Trade Secrets Risk Assessment Calculator for China Operations
Quick Navigation
- About This Tool
- How the Risk Score Is Calculated
- Section 1: Business Exposure Factors
- Section 2: Security Posture Assessment
- Section 3: Employee and Access Risks
- Section 4: Legal and Compliance Preparedness
- Section 5: Third-Party and Supply Chain Risks
- Complete Scoring and Risk Matrix
- Recommended Actions by Risk Level
1. About This Tool
The Trade Secrets Risk Assessment Calculator is a structured diagnostic tool designed specifically for foreign companies operating in China. It enables organizations to systematically evaluate their exposure to trade secret misappropriation, assess the effectiveness of their existing protection measures, and prioritize remediation actions based on objective, quantifiable criteria.
Unlike generic risk assessment frameworks, this calculator is calibrated for the specific legal, cultural, and operational realities of the China market. It takes into account China’s Anti-Unfair Competition Law requirements, the burden-shifting provisions of Article 32, common employee mobility patterns, and the unique risks associated with Chinese supply chains and joint venture arrangements.
2. How the Risk Score Is Calculated
The assessment is divided into five sections, each addressing a distinct dimension of trade secret risk. Each section contains multiple questions scored from 0 to 4, where higher scores indicate higher risk (i.e., greater exposure or weaker protections).
| Section | Weight | Max Score | Focus Area |
|---|---|---|---|
| 1. Business Exposure Factors | 25% | 20 | Nature of your trade secrets and competitive landscape |
| 2. Security Posture | 25% | 20 | Physical and digital security measures in place |
| 3. Employee & Access Risks | 20% | 16 | Workforce-related vulnerabilities |
| 4. Legal & Compliance Preparedness | 15% | 12 | NDA and contract coverage |
| 5. Third-Party & Supply Chain Risks | 15% | 12 | External party exposures |
| Total | 100% | 80 | Overall Risk Score |
The Overall Risk Score is calculated as the sum of all section scores. Based on the total, the organization is placed into one of four risk tiers:
| Score Range | Risk Level | Interpretation |
|---|---|---|
| 0–16 | Low Risk | Well-protected. Continue monitoring and annual review. |
| 17–32 | Moderate Risk | Generally adequate but some gaps requiring attention. |
| 33–48 | High Risk | Significant vulnerabilities. Urgent action needed. |
| 49–80 | Critical Risk | Severe exposure. Immediate comprehensive remediation required. |
3. Section 1: Business Exposure Factors (25% Weight)
Q1.1 — Nature of Trade Secrets
Question: How easily could your core trade secrets be reverse-engineered if a competitor obtained them?
- 0: Secrets are documented process knowledge that is very difficult to reverse-engineer or use without extensive tacit knowledge
- 1: Secrets combine technical and commercial elements; moderately difficult to exploit without additional background
- 2: Secrets are technical specifications or designs that could be replicated with moderate effort
- 3: Secrets are directly replicable (e.g., source code, chemical formulae, customer lists with pricing)
- 4: Secrets are digital assets that can be copied instantly and used with no additional investment
Q1.2 — Competitive Value and Impact
Question: What would be the business impact if your core trade secret was disclosed to your top competitor in China?
- 0: Minimal impact — the trade secret has limited competitive differentiation value
- 1: Minor impact — competitor would gain marginal advantage
- 2: Moderate impact — competitor would gain meaningful advantage; some revenue at risk
- 3: Major impact — significant revenue and market share at risk (10-25% of China revenue)
- 4: Critical impact — the China business would be materially impaired or become non-viable
Q1.3 — Competitive Dynamics in China
Question: How intense is the competitive pressure from Chinese companies in your industry?
- 0: Very low — no direct Chinese competitors in your space
- 1: Low — a few Chinese competitors but with different technology approaches
- 2: Moderate — several Chinese competitors actively competing for the same market
- 3: High — Chinese competitors are rapidly catching up and actively seeking technology transfer
- 4: Very high — Chinese competitors are aggressively pursuing your technology through all means including talent poaching
Q1.4 — Operational Footprint in China
Question: How extensive is your physical and personnel footprint in China?
