Electronics Manufacturing Plant Security Procedures Your ECM Must Use

You probably take plenty of steps to protect intellectual property at your OEM. But what about the other guys handling your sensitive secrets?

For many projects, one of the most important factors in choosing an electronics contract manufacturer is how it handles intellectual property (IP). The manufacturing plant security procedures your contractor enforces -- both physical and digital -- say a lot about the company’s commitment to customer success.

Here’s how and why a well-run electronics contract manufacturer (ECM) should address your concerns.

Why Is Using the Latest Manufacturing Plant Security Procedures Non-Negotiable?

Electronics are evolving at warp speed -- it’s no longer a shock to see something become obsolete in under 2 years. You and your competitors sink huge chunks of cash into R&D to make better, faster iterations at an increasingly rapid pace.

You put a lot into your IP. The consequences of a leaked patent or electronics design could be devastating, especially in sensitive industries like military & defense.

Properly developed standards assure the customer that its ideas are in capable hands.

The ECM’s Value (and Values)

Has your contract electronics manufacturer taken every possible measure to ensure product and data safety? If not, don’t be shocked when an aggressive competitor -- or country -- swoops in and you don’t have that crucial digital IP to yourself anymore.

An electronics contract manufacturer that specializes in IP protection is a step above its competitors because so much of the information you provide to it is proprietary. If a potential partner doesn’t have manufacturing security standards in place, it should be a conversation-ender. If the manufacturer does have practices and they aren’t airtight, you could be in big trouble.

Cybersecurity in manufacturing should include a proven change control process. The ECM should make zero changes to your IP without approval. In other words, the contractor can’t tweak the design to make its job easier without collaborating with you.

Auditing the ECM’s Capabilities

A great way to gauge an electronics contractor’s intellectual property security efforts is to see it in person. An on-site look at how the manufacturer does business can be eye-opening:

• Are visitors strictly vetted and monitored?
• Are documents, both physical and digital, stored away securely?
• Are documents labeled appropriately in terms of clearance?
• Do the ECM’s own employees require clearance to enter restricted areas?
  

For more information on Matric's capabilities, check out our capabilities and service guide below: 

Electronics IP Security at Matric Group

To further illustrate how secure your IP should be, consider the exhaustive steps we take to ensure IP safety throughout all stages of development.

• Outgoing portals through which we send testing, inspection, and certification documentation
• A secure network for incoming information
• Use of protected programs (i.e. office 365)
• Your data is backed up every 15 minutes
• No external (outside-the-office) access to any IP-related data

When you’re making that in-person visit, you should watch for additional on-site, physical procedures like those at Matric/Dynamic:

• The ECM system is password-protected and ITAR-controlled.
  
• No drawings or other sensitive materials are left lying around. ITAR assemblies that aren’t currently being worked on are covered so nobody can see the drawings, designs, etc. Every paper that’s no longer needed is shredded.
• Visitors are closely monitored, both U.S. and non-U.S. citizens. If clearances are not assigned, visitors must wear a bright-red label with a picture on it if they’re ITAR-restricted visitors. They also have to wear a special visitor’s jacket. All visitors have to sign in and out. No cellphones or cameras are allowed.
  
  

Future Manufacturing plant security procedure Improvements

Since hackers and secret-stealers are always upping their game, it’s on your electronic manufacturing services provider to keep evolving, too.

Here are a few of the ways we do that:

• Pushing more use of ingoing portals by customers. Sending IP data to us by portal is always safer than by email.
  
  
• Integrating more of our document-tagging capabilities. Using tags like “can’t be printed,” “can’t be emailed,” and “can’t be copied” ensure that as few people as possible see your design.
  
  
• DFARS compliance. DFARS helps us keep in line with your military specs.

We are constantly researching, implementing, and updating processes to keep your information safe and secure.

Fully Capable, Fully Prepared

If you’re a Class 2 or Class 3 electronics maker with a sensitive project, scope out your potential partners’ security standards. Not only should your ECM have perfected its information security standards, but it also should be staying ahead of future challenges.

If you have additional questions about the range of services and capabilities an ECM should offer, grab the free download below:

(Editors Note: This article was originally published in November 2019 and was updated in September 2021 to reflect industry changes and new information.)