Supervision & Control Framework

1.  Purpose

The purpose of this Supervision & Control Framework (“Framework”) is to establish a comprehensive governance, supervision, risk management, compliance, and internal control structure for USA IP Research and Education Institute(“Company”).

 

The Framework is designed to:

Protect the integrity of the Company’s IP research activities.

Ensure compliance with applicable U.S. federal, state, and international regulations.

Prevent fraud, misconduct, conflicts of interest, and unauthorized disclosures.

Safeguard client confidential information and proprietary research.

Promote ethical business conduct and accountability.

Support sustainable business operations and corporate governance.

 

2. Scope

This Framework applies to:

CEO

Directors

Employees

Contractors

Consultants

Volunteers

Third-Party Service Providers

Research Partners

 

The Framework covers all business activities including:

IP Research；

Patent Landscape Analysis；

Patentability Studies

Trademark Research；

Freedom-to-Operate Reviews；

Technology Intelligence Reports；

Competitive Intelligence Activities；

Client Advisory Services；

Data Processing and Information Management

 

3. Governance Structure

3.1 Board Oversight

The Board of Directors (or equivalent governing authority) shall oversee:

Strategic direction；

Risk management；

Compliance monitoring；

Financial oversight；

Ethical conduct

 

The Board shall review critical risk reports at least annually.

3.2 CEO Responsibility

The CEO (Maggie) is ultimately accountable for:

Corporate governance；

Internal control effectiveness；

Compliance culture

Risk management implementation；

Ethical standards enforcement

Implement internal controls；

Monitor operational risks；

Escalate significant incidents；

Conduct periodic reviews；

Maintain documentation

 

The CEO shall ensure adequate resources are allocated to supervision and control functions.

 

4. Risk Management Framework

4.1 Risk Identification

The Company shall identify risks including:

Operational Risks；

Research errors；

Inaccurate analysis;

Project delivery failures

Vendor failures;

Legal Risks;

IP infringement;

Contract disputes

Regulatory violations;

Information Security Risks;

Data breaches

Unauthorized access;

Cybersecurity incidents;

Reputational Risks;

Misrepresentation

Client complaints;

Ethical misconduct;

Financial Risks

Fraud;

Misappropriation of assets;Revenue concentration

 

4.2 Risk Assessment

Risks shall be evaluated according to:

Likelihood;

Impact;

Detection capability;

Control effectiveness;

A risk register shall be maintained and reviewed at least annually.

 

5. Internal Control System

5.1 Segregation of Duties

Where practical, responsibilities shall be separated among:

Research;

Review;

Approval;

Payment Authorization;

Financial Recording

No individual shall control all stages of a critical transaction.

 

5.2 Approval Controls

The following activities require management approval:

Client onboarding;

High-risk engagements;

Vendor selection;

Contracts Data-sharing agreements

 

5.3 Documentation Controls

All critical business activities shall be documented.

Records must include:

Research files;

Client communications;

Contracts; Compliance reviews;

Risk assessments

Retention periods shall comply with legal and contractual obligations.

 

6. Compliance Program

6.1 Regulatory Compliance

The Company shall comply with applicable laws and regulations, including:

U.S. IP laws;

Privacy and data protection laws;

Export control regulations;

Anti-corruption laws;

Employment laws

 

6.2 Ethics and Conduct

Employees must:

Act honestly and professionally;

Avoid conflicts of interest;

Protect confidential information;

Maintain objectivity in research

 

Any violation may result in disciplinary action.

 

6.3 Conflict of Interest Management

Employees shall disclose:
Personal interests;

Financial interests;

Family relationships;

Outside employment;

Potential conflicts shall be reviewed and documented.

 

7. Client Due Diligence

Prior to engagement, the Company shall:

Verify client identity;

Assess business legitimacy;

Evaluate reputational risks

Review sanctions exposure where applicable

Enhanced due diligence shall be performed for high-risk clients.

 

8. Information Security Controls

8.1 Access Management

Access to systems shall be:

Role-based;

Authorized;

Periodically reviewed

8.2 Confidential Information Protection

Confidential information shall be:

Classified;

Restricted;

Securely stored;

Protected from unauthorized disclosure

 

8.3 Cybersecurity

The Company shall maintain:

Multi-factor authentication;

Endpoint protection;

Backup procedures;

Incident response capabilities

 

9. Research Quality Assurance

9.1 Review Procedures

Significant research reports shall undergo:

Peer review;

Technical validation;

Management review;

before client delivery.

 

9.2 Quality Control Standards

Research outputs shall be:

Factually supported;

Properly sourced;

Objectively presented;

Free from intentional bias

 

10. Monitoring and Supervision

10.1 Ongoing Monitoring

Management shall monitor:

Project performance;

Compliance adherence;

Information security

Client satisfaction

 

10.2 Internal Reviews

Periodic reviews shall assess:

Control effectiveness;

Risk management processes;

Compliance performance

Findings shall be documented and remediated.

 

11. Incident Reporting

Employees shall promptly report:

Fraud;

Security incidents;

Data breaches;

Ethical concerns;

Regulatory violations

Reports may be submitted confidentially.

Retaliation against whistleblowers is prohibited.

 

12. Third-Party Oversight

The Company shall evaluate third parties based on:

Competence;

Reputation;

Security practices;

Legal compliance;

Third-party performance shall be periodically reviewed.

 

13. Training Requirements

All personnel shall receive periodic training covering:

Ethics;

Information security;

Confidentiality;

Intellectual property compliance;

Internal controls;

Training records shall be maintained.

 

14. Audit and Review

The Company may conduct:

Internal audits;

Compliance reviews;

Risk assessments

Independent evaluations;

Management shall implement corrective actions where necessary.

 

15. Enforcement

Violations of this Framework may result in:

Corrective action;

Suspension;

Termination of employment or engagement;

Legal action where appropriate

 

16. Annual Review

This Framework shall be reviewed at least annually by management and approved by the CEO.

 

 

Approved By:

Maggie Bi Stanaway

 

CEO/Chairman

USA IP Research and Education Institute                                Date: 03/26/2023