Protecting Intellectual Property
u-blox has invested over CHF 1 billion in our core IP over the last 15 years. Our intellectual property (IP), which includes patents, trademarks, copyrights, and trade secrets, comprises some of our most valuable assets. We treat it extremely carefully to protect our market position and competitive advantage. Moreover, we invest heavily in growing this IP portfolio every year, with more than 20% of our revenue dedicated to R&D to generate a constant flow of innovation. Equally important, we respect the intellectual property rights of others. We are willing licensees to standard essential patents (SEPs).
Digital and physical security
Our company-wide security function, led by our Corporate Security Management team, utilizes our Information Security Management System aligned with ISO/IEC 27001 and Common Criteria (ISO/IEC 15408) requirements. In addition, specialized security experts and other stakeholders from across our business are responsible for the security of our physical sites worldwide, as well as our information systems, products, and services. The Executive Committee reviews and steers the security status and activities in the quarterly Corporate Security Steering meeting. The company has an information security training program annually. The Board of Directors receives a quarterly Cyber Security Report. The company does not have an information security risk insurance policy.
Protecting Data Privacy
u-blox does not collect or use sensitive personal data for business purposes. u-blox complies with applicable data privacy laws. Particular attention is given to ensuring compliance with regard to the collection of personal data of our employees. We protect this data per the policies and procedures in our Information Security Management System (ISMS).
Designing secure products
To protect our customers – and theirs – against the many and varied threats their devices and data face in the connected world, it is our responsibility to create secure products. This means designing for security from the start.
IoT security is complex, fast-moving, and multi-faceted. Addressing it demands a sophisticated, multi-pronged approach. Security is built into our products. u-blox has established product standards based on industry requirements and best practices to form a foundation for building new generations of secure devices. Our internal network of Security Champions within the development teams enables us to provide secure products that fulfill these requirements.
We are continuously monitoring security requirements in critical markets such as Operational Technology (OT) and Automotive. Furthermore, we actively adopt requirements from emerging regulations, such as UN ECE R.155 or the EU Cybersecurity Act, and industry standards, such as ISO/SAE 21434.
In 2020, we signed the GSM Association (GSMA) Digital Declaration, a set of aspirational principles to guide activity in the digital age to build a sustainable and secure digital future.
Through our collaboration with digital security leader Kudelski Group, we are incorporating premium-grade security, including robust encryption key management, into our latest range of cellular products.
Proactive Security Monitoring, Testing & Threat Intelligence
To identify threats and vulnerabilities, we systematically engage a 3rd party SOC for 24/7 security monitoring, and our in-house Red Team of security analysts. Furthermore, we collaborate with independent security researchers to test our products and IT infrastructure.
Additionally, we run an invite-only Bug Bounty on selected customer services, and we have a Responsible Disclosure Policy in place to enable individuals or organizations to report product and service vulnerabilities to us.