Export Control for Technical Data [ITAR, EAR]

Control and Audit for Export Compliance

A&D, high tech, and industrial manufacturing companies face a set of unique information security challenges in order to comply with export regulations such as The International Traffic in Arms Regulations (ITAR), Encryption and Export Administration Regulations (EAR), German BAFA regulations, and the UK Export Control Act. These regulations impose severe fines and penalties for inappropriate Deemed Export of Technical Data. Demonstrating proper controls to support these regulations is a major challenge for these firms, especially since guidelines or standards are loosely defined.

Traditionally, companies were faced with two very expensive options to address compliance: isolate export-controlled data on separate physical networks or patch together a loose set of access controls that do little to minimize compliance risk or satisfy auditors. The first option limited business productivity by cutting off global supply chains, the Internet, and a mobile workforce, and introduced tremendous costs of maintaining duplicate infrastructures and multiple instances of critical business applications. The second option left companies exposed to severe regulatory fines and penalties.

Export Compliance Applications

NextLabs’ solution is a set of applications which include a comprehensive set of best practice policy libraries and reports required to support compliance with export regulations such as ITAR and EAR. Policy sets can be easily customized to the environment or used as templates to create new policies.

The solution allows companies to control and audit Deemed Export of Technical Data by applying policy across the servers, applications, and workstations where technical data is managed and stored. Export Control for Technical Data safeguards information within the enterprise ensures proper handling of technical data export to satisfy regulatory requirements.

The solution addresses technical data export requirements by enabling project teams to:

• Control access to technical data based on user citizenship, certification training, computer system, and physical location.
• Track and apply policy-based controls to control duplication, storage, copy/paste, printing, removable media, e-mail, IM, Web uploads, FTP, and web conferencing.
• Prevent leakage of technical data beyond certified systems and users.
• Automatically match technical data export to Export Licenses or Technical Assistance Agreements (TAA).
• Apply policy universally across data repositories and endpoints including file servers, document management, PDM/PLM applications.
• Create Information Barriers around projects, applications, and systems to prevent leakage of export-controlled technical data into uncertified systems or applications.
• Detect user activity that constitutes Deemed Export and automate the process of export license determination and/or manager approval.
• Provide a full audit trail detailing technical data access and usage to satisfy regulatory compliance audit requirements.
• Leverage best-practice policies and reports for easy and rapid deployment.

The solution actively enforces export controls by understanding the complex, business context for appropriate technical data handling and disclosure. Collaboration inside and outside the enterprise, including supply chain partners and a mobile workforce, can now be governed to demonstrate compliance with export regulations such as ITAR and EAR.