In this article I lay bare ISO 27001 Annex 5.32 Intellectual Property Rights.

Using over two decades of experience on hundreds of ISO 27001 audits and ISO 27001 certifications I am going to show you what’s new, give you templates, an ISO 27001 toolkit, show you examples and do a walkthrough.

In this ISO 27001 certification guide I show you exactly what changed in the ISO 27001:2022 update. 

I am Stuart Barker the ISO 27001 Ninja and this is ISO 27001 Annex 5.32 Intellectual Property Rights.

What is ISO 27001 Annex A 5.32 Intellectual Property Rights?

ISO 27001 Annex A 5.32 Intellectual Property Rights is an ISO 27001 control that wants you to understand external requirements on you from intellectual property and implement them. Specifically it is concerned with legal, regulatory, statutory and contractual requirements for intellectual property.

What is the purpose of ISO 27001 Annex 5.32?

The purpose of ISO 27001 Annex A 5.32 Intellectual Property Rights is to ensure you comply with legal, statutory, regulatory and contractual requirements related to intellectual property.

Organisations should have a clear understanding of their obligations when it comes to intellectual property in its many forms and make sure that they adhere to those requirements.

What is the definition of ISO 27001 Annex 5.32?

The ISO 27001 standard defines ISO 27001 Annex A 5.32 Intellectual Property Rights as:

The organisation should implement appropriate procedures to protect intellectual property rights.  

ISO 27001:2022 Annex A 5.32

DO IT YOURSELF ISO27001

STOP SPANKING £10,000s

ISO 27001 Annex A 5.32 Intellectual Property Rights Implementation Guide

Annex A 5.32 requirements are to understand and record the requirements on intellectual property from any legal, statutory, regulatory or contractual requirements. We need to protect anything that might be considered intellectual property.

Intellectual property topic specific policy

Having an ISO 27001 topic specific policy that is agreed and communicated on the protection of intellectual property rights. A prewritten topic specific policy on intellectual property is part of the ISO 27001 Policy Pack.

Procedures for intellectual property

You will develop and implement procedures and processes that deal with the compliance of intellectual property and that includes the use of software. Your policy and procedures will ensure that only licensed software and products are used and they are used in line with the intellectual property agreements.

Software license register

It is best practice to hold a register of all the software that you have and use and to record information related to it. You will consider recording the type of license, the license expiry, holding a copy of the license, any limitations of the license, how many copies you have purchased, how many are actually used and by whom.

Software use reviews

You will have the register but you should also perform periodic reviews of what you are actually using. You want to be sure you are using licensed products and that not exceeding any license units purchased.

Software transfer and disposal

You will have in place processes and procedures for when you no longer use or need software or when it is transferred between users and entities.

Software Terms and Conditions

It goes without saying that you will comply with the terms and conditions of the software and products that you are using.

You will respect the law and the copyright of others.

What does intellectual property include?

The standard includes copyright for software and documents as well as all legal terms such as trademarks, patents, licenses.

ISO 27001 Intellectual Property Rights Templates

Having an ISO 27001 template for control 5.32 can help fast track your implementation. The ISO 27001 Document Toolkit is a the ultimate resource for your ISO 27001 implementation including all the documents and templates that you need for Annex A 5.32. As always, we recommend that you should seek legal advice.

What are the Benefits of ISO 27001 Intellectual Property Rights?

Other than your ISO 27001 certification requiring it, the following are the top 5 benefits of ISO 27001 Annex A 5.32 Intellectual Property Rights: 

  1. You cannot get ISO 27001 certification without it.
  2. Improved security: You will have an effective information security implementation that meets your external requirements for law, regulation, statute and contracts
  3. Reduced risk: You will reduce the information security risks of not meeting external requirements and obligations
  4. Improved compliance: Standards and regulations require you to meet your external requirements
  5. Reputation Protection: In the event of a breach having an effective legal, regulatory, statutory and contract process in place will reduce the potential for fines and reduce the PR impact of an event

Why are ISO 27001 Intellectual Property Rights important?

By putting in procedures and addressing intellectual property requirements we seek to ensure that the business remains compliant with any intellectual property or copyright requirement. This includes mitigating the risk that employees may breach the requirements.

Matrix of ISO 27001 Controls and Attribute values

Control typeInformation
security properties
Cybersecurity
concepts
Operational
capabilities
Security domains
PreventiveAvailabilityIdentifyLega and complianceGovernance and EcoSystem
Confidentiality
Integrity