Agile PLM Security-ITAR Compliance
Your business may need to have ITAR-like compliance on the product data as it develops or when security-sensitive business units are added.
Why Security-ITAR
When you initially installed PLM, intellectual property was protected so you could access your intellectual property. Your business may need to have ITAR-like compliance on the product data as it develops or when security-sensitive business units are added. The security model needs to be updated to take into account new selection criteria.
Examples of the security model alignment with the new selection include:
- Project or product name specific access
- Security clearance level access
- Vendor or customer specific access
- Business unit specific access
Frequently asked questions
Defense products are subjected to International Traffic in Arms Regulations (ITAR) regulations requiring access controls for data handling visibility. Agile PLM systems can implement controls over who can read, update or even search the data. Agile PLM can employ control attributes (for example for security access level) or use membership in a user group as criteria.
The group membership access can reflect internal projects and teams as well as external suppliers participating in a change or customers accessing documents and part lists. Suppliers, internal teams, and customers can collaborate while restricting the visibility of data items to only the ones assigned and relevant.
- ITAR - Items designed or developed for military or space applications
- EAR - Items designed or developed for commercial applications (alone or together with military/space applications, called dual use)
- Your effort to remain in compliance with the ITAR will be a huge mitigating factor in the event of an audit.
- A company actively striving to operate within regulations is viewed in a different light than one that is unaware of, or unwilling to follow the rules.
- As an exporter, you are expected to maintain compliance with and knowledge of ITAR regulations. A formal export compliance policy and ongoing training are both highly recommended.
- Your company needs to have an ITAR compliance program, minimally consisting of a compliance manual, training, recordkeeping, and properly trained employees responsible for activities under the ITAR.
Code of Federal Regulations regarding ITAR states,
- “This information must be stored in such a manner that none of it may be altered, once it is initially recorded, without recording all changes, who made them, and when they were made."
We ensure the record-keeping element of ITAR is in compliance. In the event of an audit, you will want to be able to produce records detailing all of your compliance efforts.
- This includes purchase orders, shipping documents, delivery receipts, notes, etc. (ERP)
- Address documentation for issues like training, hiring, foreign nationals, and the like (PLM)
- Make sure to include a record of all the entities that interact with your exports – freight forwarders, receiving agents, shipping companies, etc. (AVL/ASL in PLM)
- Documentation can (and should) include pre-sales investigation and customer communication as well as post-delivery follow-up. (CNM, Proj Mgmt, Cost Mgmt in PLM)
- Ensure strictly authorized access to all the record-keeping product documents stored in PLM
Customer data is not only critical to the company’s competitiveness but also to national security and we do not take that lightly. All U.S. based thrive.gs employees undergo a background check before hiring and usually have a track record of working in high-security, NDA-based engagements where client Intellectual Property is always handled securely.
Lastly, we encourage using company-provided laptops with traceability of email and file transfers. thrive.gs has an extensive ITAR client list of aerospace and aerospace-related companies.