Preventing the illegal transfer of technology isn't a single event—it's an integrated part of the ongoing human workflow of your company, consisting of numerous individual actions and cooperative behavior between employees and departments at every management level. That's why illegal technology transfer control requires a comprehensive, company-wide solution that can manage compliance effectively at every step of the process.
Technical data and documentation referring to controlled goods itself qualifies, under United States export laws, as controlled technology. It therefore requires strict monitoring and regulation to prevent its illegal dissemination to denied parties and unauthorized foreign nationals. This can include hardcopy documents, emails, phone calls, and even face-to-face conversations. Assuring that your company remains compliant without slowing your export workflow to a crawl requires a multifarious solution.
Step 1: First, long before any transfers occur, everyone who is intended to be a party to the transactions must be screened against all applicable Denied Party Lists—as provided by the U.S. government, the United Nations, and other international organizations. Denied Party Screening must include any of your employees with access to the data, your vendors and customers with whom data will or may be sent, and any foreign nationals who may be in a position to receive the data. This is so that, once you are ready to apply officially for the mandatory agreement, all parties listed therein will have already been vetted as not presenting a risk to security.
Step 2: At this point, you must obtain the agreement itself from the U.S. Department of State, or possibly the Department of Commerce. The specifics of the agreement application will depend on the jurisdiction under which the technology and/or information you intend to export falls, but must include all information relevant to the technology transfer. This includes the names of all your employees who will be parties to the agreement, the names of all vendors and customers (plus foreign countries and foreign nationals) who may be in receipt of your technical data, details of the specific technology involved in the transfer (including any individual parts or components that may themselves be considered "controlled"), and so on.
Step 3: When you receive an agreement, it will include terms delineating its scope in terms of dollar amounts, transaction limits, expiry dates, etc. It will also likely include intricate specifics with regard to who may receive what in order to remain in compliance; for instance, persons located in a certain country may be permitted to receive information on how to operate a certain piece of equipment, but not information on its technical specifications, while for a person in other countries there might be no such restrictions. Your company must have an effective tracking system to record these details in order to assure that all relevant persons have access to the information to avoid violations and stick scrupulously to the requirements of the agreement.
Step 4: Beyond this, the system must also provide a standardized means of recording transactions via all the different types of communication by which technology may be transmitted (e.g. telephone, email, direct file transfers, or face-to-face conversations, etc.). Authorization profiles must also be created for everyone in your company with any access to technical data on controlled goods, as well as for any vendors, customers, or foreign nationals currently have access to your technical data, or will have technical data shared with them over any medium. Any user granted an authorization profile must document that they have read and understood the responsibilities and limitations placed upon them with respect to possessing and transferring controlled technology. The system itself must be readily available for the use of all employees at the point at which exports occur—i.e. details of the technology transfers should be recorded and logged in the central system by employees immediately upon the event of the transfer.
Step 5: From a centralized location, your management and/or Compliance Department must engage in an oversight process for transactions on a daily basis—to record and track who is viewing your technical data, what data or documents are being accessed or shared, the date and time of their transmission or viewing, and from where they are being accessed. This ongoing process is necessary to ensure that the transactions occur only within the scope of the agreement, and with only authorized parties.
Step 6: In addition, daily monitoring of exports must also take place to assure that any values specified in the agreement have not been exceeded, and that expiry dates have not elapsed. If the applicable agreement has expired or become exhausted, even a transfer between approved persons that otherwise conforms to the terms of the agreement, is considered illegal, and the consequences can be severe if the violation is detected.
Step 7: Your monitoring and recording solution must have the capability to produce documentation for any mandatory government reporting requirements specified as part of your export agreement.
Besides this, all technical data transfer activity must be logged in detail, with extensive documentation, for your own ongoing record-keeping purposes. This is important for summary reporting for management and/or your Compliance Department, as part of the continual process of overseeing employee workload and export activities. It is also vital in the event of a government investigation, so that your company has conclusive proof of your intent to comply with all applicable regulations. Without documentation proving that your transfers were conducted legally, your company may have no way to prove compliance if suspicions of illegal activity arise.
Tech Data Transfer Supervisor is the tool that does all this and more, allowing you to maintain control and supervision over your important technical data to assure your company remains compliant, and operating within the boundaries of your agreements in order to prevent illegal export activity when transferring your technical data. At the same time, it saves you money by automating your export control workflow, dramatically reducing the time your employees would otherwise spend manually assuring all their documents, information, and recipients are authorized and legal.