ITAR is the control for the export and import of defense-related articles and services found on the United States Munitions List (USML).
If your company sells to the United States Department of Defense (DoD) you need to be ITAR compliant. Even if you don’t sell to the DoD, but you do sell to a company that does, you most likely need to be ITAR compliant. So, what is ITAR compliance all about.
What is ITAR Compliance?
ITAR is the acronym for International Traffic in Arms Regulation. The US government mandates that any company that manufactures, exports, as well as brokers of defense articles, defense services, or a company that is involved with related technical data, must be ITAR compliant. ITAR is the control for the export and import of defense-related articles and services found on the United States Munitions List (USML).
As a result, many companies directly affected by ITAR are insisting that every company in their supply chain also be ITAR compliant.
Following is a good explanation of ITAR compliance from the Dunlap-Stone University.
“For a company involved in the manufacture, sale or distribution of goods or services covered under the United States Munitions List (USML), or a component supplier to goods covered under the USML, the stipulation or requirement of being “ITAR certified (compliant)” means that the company must be registered with the State Department’s Directorate of Defense Trade Controls, if required as spelled out on DDTC’s website and the company must understand and abide by the ITAR as it applies to their USML linked goods or services. The company themselves is certifying that they operate in accordance with the ITAR when they accept being a supplier for the USML prime exporter.”
On second thought, the University’s explanation needs more explaining – ITAR implements the provisions found in the Arms Export Control Act (EACA). The specifics of ITAR mandate that information, knowledge, and material related to defense and military-relevant technologies (specifically those listed on the USML) may not ordinarily be shared with others unless the sharer receives permission from the US State Department or by a special exemption granted by the State Department. Companies that violate ITAR can face fines up to $500,000 per occurrence. Individuals in executive positions of a company in violation of ITAR can be fined and imprisoned. ITAR is a ban on the export of military technology without State Department approval.
Compliance as a Service
There is Software as a Service, IT Security as a Service, and loads of “as a Service” offerings available from a managed services provider. 2017 may be the year of Compliance as a Service.
One of the keys to ITAR compliance is a strong secure methodology for storing and transferring data related to defense technology. As an MSP usually provides strong security, learning and understanding ITAR can lead to a new service opportunity. With regulations from the feds and from state governments issued with great frequency concerning the storage and distribution of sensitive data, Compliance as a Service has strong potential.