Thought about your Information Technology department lately?
You know, those folks you call upon when your computer is rebelling and productivity has ground to a screeching halt? Without IT your core business processes could not function. But have you considered their role in your organization’s export compliance?
If you’re an exporter of military parts, products or technology, safe and secure data access has to be top priority to avoid doing business with undesirables or becoming the victim of a cyber-attack. A top notch IT team is essential to protecting your company’s interests. A few ways IT professionals can help solidify your company’s compliance to International Traffic in Arms Regulations (ITAR):
Explaining all that mumbo jumbo
IT professionals can help classify technical data that is generated either by your company or by third parties. Their clarification of jargon and understanding of end-uses helps those ultimately responsible – and who may not have a technical background – to make informed, compliant export decisions. Their expertise is also required to label technical data. IT plays a key role in creating processes to address development and procurement – identifying controlled data at all stages of the development process and identifying controlled data from all business partners.
Determining what’s not meant for all eyes
Companies require a clear IT policy regarding electronic export via email, File Transfer Protocol (FTP), collaboration sites, and shared development tools. Appropriate restrictions around all controlled documents (including protection of hard copies) need to be in place and understood by everyone. Data maintained on shared company systems and sent outside the country must be marked as export-controlled, and documents electronically tagged so that appropriate restrictions can be put in place. A thorough export compliance review should be completed prior to granting system access to suppliers, customers or other third parties, and even certain employees.
Deciding where things live
Your IT team can illuminate the importance of how controlled information comes into your company (i.e. from which third parties, where they’re located, through what portals and into what systems), and the specific systems/facilities in which controlled information is stored, used and handled. IT professionals should play a significant role in determining where your data – both internal and external – resides. They can influence decisions about where servers are located and who has access. They should also be responsible for auditing and maintaining access restrictions to be sure there are no gaps that could put security at risk.
Checking up on themselves
Regular IT self-audits provide prime opportunities to review key elements of your ITAR compliance: records of licenses and license exceptions, self-classifications and commodity jurisdiction determinations, logs for all transfers of technical data (e.g. site visits, phone conferences, etc.). It’s a good time to evaluate the official systems on which controlled data is stored (and ensure employees understand them), and the data access points for both third parties and employees. All self-audit results should be fully documented both for future reference and government audit-readiness.
The contributions of your IT department are vital to your daily business operations, but don’t forget they’re also vital to maintaining your company’s high export compliance standards.