- 0: No physical presence — only exports to China (lowest exposure)
- 1: Sales office only, no R&D or manufacturing
- 2: Manufacturing or distribution facility with local employees but no local R&D
- 3: R&D centre or joint venture with Chinese partner involving technology transfer
- 4: Full operations including R&D centre, manufacturing, and extensive local workforce
Q1.5 — Regulatory Sensitivity
Question: Is your technology or data subject to China’s technology export controls or data security regulations?
- 0: No — your technology is not in any restricted category
- 1: Minimal — minor regulatory touchpoints only
- 2: Moderate — some technology categories may be subject to review
- 3: Significant — technology is on the China Technology Export Control List (Catalogue of Technologies Prohibited or Restricted from Export)
- 4: Critical — operating in a sensitive sector (defence, AI, semiconductors, biotechnology) with active regulatory scrutiny
Section 1 Subtotal: ____ / 20
4. Section 2: Security Posture Assessment (25% Weight)
Q2.1 — Digital Access Controls
Question: How comprehensive are your digital access controls for trade secret information?
- 0: Role-based access control with multi-factor authentication, full audit logging, and automated access revocation
- 1: Role-based access control with audit logging but manual access reviews
- 2: Basic password protection with shared folders; limited access control granularity
- 3: Minimal access controls — most employees can access most information
- 4: No systematic access controls — information is freely accessible across the organization
Q2.2 — Physical Security
Question: What physical security measures protect areas where trade secrets are stored or used?
- 0: Comprehensive — locked areas, access card systems, CCTV, visitor logs, clean desk policy, secure destruction of documents
- 1: Good — most areas secured but with some gaps in visitor management or document disposal
- 2: Moderate — some security measures but inconsistent implementation across locations
- 3: Minimal — basic locks and keys only; no systematic physical security programme
- 4: None — no physical security measures in place to protect confidential information
Q2.3 — Cybersecurity Measures
Question: What cybersecurity measures are in place to prevent data exfiltration?
- 0: Enterprise-grade DLP (Data Loss Prevention) system, endpoint protection, network monitoring, email filtering, and USB device control
- 1: Partial DLP with monitoring of certain channels; basic endpoint protection
- 2: Standard antivirus and firewall; no DLP or data exfiltration monitoring
- 3: Minimal cybersecurity — basic firewall only
- 4: No dedicated cybersecurity measures
Q2.4 — Evidence Preservation Readiness
Question: How prepared are you to preserve digital evidence in the event of a suspected breach?
- 0: Pre-established forensic readiness plan with retained forensic experts, documented procedures, and tools in place
- 1: Established incident response plan but primarily focused on IT security rather than legal evidence preservation
- 2: Basic incident response plan but no forensic preservation procedures
- 3: No formal plan — reactive approach with significant risk of evidence loss
- 4: No awareness or preparation for digital evidence preservation
Section 2 Subtotal: ____ / 20
5. Section 3: Employee and Access Risks (20% Weight)
Q3.1 — Employee Turnover Rate in Sensitive Roles
Question: What is the annual turnover rate among employees with access to trade secrets?
- 0: Below 5% — very stable workforce in sensitive positions
- 1: 5–10% — moderate turnover
- 2: 10–20% — elevated turnover indicating some retention risk
- 3: 20–30% — high turnover suggesting significant knowledge leakage risk
- 4: Above 30% — critical turnover; near-certain likelihood of systematic leakage
Q3.2 — Offboarding Process Rigour
Question: How thorough is your employee offboarding process?
