The Aerospace and Defense (A&D) industry are subjected to export regulations including International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR), which impose fines and penalties for inappropriate disclosure of controlled information, such as data of importance to national defense. Satisfying ITAR and EAR regulations is a major challenge for A&D firms, especially those with a global presence, mobile workers, offshore operations, joint ventures, and extensive collaboration or supply chains.
NextLabs® and SAP® have teamed to provide a solution that helps A&D firms comply with ITAR and EAR export regulations. The whitepaper “Electronic Export Compliance: Control and Audit the Use of Technical Data and Information Flow to comply with ITAR and Export Regulations” elaborates on the Electronic Export Compliance solution and examples for different scenarios to address export control requirements dealing with the handling and protection of defense or other technical data.
The Solution
SAP GRC Global Trade Service (GTS) allows enterprises to manage the physical export of goods against agreements/licenses which are necessary to comply with government regulations, such as ITAR and EAR. GTS manages the export process from receiving the license through operational management and documentation. Integrated with the ERP, sales, and/or shipping system, GTS provides seamless export compliance.
However, when the export is a transmittal of technical data to a supplier or customer, there is not necessarily a transaction in the ERP or shipping system that captures the export. Without a transaction, GTS loses the visibility to the export or a means to associate the transmission with the applicable export agreement/license.
With the addition of NextLabs’ suite of Information Risk Management software, transfers of data can be tracked and monitored discretely. Using the standard API, each of the movements can be transferred to GTS as if they were a physical shipment, enabling GTS to process the data for audit purposes.
Working in conjunction, NextLabs and SAP GTS provide the Electronic Export Compliance solution that addresses defense or technical data export requirements by enabling project teams to control and monitor data flow and data access. The solution consists of three major components: identity management, information access control and enforcement, and export license (e.g., TAA’s) management. The solution actively enforces export controls by understanding the complex, business context variables for appropriate technical data handling and disclosure. Collaboration inside and outside the extended enterprise, including supply chain partners and a mobile workforce, can safely take place.
Scenarios to Protect ITAR Technical Data
ITAR defines technical data as “information, which is required for the design, development, production, manufacture, assembly, operation, repair, testing, maintenance or modification of defense articles.” In today’s highly collaborative and mobile environment, companies are vulnerable to inappropriate disclosure of technical data and regulation breaches in daily practices, even if they are not intentional. Risks could emerge in multiple steps along the business practices, such as design, collaboration with business partners, or remote work of company employees. Here are some scenarios of risks and how the Electronic Export Compliance solution addresses them:
- Data sharing during collaboration: While technical data can be securely managed in local repositories through document management systems or file servers, usage control might be insufficient for files shared outside of the repository, which brings risks of data misuse and non-compliance of ITAR requirements. The Electronic Export Compliance solution helps organizations to ensure information integrity for data at rest and in transit through policy-based controls. Whether shared internally or across the extended enterprise and supply chain, online or off-line, files are persistently protected against unauthorized access through real-time access management policies.
- Mixed-use environments and contamination: In many Aerospace and Defense, High Tech, and Industrial firms, engineering design, development, and manufacturing resources are used for both ITAR projects and commercial projects. Such multi-use environments create potential for accidental disclosure of technical data and contamination of commercial projects. In some intricate cases, a commercial item is also subject to ITAR control if it contains a product or component that requires ITAR control. The Electronic Export Compliance solution ensures that ITAR data is securely identified and protected against inappropriate use of technical data and accidental reuse of ITAR data in commercial projects. Scalable across the entire environment, the solution enforces access in accordance with local regulation and ensures ITAR compliance.
- Technical Data Export and Remote Access Use: Export of technical data occurs any time that information is accessed from outside of the US or provided to foreign persons within the US. The definition includes access attempts by authorized personnel and devices from overseas locations. The Electronic Export Compliance solution integrates identity management systems to track users and devices in real-time when deploying policies, even when they are off the network. Technical data export is tracked and monitored through SAP’s trade management system to ensure audit and reporting.
Solution Benefits for Electronic Export Compliance
With active controls applied to the access, movement and use of export controlled technical data, companies can comply with ITAR requirements in a cost-efficient and systematic manner. They can now avoid costly fines resulting from inappropriate disclosure, as well as audit the export of technical data, to align the movement of technical documents with valid export licenses. Here are some major benefits of adopting the Electronic Export Compliance solution:
- Minimize the risk of inappropriate disclosure: The dynamic information controls and real-time policy deployments enable Aerospace and Defense, High Tech, and Industrial firms to ensure that the technical data is accessed, handed, distributed, communicated, and exported appropriately.
- Quickly demonstrate compliance: The Electronic Export Compliance solution allows organizations to monitor, log and report all information use activities, regardless of policies put in place, to ensure technical data access, movement and use is aligned with compliance goals.
- Economize multi-use environments: The solution actively protects data across systems shared by export-controlled and commercial projects across the enterprise. It helps companies to economize the multi-use environment as they no longer need to create physically isolated project environments, ensuring that data is persistently protected across the complexity of multiple systems, applications, devices, and data types.
- Educate users on policies for protecting technical data: The Electronic Export Compliance solution automatically notifies users when they are in potential violation of policies before the violations occur, and actively preventing misuse. This function greatly reduces unintended or accidental misuse of data by employees, while increasing project productivity by educating employees on best practices for the safe access, movement, and use of export-controlled technical data.
Please download the white paper to learn more about the Nextlabs and SAP Electronic Export Compliance solution, how it can control access to and protect information subject to export regulations, and the solution deployment process.