include:
- Do you require licenses to provide from other third parties, and what restrictions or obligations does that license include that you need to protect?
- Do you need to own the product and license it to the other party?
- If the other party owns, do you need a license back to continue providing to others?
Areas to Consider in the Primary Contract
A few other areas to consider (this list is certainly not exhaustive) regarding the primary agreement with the third party; these are based on the view of someone purchasing vs. providing:
- Assignment: ensure that the other party is assigning you all required rights in that agreement and further assurance wording that they will enter into any documents/act needed to perfect that ownership or assistance, for example, in patent registration.
- 3rd party rights: include wording that the other party has all right, title and interest in everything it needs to perform the services and indemnifies for third party claims.
- Material Transfer: make sure there is governance around who is transferring material (physical, electronic, verbal) out of the company and get required permissions before transfer.
- Confidentiality & Publication: Consider what was agreed as part of the CDA and update (if required) to be appropriate for the full engagement. Also, do you want to have a right to publish?
Finally, as mentioned earlier – contracts are critical to protect your organization – they are there to fall back on when things go wrong, and ideally you never need to, as when you do, it means some difficult and usually expensive discussions. As such, prevention is better than a cure, so we’d always recommend ensuring the correct teams are engaged early and individuals responsibilities are clearly communicated in advance and relevant stakeholders are trained on a regular basis about their roles and responsibilities.
How Scientist.com Addresses Challenges in Sourcing
- Analyze: Our platform enables a pharmaceutical company to communicate to their employees who they can use to outsource and for what purpose. We also provide pre-selection tools to our users to compare and contrast suppliers to identify the best possible supplier for their project.
- Execute: The platform enables users to send out requests to individual or multiple companies for quotes, receive those back governed by a pre-negotiated agreement, compare side by side then select.
- Evaluate: We provide access to enhanced metrics on supplier performance through the platform, and each organization can capture confidential feedback from users on supplier performance to help their colleagues in their decision making process.
- Assess: We also provide support directly to procurement on the overall relationship with a specific supplier through the marketplace to help them identify strategically important suppliers where they may want to develop a closer relationship. It also enables them to conduct an evaluation of the entire market as they can utilize our platform features to capture key information on new suppliers (such as new innovative solutions) prior to engagement to determine the future strategy.
Scientist.com looks to proactively address risk so that when a company works through our platform they know they are fully protected. Furthermore, our clients can also increase their access to suppliers and innovation while simultaneously decreasing indirect costs associated with contract management. This combination is one of the key reasons that we are now used by the majority of top pharma and have over 100 biotechs accessing services and products on our platform.