Corporations serious about protecting their information assets must develop a comprehensive and sustainable preventive protection program for safeguarding proprietary information (SPI). The SPI program should be headed either by a full-time corporate information officer (CIO) or an information protection consultant.
The CIO would work with the company's SPI task force, comprised of the security manager, CIO, corporate counsel, and managers from research and development, data processing, records, communications, and human resources. An effective SPI policy covers many aspects of corporate operations, including employee awareness, document classification, office security, maintenance work, meeting rooms, quiet room, communications equipment, electronic mail, video encryption, corporate telephone exchanges, computer systems and laptop computers, trade shows and presentations, and foreign travel. The firm's technical surveillance policy also requires careful consideration in terms of employee training and equipment selection.