Home | Solutions | Regulatory Compliance | Electronic Export Compliance

Electronic Export Compliance

The Aerospace and Defense (A&D) industry are subjected to export regulations including International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR), which impose fines and penalties for inappropriate disclosure of controlled information, such as data of importance to national defense. Satisfying ITAR and EAR regulations is a major challenge for A&D firms, especially those with a global presence, mobile workers, offshore operations, joint ventures, and extensive collaboration or supply chains.  

NextLabs® and SAP® have teamed to provide a solution that helps A&D firms comply with ITAR and EAR export regulations. The whitepaper “Electronic Export Compliance: Control and Audit the Use of Technical Data and Information Flow to comply with ITAR and Export Regulations” elaborates on the Electronic Export Compliance solution and examples for different scenarios to address export control requirements dealing with the handling and protection of defense or other technical data. 

The Solution

SAP Global Trade Services Management allows enterprises to manage the physical export of goods against agreements/licenses which are necessary to comply with government regulations, such as ITAR and EAR. GTS manages the export process from receiving the license through operational management and documentation. Integrated with the ERP, sales, and/or shipping system, GTS provides seamless export compliance.  

However, when the export is a transmittal of technical data to a supplier or customer, there is not necessarily a transaction in the ERP or shipping system that captures the export. Without a transaction, GTS loses the visibility to the export or a means to associate the transmission with the applicable export agreement/license.  

With the addition of NextLabs’ suite of Information Risk Management software, transfers of data can be tracked and monitored discretely. Using the standard API, each of the movements can be transferred to GTS as if they were a physical shipment, enabling GTS to process the data for audit purposes.  

Working in conjunction, NextLabs and SAP GTS provide the Electronic Export Compliance solution that addresses defense or technical data export requirements by enabling project teams to control and monitor data flow and data access. The solution consists of three major components: identity management, information access control and enforcement, and export license (e.g., TAA’s) management. The solution actively enforces export controls by understanding the complex, business context variables for appropriate technical data handling and disclosure. Collaboration inside and outside the extended enterprise, including supply chain partners and a mobile workforce, can safely take place.  

Scenarios to Protect ITAR Technical Data

ITAR defines technical data as “information, which is required for the design, development, production, manufacture, assembly, operation, repair, testing, maintenance or modification of defense articles.” In today’s highly collaborative and mobile environment, companies are vulnerable to inappropriate disclosure of technical data and regulation breaches in daily practices, even if they are not intentional. Risks could emerge in multiple steps along the business practices, such as design, collaboration with business partners, or remote work of company employees. Here are some scenarios of risks and how the Electronic Export Compliance solution addresses them: 

  • Data sharing during collaboration: While technical data can be securely managed in local repositories through document management systems or file servers, usage control might be insufficient for files shared outside of the repository, which brings risks of data misuse and non-compliance of ITAR requirements. The Electronic Export Compliance solution helps organizations to ensure information integrity for data at rest and in transit through policy-based controls. Whether shared internally or across the extended enterprise and supply chain, online or off-line, files are identified and protected against unauthorized access through real-time access management policies.    
  • Mixed-use environments and contamination: In many Aerospace and Defense, High Tech, and Industrial firms, engineering design, development, and manufacturing resources are used for both ITAR projects and commercial projects. Such multi-use environments create potential for accidental disclosure of technical data and contamination of commercial projects. In some intricate cases, a commercial item is also subject to ITAR control if it contains a product or component that requires ITAR control. The Electronic Export Compliance solution ensures that ITAR data is persistently protected against inappropriate use of technical data and accidental reuse of ITAR data in commercial projects. Scalable across the entire environment, the solution enforces access in accordance with local regulation and ensures ITAR compliance.  
  • Technical Data Export and Remote Access Use: Export of technical data occurs any time that information is accessed from outside of the US or provided to foreign persons within the US. The definition