What is ITAR and who must comply?

International Traffic in Arms Regulations (ITAR) was enacted in 1976 to control the export of military-or defense-related articles, technical data, and services from the US in order to protect national security. ITAR is managed by the US Department of State and its purpose is to avoid the transfer or disclosure of restricted information to a foreign national. The regulations indicate that no non-US person can have access – physical or electronic – to the articles under ITAR, where a non-US person is defined as anyone who is not a US citizen or green card holder. The articles covered by ITAR are listed on the United States Munitions List (USML) and typically involve any technologies designed or intended for military use. These articles may include equipment, parts, special materials, software, and technical information or data. ITAR does not apply to material already in the public domain.

The USML list is relatively vague and changes over time, making it challenging to determine which exact articles fall under the scope of ITAR. In general, ITAR mostly applies to companies buying, selling, manufacturing, or distributing equipment, services, or other technical data that is on the USML. ITAR most commonly applies to defense contractors; however, any company that is in the supply chain for items on the USML must comply with ITAR. Thus, it is crucial for companies that offer products and services to government consumers to fully understand their relationship to ITAR to ensure proper adherence when necessary.

What are the consequences of ITAR non-compliance?

Individuals and companies that handle US military data and equipment must be very careful. The US government strictly monitors and enforces ITAR, and non-compliance penalties are severe and may include civil fines, criminal charges, and forfeiture of restricted materials. Criminal penalties may include fines of up to a million dollars per violation and 10 years in prison while civil fines can be as high as half a million dollars per violation – and companies are often cited with many violations at once! Failure to comply with ITAR may also damage an organization’s reputation and puts the company at risk of being banned from exporting defense-related articles. Given that ITAR compliance can be complicated and the consequences of non-compliance are severe, companies should seek legal advice as necessary to clarify their ITAR obligations.

How does ITAR apply to the cloud?

Historically, companies that handle restricted information often relied on on-premises IT systems for complete control over IT operations and physical access to the data and servers. However, on-premises systems are often not the most cost-effective solution since the hardware and software has to be purchased and maintained, and there are on-going personnel costs for IT and security resources. Fortunately, there are now ITAR compliant cloud services available that allow companies to utilize the latest developments in cloud-based technology to stay competitive while achieving the necessary level of reliability and security.

Using the cloud to handle technical data that is deemed an export per the USML and requires ITAR compliance presents some challenges. Cloud service providers often use resources outside of the US and companies often use file sharing via the cloud – both of which can result in unintended sharing of technical data with foreign nations if the data is sent to servers located outside the US and accessed by non-US persons. Additionally, there are stringent record keeping requirements with ITAR in which a company must not only prove their technical data meets ITAR requirements today but that it has for a period of time for audit purposes. For these reasons, companies that must comply with ITAR need to ensure their cloud service provider has expertise in handling restricted data and complying with export laws.

Why KeyedIn is Your Best Option for ITAR Compliant Cloud Services

Security is a top priority at KeyedIn Solutions and it sets us apart. We offer cloud solutions for customers with ITAR obligations so you never need to worry about unauthorized users hacking into or accessing restricted information. KeyedIn cloud solutions are on a Microsoft Azure platform with hundreds of IT professionals securing the infrastructure and the data – and we provide an extra layer of protection by offering an ITAR compliant infrastructure. Multiple layers of redundancy meaning data is backed-up and stored in different physical locations which protect against any catastrophic failure resulting from issues such as power outages or backups failing. KeyedIn provides customers with a reliable cloud service and the ability to comply with ITAR regulations.

Contact a KeyedIn specialist today at 1-866-662-6820 to learn more about our ITAR compliant cloud services, or request a demo.

March 19, 2019

Recent Posts

Join the hundreds of companies already using KeyedIn Manufacturing. Request your demo NOW!

By clicking “REQUEST A DEMO” I agree to KeyedIn Terms of Service.