top of page
Why Security-ITAR
When you initially installed PLM, intellectual property was protected so you could access your intellectual property. Your business may need to have ITAR-like compliance on the product data as it develops or when security-sensitive business units are added. The security model needs to be updated to take into account new selection criteria.
Examples of the security model alignment with the new selection include:
-
Project or product name specific access
-
Security clearance level access
-
Vendor or customer specific access
-
Business unit specific access
Challenges we Help you Solve:
-
Complexity of existing security model
-
Approach for transition without disruption – incremental deployment by user or criteria
-
Mass update of access control attributes
-
How do ITAR requirements apply in the Oracle Agile PLM?Defense products are subjected to International Traffic in Arms Regulations (ITAR) regulations requiring access controls for data handling visibility. Agile PLM systems can implement controls over who can read, update or even search the data. Agile PLM can employ control attributes (for example for security access level) or use membership in a user group as criteria. The group membership access can reflect internal projects and teams as well as external suppliers participating in a change or customers accessing documents and part lists. Suppliers, internal teams, and customers can collaborate while restricting the visibility of data items to only the ones assigned and relevant. ITAR - Items designed or developed for military or space applications EAR - Items designed or developed for commercial applications (alone or together with military/space applications, called dual use)
-
When does ITAR compliance matter?Your effort to remain in compliance with the ITAR will be a huge mitigating factor in the event of an audit. A company actively striving to operate within regulations is viewed in a different light than one that is unaware of, or unwilling to follow the rules. As an exporter, you are expected to maintain compliance with and knowledge of ITAR regulations. A formal export compliance policy and ongoing training are both highly recommended. Your company needs to have an ITAR compliance program, minimally consisting of a compliance manual, training, recordkeeping, and properly trained employees responsible for activities under the ITAR.
-
How does thrive.gs support customers who are subject to ITAR requirements?Code of Federal Regulations regarding ITAR states, “This information must be stored in such a manner that none of it may be altered, once it is initially recorded, without recording all changes, who made them, and when they were made." Implement change control on the product data and Restrict direct access to product data, development, and test environments. We employ “U.S. Persons” as defined by ITAR for all data management work. Data is never accessed by an unauthorized person or processed even in the United States or an offshore technology center. All data management, PLM configuration, and code development in executed by authorized US Persons following the company policies and procedures. In many cases, we work using company-provided laptops and corporate network access tools such as Citrix and VPN.
-
How does thrive.gs provide assurance to customers that it meets ITAR requirements?We ensure the record-keeping element of ITAR is in compliance. In the event of an audit, you will want to be able to produce records detailing all of your compliance efforts. This includes purchase orders, shipping documents, delivery receipts, notes, etc. (ERP) Address documentation for issues like training, hiring, foreign nationals, and the like (PLM) Make sure to include a record of all the entities that interact with your exports – freight forwarders, receiving agents, shipping companies, etc. (AVL/ASL in PLM) Documentation can (and should) include pre-sales investigation and customer communication as well as post-delivery follow-up. (CNM, Proj Mgmt, Cost Mgmt in PLM) Ensure strictly authorized access to all the record-keeping product documents stored in PLM Customer data is not only critical to the company’s competitiveness but also to national security and we do not take that lightly. All U.S. based thrive.gs employees undergo a background check before hiring and usually have a track record of working in high-security, NDA-based engagements where client Intellectual Property is always handled securely. Lastly, we encourage using company-provided laptops with traceability of email and file transfers. thrive.gs has an extensive ITAR client list of aerospace and aerospace-related companies.
bottom of page