Sunday, September 11, 2011

4 Measures to Prevent Unauthorized Export of Technical Data

Though not as sinister and espionage riddled as most savvy spy novels, export compliance is an issue that will get Defense contractors in trouble. Violating State Department regulations will bring the weight of the US Government on the offending company. According to the International Traffic In Arms Regulation, ITAR, “Any person who engages in the United States in the business of either manufacturing or exporting defense articles or furnishing defense services is required to register”. Cleared contractors must have a plan not only to protect classified information, but also to prevent the unauthorized transfer of technical information and data."

Unauthorized transfer of technical data can occur in a variety of ways. Keep in mind that exports can and do occur not only during shipments but when hosting foreign visitors, during meetings, trade shows, plant tours, chat-room discussions, published articles and many other means. You can even export technical items exposed on your desk or otherwise revealed when a foreign visitor tours the facilities.

Though not covered in ITAR think of the term “Deemed Export”, where transfer occurs in simple acts as briefings or providing presentations of technical data to non-US persons.

This includes sending or removing technical data out of the U.S. or transferring it to a non US person in the U.S. by such acts as:

• Disclosing (oral, email, written, video, or other visual disclosure) or transferring technical data to a foreign person whether in the U.S. or abroad
• Providing a service to, or for the benefit of a foreign person, whether in the U.S. or abroad

You can help prevent unauthorized disclosure by taking the following actions:

1. helping your company understand the requirement to register with the State Department (see requirements).

2. Remind decision makers the responsibility to protect technical data. You can do this by helping create a technology control plan (TCP). If your company is authorized to export or reveal technical data, understand the license or technology assistance agreement (TAA). Follow it to the letter. The TCP will ensure that only authorized persons have access to technical data.

3. Provide a briefing to employees that whether or not in the U.S. or visiting overseas, they should only discuss what is authorized by licenses and or TAAs.

4. Prior to travel with a laptop, either have the information technology (IT) department scrub or provide a clean computer free of all technical data not authorized by licenses

Do everything within your power to help others in your enterprise understand that no technical data or service should be given without proper approval. This means performing due diligence prior to receiving foreign visitor, sending business development to trade shows, and prior to working on teaming agreements with non US persons.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership The Ranger Handbook The Army Physical Readiness Manual Drill and Ceremonies The ITAR The NISPOM

No comments: