NCMA Workshop NCMA Workshop International Traffic and Arms International Traffic and Arms Regulations (ITAR) Regulations (ITAR) What you need to know! What you need to know! Natascha Finnerty Natascha Finnerty DL Exports International DL Exports International [email protected][email protected]978 368-7940 978 368-7940
49
Embed
NCMA Workshop International Traffic and Arms Regulations (ITAR) What you need to know! Natascha Finnerty DL Exports International [email protected].
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
NCMA WorkshopNCMA Workshop
International Traffic and Arms International Traffic and Arms Regulations (ITAR)Regulations (ITAR)
What you need to know!What you need to know!Natascha FinnertyNatascha Finnerty
YOU NEED TO YOU NEED TO UNDERSTAND THE SCOPE!UNDERSTAND THE SCOPE!
• CONTROLLED ITEMS
AND
• ACTIVITIES
CONTROLLED ITEMSCONTROLLED ITEMS
• US Munitions List (USML)
• Commerce Control List (CCL)
ITAR govern munitions items, related tech data and services:– Items designed, configured or adapted
for military use– Items that meet listed parameters
(radiation resistance, TEMPEST)– Predominant military Use– Classified items and technical data– Defense services
ITAR CONTROLSITAR CONTROLS
US ML PART 121US ML PART 121
21 categories, from firearms to major weapons systems
I – FirearmsIII – AmmunitionIV – Launch Vehicles, Guided MissilesVII – Aircraft and associated equipmentX – Protective Personnel EquipmentXI – Military ElectronicsXV – Spacecraft and Associated EquipmentXVII Classified Articles, Tech Data and
Defense Services - catch all
LISTSLISTS
USML• Broad categories• Specially designed for
military catches lots of things
• Must apply for a COMMONITY JURISTRICTION (CJ) to get off the list
• Need a license for all destinations
• China is proscribed
USML vs. CCLUSML vs. CCL
USML 22 categories• Item, components, technology
CCL• 10 categories• Item, production, material,
software, technology
CCLCCL
• Technical parameters that the item must meet
• Must be high level item
• Many license exceptions to Regime members
4A003 4A994EAR99
DEVELOP A DEVELOP A PRODUCT MATRIXPRODUCT MATRIX
Communicate to • Project Managers• HR• Sales• ShippingMake it part of your PN or
contract process and program a flag
• ECCN/Cat No.• Origin• Schedule B
KNOW THE PROSCRIBED COUNTRIES
KNOW THE PROSCRIBED KNOW THE PROSCRIBED COUNTRIESCOUNTRIES
126.1 Embargoed UN Embargoes Terrorism RestrictionsBelarus AfghanistanCuba Cuba Cyprus Burma Iran Congo (DR)ChinaEritrea North Korea FijiIran Sudan IndonesiaHaiti Syria Iraq
Ivory CoastLiberia Lebanon North Korea LibyaSomalia PalestineSyria ThailandSudan YemenVenezuela Zimbabwe
BEST PRACTICE – limit the ability to book orders or hire individuals from these countries in your system
UNDER THE ITAR – UNDER THE ITAR – ALL COMPANIES MUSTALL COMPANIES MUST
• Register (PART 122)– as a manufacturer, exporter and/or
broker
• Select Empowered Official (s) – by letter
KNOW THE KNOW THE REDRED FLAGS! FLAGS!
• Customer is little known• Customer is evasive about end-user
or end-destination• Customer knows little about the
product but wants it anyway• Customer asks for out-of-the-way
delivery routing• Customer is willing to pay cashYou cannot act with knowledge of
a violation or provide advice on how to evade the regulations!
“OK, folks, today we tour the highly classified, top secret areas of our Defense Department.”
ITAR HINTITAR HINT
• "Prior approval to use Non-U.S. Citizens to perform on this contract, at either the prime or sub-contract level, must be obtained from the Contracting Officer. If approval is granted, such approval does not grant an exception to U.S. export law (s) and the contractor is responsible for obtaining necessary export licenses."
WHAT IS AWHAT IS A TECHNICAL DATA TECHNICAL DATA
EXPORT (RELEASE)?EXPORT (RELEASE)?• Ship IC designs to foreign country• Hire foreign engineers• Plant tour for foreign nationals• Foreign access to host computer• Transfer data/software over the
Internet• Phone, FAX, & E-mail • Co-development project with
foreign partner • Train foreign nationals
DEFENSE SERVICESDEFENSE SERVICES
• Assistance to foreign persons in activities involving defense articles:– design, development, engineering– testing, manufacturing,
• Provision of ITAR-controlled tech data to foreign persons
TECHNOLOGY TRANSFERS TO TECHNOLOGY TRANSFERS TO FOREIGN NATIONALSFOREIGN NATIONALS
• Foreign nationals = all EXCEPT– U.S. Citizens– U.S. Permanent Residents – Persons granted refugee status or
asylum in the U.S.• If the tech data are controlled to the home
country AND no License Exception is available, obtain a license
• Considered an ITAR “deemed export”• Applies to interns, contract employees, others,
anyone who sees ITAR data
IF YOU GOTTA HAVE IF YOU GOTTA HAVE HIM/HER ON A PROJECT!HIM/HER ON A PROJECT!
