GOV-015 Intellectual Property Rights Management
Description
Procedures are implemented to protect intellectual property rights, including software licensing compliance, tracking of licensed assets in use, and controls preventing unauthorized reproduction or distribution of copyright-protected material.
Rationale
Non-compliance with intellectual property obligations exposes the organization to legal and financial liability. Documented procedures ensure licensing obligations are tracked and met.
Framework Mappings (3)
| EU-AI-Art.53.3 | GPAI Model Obligations — Copyright Compliance Policy | partial |
| 5.32 | Intellectual property rights | full |
| GOVERN 6.1 | Third-Party AI Risk Policies | partial |
Evidence (2)
Software license inventory listing all licensed software in use, with license type, entitlement count, actual usage count, and renewal dates.
Example: Software Asset Management register (Zylo / Torii / spreadsheet), showing: software name, vendor, license type, number of licenses purchased, number of licenses in use, and next renewal date.
Test: Request the software license inventory. Verify: (1) all commercial software deployed in the organization is listed, (2) entitlement and usage counts are present and usage does not exceed entitlement, (3) renewal dates are tracked and no licenses are operating past expiry, (4) the inventory was reviewed within the last 12 months.
Intellectual property rights management procedure covering software license compliance, prohibition on unauthorized copying, and obligations for AI-generated or third-party content.
Example: IP Rights Management Procedure or Acceptable Use Policy section (Confluence), including: software procurement process, prohibition on unlicensed software installation, process for flagging and resolving license non-compliance, and acknowledgement requirement for personnel.
Test: Request the IP rights management procedure. Verify: (1) software license compliance obligations are stated, (2) prohibited actions (unauthorized copying, piracy) are defined, (3) a process for identifying and remediating non-compliance is described, (4) the document has been approved and distributed within the last 12 months.
Questions (2)
Does your organization maintain a software license inventory that tracks licensed software in use, entitlement counts, and renewal dates?
The inventory should show that usage does not exceed entitlement and that no licenses are operating past expiry.
Does your organization have a documented procedure that prohibits unauthorized software installation and defines how licensing non-compliance is identified and remediated?
The procedure should cover prohibited actions (unauthorized copying, use of unlicensed software), the process for flagging violations, and acknowledgement requirements for personnel.