Export Control and PLM
Export control regulations are perhaps the most demanding of all manufacturing and sales requirements. Government requirements must be followed to the letter, businesses must make sure their knowledge of the law is current, and the software architecture used to manage export control regulatory compliance must satisfy security-grade compliance requirements.
Most PLM vendors have Export Control compliance modules; Razorleaf can help you choose which one best meets both your internal and external requirements. We work with all the PLM vendors, and have helped hundreds of clients customize their engineering infrastructure to accommodate Export Control.
The increased complexity demanded of compliance with ITAR (International Traffic in Arms Regulations) and EAR (Export Administration Regulation) require purpose-built technology for successful operations. Violations of export requirements can incur significant penalty. Minor violations can cost thousands of dollars; fines for serious violations run into the millions. Voluntary disclosure of violations are still subject to fines and other penalties. If the government launches an ITAR/EAR investigation, investigators can shut down the business, stopping all shipping and receiving of products.
Enabling Global Collaboration
With shortened life cycles for the typical product, collaborative work environments are a must. But collaboration presents a special challenge when working on products that must pass export control. Every person must be certified to participate in the project, and record keeping regarding who works on what when must be meticulous. Collaborating under one roof can be challenging, but today many engineering teams are global, adding another layer of complexity. To varying degrees, the complete supply chain must also be managed for compliance.
Export control compliance is not just an engineering/manufacturing issue. IT must be directly involved. Whether your PLM is administered on a departmental basis or as a company-wide resource, your IT team must be able to define and manage control over location and access to business-critical data.
You may install a new PLM module to manage compliance, but the actual engineering and manufacturing work flows through many other software, network, and hardware infrastructure layers. Some of these layers may be dated and hard to justify for security and compliance requirements. A full IT audit may be necessary to insure a fully compliant system.
PLM and Export Control Data
PLM used to manage data in a security environment contains core product design information. It is not just the specialized Export Control module that must meet standards—the whole platform must conform to strict procedures. Specifically:
Data types: All data types to be used, including attributes and files, must be part of an approved classification model for each regulation and national standard.
Roles/groups: Some users have default access to all product and workflow information; others are approved for only specific purposes.
Workflow: The license status of all project members must always be current. The software must track the classification status of all documents. The workflow procedures must always match license, classification, and data for compliance.
Legacy issues: Parts created prior to the project but selected for use must also be brought into the Export Control system. Generally the documentation of such products must be assigned a unique data type in the classification model.
You can put the right software tools and rules into place, but without the right mindsets, full compliance can still be challenging. Everyone must know there are no shortcuts; processes must be followed to the letter. There is no such thing as an Export Control procedure that does not add value. Export Control administrators must especially watch for:
- Unauthorized data sharing or storage on an unapproved cloud (there are ITAR-compliant cloud systems)
- Printing or other unauthorized viewing
- Sharing controlled data via email
Typical vendor offerings
The leading PLM vendors offer Export Control systems, either as an add-on or in their core software. Examples include:
Dassault Systèmes Enovia V6 offers Export Classification and IP Export Enforcement modules, customizable for ITAR/EAR compliance. Options include managing Multinational Export Control, Intellectual Properties, and management of data classified according to National Industrial Security requirements.
Aras Innovator utilizes technology that is readily made compliant with Export Control. It can be configured to insure ITAR compliance; many users of Innovator are defense contractors and armed forces agencies which have shared their compliance configurations with other members of the open-source Innovator community.
There are many consulting firms out there working in PLM who can install these systems. Razorleaf will work first to make sure you know exactly what is needed—to get the right system in place without unnecessary overhead or technology creep.