• Is it an ITAR (DSP-5 or TAA) or BIS license?In either case
– Letter of explanation, – Resume– Statement of Work– Passport documents– EAR - Transfer of technology to foreign national per 732.2(b)(ii)– FBI template– End-user – provide immigration status.– End-use -
Expiration date tied to H-IB VisaCan be renewed – automatic 6-month extension if renewal
is received 45 days prior. Include the previous license number on all applications
Company PolicyCompany Policyand ITAR NDAand ITAR NDA
• Statement from Senior Management on importance of TCP
• Employee responsibilities• Part of Hiring Process• Need to demonstrate
management commitment
ITAR TECHNICAL DATAITAR TECHNICAL DATA
• Information for design, development, production, assembly, manufacture, use of defense article
• Classified technical information• Basic marketing info excluded• “Public domain” material
excluded
?
A Day in the Life of an A&D Engineer (without export control A Day in the Life of an A&D Engineer (without export control solution)solution)
ITAR ProjectFile Server
Mixed UseServer
Non-US Engineer
1
2
345
6
Web or CollaborationPortal
Non-US Partner
CommercialProject
US EngineerUS Engineer
Non-US Admin
US Engineer
OverseasRemote
Weak access or flow control
Lack of Informationbarriers
Transfers not matched to licenses
Transfers overunapproved channels
Commercial productcontamination
Uncontrolled mobiledata export
2
345
6
A Day in the Life of an A&D Engineer (with export control A Day in the Life of an A&D Engineer (with export control solution)solution)
ITAR ProjectFile Server
Mixed UseServer
1
Non-US Engineer
Web or CollaborationPortal
CommercialProject
US EngineerUS Engineer
?Non-US Admin
US Engineer
OverseasRemote
Non-US Partner
Controlled Access and Flow
Information Barriers
Transfers matched, logged, accountable reporting
Controlled TransfersApproved Channels
Non-contamination
Data Export Controlfor Mobile
Nextlabs Solution
Export Control for Technical Data OverviewExport Control for Technical Data Overview
US persons authorized to access ITAR project
information
US persons and non-US persons not authorized to access ITAR project
information
Deny/Limit
ITARTechnical Data
Technical Data
Approve
Approve/Deny Shipment of Goods
and Information
Export Control forTechnical Data
IdentityManagement
Export Licenses,SPL, Embargo List
AuditLog
Import/Export Control
Physical GoodsDefense Articles and
Third Party Supply Chain
US DoD images
NextLabs Products
Technical Data Policy Enforcement
`
Secure Dropbox (FTP)
Email / Instant Messaging
CollaborationPDM / SCMFile Server
Design WorkstationLaptopsMobile Users
`
Partner SystemsBatch
Compliant Enterprise
Policy Audit Data
Identity Management
ITAR Access Provisioning
Export Project Assignment
Information Export SolutionInformation Export Solution
ITAR / EAR Policy Library
Technical Data Activity Journal
Tech Data PolicyManagement
Export ProjectManagement
Export Audit Reporting
Export License Mgmt
Import/Export Control
Tech Data Export
Export License Mgmt
License, Embargo, SPL,
Information Export Control
Composite Application
ITAR/EARProject Mgmt
Technical DataPolicy Mgmt
Technical DataExport
Export LicenseRequest Mgmt
FACILITIES FACILITIES CONTROLSCONTROLS
• Control access to ITAR development and manufacturing areas
• Procedures – clean desk, locked storage
• Separate areas for ITAR meetings
• Different Badges for foreign persons/visitors
• Sign In and provide status of person - US?
HR ControlsHR Controls
• Deemed exports license for new engineers that are not permanent residents
• Unique badges for FN• Notices to employees
about non-disclosure to foreign employees, contractors, vendors
• Training in rules
NISPOM IS ControlsNISPOM IS Controls
• Chapter 8 • Need to address - Administrative,
operational, physical, computer, communications, and personal controls
• Appointment of a IS Security Officer
• Certification and Accreditation• Regular Auditing of procedures
System ManagementSystem Management• Handling, controlling, removing,
destroying of backup media. • Control over devices containing ITAR
data• Implementation of authentication
procedures– Including laptops, PDA’s, removable devices– Privileged and “super users”– Protection of passwords
• Tracking of who examines HW and SW • Don’t forget IT maintenance personnel • Physical Security
ReferencesReferences
• Nunn-Wolfowitz Best practices
• SIA: Compliance Insiders – Toolkit for Internal Compliance www.si.ed.org