- 0: Comprehensive offboarding — exit interview, return of all company property (laptop, documents, access cards), immediate IT access revocation, signed confirmation of ongoing confidentiality obligations, and post-exit monitoring
- 1: Good — most elements present but with some gaps in monitoring or documentation
- 2: Moderate — access revoked and property returned but no formal exit interview or confidentiality reminder
- 3: Minimal — access revoked eventually but no systematic property return verification
- 4: None — employees leave without any offboarding procedures
Q3.3 — Non-Compete and NDA Coverage
Question: What percentage of employees with access to trade secrets are covered by enforceable NDAs and non-compete agreements?
- 0: 100% — all employees have signed China-compliant NDAs and non-competes with ongoing compensation arrangements
- 1: 80–99% — most covered but with some gaps
- 2: 60–79% — majority covered but significant portion not contractually bound
- 3: 30–59% — less than half of at-risk employees covered
- 4: Less than 30% or no agreements in place
Q3.4 — Training and Awareness
Question: How frequently and comprehensively are employees trained on trade secret protection?
- 0: Annual mandatory training with testing, plus targeted training for high-risk roles; training records maintained
- 1: Occasional training (every 2–3 years) and new-hire orientation includes IP basics
- 2: New-hire orientation only, no ongoing training
- 3: Ad hoc training with no structured programme
- 4: No training on trade secrets or confidentiality
Section 3 Subtotal: ____ / 16
6. Section 4: Legal and Compliance Preparedness (15% Weight)
Q4.1 — NDA Programme Maturity
Question: How mature is your NDA programme for China operations?
- 0: Comprehensive programme with bilingual NDAs, centralized registry, automated renewal tracking, and regular legal compliance review
- 1: Functional programme with bilingual NDAs and registry but less automation
- 2: Basic NDAs but limited tracking or compliance review
- 3: Ad hoc NDA use — some NDAs in place but no systematic programme
- 4: No China-specific NDAs in use
Q4.2 — Reasonable Protection Measures Documentation
Question: How well-documented are your reasonable protection measures (as required by AUCL Article 32)?
- 0: Comprehensive documentation — trade secret register, security policies, access control records, training attendance, NDA register, and incident logs all systematically maintained
- 1: Good documentation — most records kept but with some gaps in systematic organization
- 2: Basic documentation — some records exist but not comprehensive or easily accessible
- 3: Minimal documentation — little evidence of protection measures beyond basic NDAs
- 4: No documentation — no systematic records of any protection measures
Q4.3 — Legal Counsel Readiness
Question: Do you have established relationships with China-based legal counsel experienced in trade secret litigation?
- 0: Retained counsel with proven trade secret litigation experience; pre-agreed engagement terms in place
- 1: Established relationship with IP-focused law firm but no specific trade secret retainer
- 2: General counsel relationship with a law firm that has IP capabilities
- 3: No established China legal counsel — would need to engage urgently
- 4: No awareness of how to find or engage China trade secret counsel
Section 4 Subtotal: ____ / 12
7. Section 5: Third-Party and Supply Chain Risks (15% Weight)
Q5.1 — Third-Party Access to Trade Secrets
Question: How many third parties (suppliers, contract manufacturers, consultants, distributors, agents) have access to your trade secrets?
- 0: None — all operations are in-house with no third-party access to confidential information
- 1: 1–3 third parties with very limited access to non-core information
- 2: 4–10 third parties with some accessing core trade secrets
- 3: 10–25 third parties — significant supply chain exposure
- 4: More than 25 third parties or reliance on Chinese partners for core technology development
Q5.2 — Third-Party Security Verification
Question: How thoroughly do you vet and monitor third parties for trade secret protection capabilities?
- 0: Comprehensive — security questionnaires, on-site audits, contractual security obligations, and periodic re-verification
- 1: Good — security questionnaires and some audits for high-risk vendors
- 2: Moderate — contractual security obligations but no verification or audit
- 3: Minimal — NDAs in place but no security vetting
- 4: None — no vetting or contractual protection for third-party trade secret access
Q5.3 — Joint Venture/Partnership Risk
Question: Do you operate through joint ventures or strategic partnerships where technology is shared with a Chinese entity?
