ISO 27001 Annex A 5.32 is about Intellectual Property Rights. That means you need to know and follow the rules about intellectual property that come from outside your organisation. You should put these rules into practice. These rules are things like laws, government regulations, and agreements you have made about intellectual property.
The standard covers things like the right to copy for programs and papers, as well as all official terms such as brand names, invention rights, and permits.
Table of contents
What is ISO 27001 Annex A 5.32?
The latest version of the ISO 27001 standard is ISO/IEC 27001:2022 (published in October 2022).
In the ISO/IEC 27001:2022 Standard the control is titled “Intellectual Property Rights”.
What is the ISO 27001 Annex A 5.32 control objective?
The formal definition and control objective in the standard is: “The organisation should implement appropriate procedures to protect intellectual property rights. “
What is the purpose of ISO 27001 Annex A 5.32?
The purpose of ISO 27001 Annex A 5.32 is “to ensure you comply with legal, statutory, regulatory and contractual requirements related to intellectual property.“
Is ISO 27001 Annex A 5.32 Mandatory?
ISO 27001 Annex A control 5.32 (Intellectual Property Rights in the 2022 standard) is not automatically mandatory in the same way the clauses in the main body of the standard (clauses 4 through 10) are.
The mandatory part of the standard requires you to consider ISO 27001 Annex A 5.32 and all other Annex A controls, but you have the flexibility to exclude it if it is not applicable to your organisation’s specific risks and context.
Key Parts of the Rule
To follow this rule, you should have clear plans and policies. Here are some important steps:
Intellectual Property Policy
You must agree upon and share a policy about protecting intellectual property rights. This is a topic-specific policy required for ISO 27001. A ready-made policy for intellectual property is included in the ISO 27001 Policy Pack.
Procedures for Intellectual Property
You need to create and follow steps and rules for obeying intellectual property laws. This includes how you use computer software. Your policy and steps will make sure you use only licensed software and products. You will also use them exactly as the intellectual property agreements say.
Software License Register
It is a good idea to keep a list of all the software you own and use, along with details about it. You should think about writing down the kind of license, when the license runs out, keeping a copy of the license, any limits of the license, how many copies you bought, and how many are currently being used, and by whom.
Software Use Reviews
Even though you have the list, you should also check regularly what you are actually using. You want to be sure you are using products that have a license. You also want to be sure you are not using more units than you bought licenses for.
Software Transfer and Disposal
You must have rules and steps in place for when you stop using or needing software. This also applies when software is moved between people or parts of your organization.
Software Terms and Conditions
You will, of course, follow the rules and conditions for the software and products you use.
Copyright
You must respect the law and the copyright of other people.
