By Greg Papandrew, Cofounder of DirectPCB
There’s a gaping hole in the system most commercial EMS and OEM companies have developed to protect the intellectual property (IP) of their customers.
It never ceases to amaze me the number of times I have received an email from a customer requesting a quote for a printed circuit board (PCB), only to discover attached to the email not only the Gerber file(s) for that PCB, but also the assembly drawing, the bill of material, and the schematic drawing for the entire product.
Companies in our industry often take a number of steps to protect customer IP. They require signed non-disclosure agreements for all involved in the manufacture of their PCBs. They verify the identity of any visitors to their secured U.S. manufacturing facilities and require them to be escorted while there. They may ban cell phones or any other devices that could be used to record inside those facilities.
But before doing all that, they may have already exposed everything with an email.
I make it no secret that the vendors I recommend for PCB manufacture are based in Asia. Yet routinely, without any precautions, all the information required to build a particular product is emailed to me and to my team, which is located on the other side of the world.
I don’t know whether to laugh or cry.
Is it any wonder the theft of intellectual property is such a pressing problem, in our industry as well as in many others?
It’s not necessarily the fault of PCB buyers or program managers. With everything converted to bits of data and the number of purchasing personnel greatly reduced, buyers and program managers may not get the same opportunities to understand the end products they are producing and who they’re producing them for. And they may not even understand the circuit boards they’ve been tasked with buying.
While buyers may have received cursory training in protecting customer IP, many still simply forward files to overseas PCB vendors, not realizing what they’re doing.
In other words, they don’t know any better because they lack the knowledge needed to review PCB fab specs themselves. Unfortunately, custom-made PCBs have come to be viewed as just another commodity that does not require specialized training, and concern for IP protection (at least in the quoting phase) has often gone by the wayside.
The same lack of understanding often surfaces in orders for military and ITAR PCBs, where the consequences for mishandling information can be dire, including fines, vendor disqualification, and lost revenue. In many cases, sensitive documents related to military and ITAR orders are not clearly marked.
So how do OEM and EMS companies plug that gaping hole in customer IP protection?
It begins with the sales department. You need a documented discussion with your customers about which information needs protection and which does not. This documented discussion should be required reading for buyers and program managers.
Avoid the temptation to label every aspect of a project as intellectual property (when it’s not actually necessary), as that will make it harder for your quoting and manufacturing teams to function in a timely manner.
Your organization also needs a designated department (usually engineering or quality) with the ability to review all customer files (electronic and hard copy) and determine which information needs IP protection and which does not. This department should label protected documents with an easily recognizable code or prefix, making it clear to all personnel that the information contained therein is confidential and is not to leave your facility without the appropriate precautions.
Having such a department assigned the responsibility of designating protected customer IP makes it easier for your quoting and purchasing teams. They can focus on doing their jobs while your customers (and your management personnel) can rest easy knowing information is being properly handled.
PCB buyers today seem to be responsible for the acquisition of everything from HDI boards to cable assemblies to, sometimes, even the office toilet paper. Unfortunately, most have been given only on-the-job training for their wide-ranging responsibilities. This is often inadequate to the task.
EMS and OEM firms, especially those which tout their ISO certification and supply chain prowess, should provide professional corporate training to ensure their procurement departments are not inadvertently releasing unsecured information that could be harmful to their customers and to their own bottom lines.
Need help with your PCB purchasing? Reach out to me at email@example.com.