To support ITAR/EAR-compliant product development, manufacturers need to adopt measures that ensure technical data and technology – including identified product information – remain accessible where allowed and needed while protecting against loss or unauthorized access. Individual needs and requirements will vary by organization, but generally span three areas.
ITAR- and EAR-regulated data must remain in the specified geographic location: the United States. Public commercial cloud services may not meet these requirements, as data can reside in non-U.S. locations or cross geographic borders during transit. While on-premises systems certainly meet geographic location restrictions, such solutions also may not provide team-empowering, traceable ways to collaborate on product development.
Systems handling ITAR data should be designed to adhere to standards and best practices for ongoing management, monitoring, and review of the multiple layers (physical, logical, and application). Other needed protections include levels of encryption for in-transit and at-rest data. Commercial cloud offerings, either public or private, do not necessarily provide these protections. On-premises solutions may or may not, depending upon variables of systems, networks, policy definitions, and IT practices.
Backend access to the PLM platform must be controlled and restricted to U.S. persons only. Commercial cloud solutions do not provide these controls; compliance of on-premises solutions depends on the product company’s IT resources, physical server location configuration and access, and controlled network security layers. Manufacturers must also consider data classification and team data access. Not all product data will be subject to ITAR or EAR.
Manufacturers need the ability to easily identify the technical data that must be ITAR compliant, and therefore limited in access to particular individuals, while conversely providing for less-limited access to non-ITAR technical data. Additionally, companies need visibility of who has accessed technical data and when they accessed it.
Key Business Questions ITAR and EAR Compel
Opportunities and Challenges of Defense Market Entry
A Macro View of Product Lifecycle Management
What ITAR/EAR Means for Secure Product Development
The Newfound Benefits of Secure Cloud PLM
How Arena Achieves ITAR/EAR Compliance and Business Objectives