- 0: No JV or partnership — wholly-owned operations only
- 1: Partnership with limited technology sharing (e.g., distribution or sales only)
- 2: Technology licensing to a Chinese entity with clear contractual boundaries
- 3: Joint venture with IP ring-fencing provisions and shared governance
- 4: Joint venture with full technology sharing and limited IP protection mechanisms
Section 5 Subtotal: ____ / 12
8. Complete Scoring and Risk Matrix
Score Summary Worksheet
| Section | Your Score | Max |
|---|---|---|
| 1. Business Exposure | ____ | 20 |
| 2. Security Posture | ____ | 20 |
| 3. Employee & Access Risks | ____ | 16 |
| 4. Legal & Compliance | ____ | 12 |
| 5. Third-Party & Supply Chain | ____ | 12 |
| Total Risk Score | ____ | 80 |
9. Recommended Actions by Risk Level
🟢 Low Risk (0–16) — Maintain and Monitor
Your organization has a robust trade secret protection framework. Continue with:
- Annual review and update of NDA templates and protection policies
- Regular employee refresher training (at least every 12 months)
- Periodic third-party security re-verification
- Monitoring regulatory developments in China’s trade secret law
- Conduct a full reassessment every 24 months
🟡 Moderate Risk (17–32) — Targeted Improvement (6 Months)
Your organization has adequate protections but with identifiable gaps. Priority actions:
- Identify the highest-scoring questions in each section and create a remediation plan
- Strengthen employee offboarding procedures if not already comprehensive
- Review and update all China-specific NDAs with qualified legal counsel
- Implement evidence preservation readiness — document procedures and identify forensic resources
- Improve documentation of reasonable protection measures for AUCL compliance
🟠 High Risk (33–48) — Urgent Remediation (3 Months)
Your organization has significant vulnerabilities that require immediate attention:
- Engage Chinese legal counsel immediately to review NDA and IP protection framework
- Conduct an urgent trade secret audit to identify and classify all proprietary information
- Implement or upgrade digital access controls and DLP systems
- Establish a formal incident response plan with forensic readiness
- Review and tighten all third-party access arrangements
- Implement mandatory employee training within 30 days
- Document all existing and newly implemented protection measures
- Reassess quarterly until moved to Moderate or Low Risk
🔴 Critical Risk (49–80) — Immediate Comprehensive Overhaul
Your organization is critically exposed to trade secret misappropriation. Immediate action required:
- Engage specialist Chinese trade secret litigation counsel this week
- Conduct an emergency trade secret audit across all China operations
- Implement immediate access control restrictions — limit trade secret access to essential personnel only
- Engage a digital forensics firm to conduct a baseline security assessment
- Retain a forensic expert on standby for potential evidence preservation needs
- Review all current and former employee arrangements for IP assignment completeness
- Suspend or restructure any joint venture or partnership with Chinese entities involving technology sharing until protections are in place
- Implement comprehensive NDAs and security measures within 30 days
- Begin systematic documentation of all protection measures
- Reassess monthly until moved to a lower risk tier
This Trade Secrets Risk Assessment Calculator is designed to be used as a self-diagnostic tool. Complete the worksheet honestly — the only person you hurt by underestimating risk is yourself. The assessment should be conducted at least annually, and additionally whenever there is a significant change in your China operations, such as establishing a new business entity, entering a joint venture, or introducing a new product line involving proprietary technology.
For a more detailed, expert-led assessment, consider engaging a qualified trade secrets consultant or law firm with China experience to conduct an on-site evaluation and provide tailored recommendations.
Disclaimer: This risk assessment tool is provided for informational and self-assessment purposes only. It does not constitute legal advice, professional consulting advice, or a guarantee of protection against trade secret misappropriation. Foreign companies should consult qualified professionals for a comprehensive risk assessment tailored to their specific circumstances.
