How Arena Achieves ITAR/EAR Compliance and Business Objectives

As we have noted, ITAR/EAR compliance in the Cloud focuses on ensuring that applicable technical data is not inadvertently distributed to foreign persons or foreign nations. At Arena, security and compliance are shared responsibilities between us, our data center provider, AWS GovCloud (US), and our customers (both administrators and end users).

For both defense-related and commercial product advancement, Arena PLM provides one place for unifying your entire product record in a secure platform. Users gain complete visibility and traceability, and support ITAR/EAR compliance at every phase, from requirements management to sustaining high-quality products that endure.

Purpose-Built With Proven Architecture

Arena is designed to address complex product realization and supply chain needs for companies of all sizes, from younger fast-growing companies to large global enterprises. Our multi-tenant SaaS cloud-based architecture streamlines regulatory compliance, formalizes design-control processes, and improves both communication and product quality for leading organizations

Business-Ready by Design

Arena solves the complexities of PLM with a highly intuitive system that’s easy to provision, set up, configure, and use—no coding necessary.

Secure AWS GovCloud Foundation

We have teamed up with best-in-class AWS GovCloud (US) to offer Arena for regulated customers. Arena’s PLM for AWS GovCloud deployment is geographically located within the United States. Continuously audited by accredited third-party assessors, it supports ITAR/EAR compliance with physical and logical administrative access to U.S. citizens only and NIST 800-171 Standardized Reference Architecture.

Process Controls for Regulated Environments

Arena further ensures information security with firm controls on the people, tools, and processes that touch the data and systems. Secure Cloud requires attention to detail, not just in the platform foundation, but in all aspects that impact the system and data. Our approach to security process controls for the regulated environment is consistent with the requirements in NIST SP and includes employees, vulnerability assessments, internal and third-party audits, security and compliance policies and procedures, operational and security monitoring, incident response, and disaster recovery and backup.