{"id":192,"date":"2016-12-14T17:05:09","date_gmt":"2016-12-14T17:05:09","guid":{"rendered":"http:\/\/exportcompliancesolutions.com\/blog\/?p=192"},"modified":"2016-12-14T17:05:09","modified_gmt":"2016-12-14T17:05:09","slug":"export-compliance-11-words-2","status":"publish","type":"post","link":"https:\/\/exportcompliancesolutions.com\/blog\/2016\/12\/14\/export-compliance-11-words-2\/","title":{"rendered":"EXPORT COMPLIANCE IN 11 WORDS (Part 7 of 12)"},"content":{"rendered":"

EXPORT COMPLIANCE IN 11 WORDS<\/strong><\/h2>\n

A Series on Export Compliance Essentials<\/strong><\/h2>\n

(Part 7 of 12)<\/strong><\/h2>\n

SECURE! <\/em><\/strong><\/h2>\n

\u00a0<\/strong><\/p>\n

Wherever your business interfaces with the global marketplace, your workforce should be trained to recognize export-controlled technologies and technical data, and equipped with the know-how and tools to comply with ITAR, EAR, and DoD requirements, as well as industry best practices, for safeguarding sensitive information and combating cyber threats.<\/em><\/strong><\/p>\n

Responsible information-handling practices have always been critical to export compliance. In the past few years, however, troubling reports of frequent and successful cyberattacks on U.S. Government agencies and alarming headlines about technical trade secrets stolen from private firms by hackers have moved information security to the top of the priority list for every organization\u2014small, medium-sized, or large.<\/p>\n

Under the terms of the ITAR and EAR, manufacturers and exporters are legally responsible to protect certain technical data related to defense articles on the USML (ITAR \u00a7120.10), as well as key technologies required for the production, development, or use of items on the CCL (EAR \u00a7772.1), against access by unauthorized persons. The disclosure or release of such information without a license, inside and outside company facilities, on the ground and in the cloud, within the U.S. and overseas, constitutes an illegal \u201cexport.\u201d<\/p>\n

That\u2019s why, if any of your products is export-controlled, you had better make certain that your employees are clearly aware of the fact, that they clearly understand everything it implies, and that this matters to them.<\/p>\n

They need to know that they\u2019re responsible for safeguarding technical data of any kind related to the product\u2014engineering drawings and specifications, schematics, blueprints, design analyses, photographs, formulas, performance test results, pilot production schemes, manufacturing procedures, assembly flowcharts, testing and inspection methods, or any other technical information subject to export controls.<\/p>\n

They need to know that if they share controlled technical data without appropriate authorization, or if they carelessly allow unauthorized access to it, they\u2019ll be violating U.S. export laws, with potentially serious consequences for the company and for themselves.<\/p>\n

You Need to Educate\u2014and Motivate\u2014Your People About IT Security<\/strong><\/p>\n

In today\u2019s business world, technical information<\/em><\/strong> is increasingly\u2014in many cases, almost exclusively\u2014digital information<\/em><\/strong>, consisting of text, images, numerical data, and formulas stored and distributed electronically via computer networks. That means \u201cinformation security<\/em><\/strong>\u201d and \u201ccybersecurity<\/em><\/strong>\u201d are increasingly synonymous, which is why most organizations have made some sort of cybersecurity training for their employees mandatory. While that\u2019s certainly wise, it shouldn\u2019t be grounds for complacency, because \u201cmandatory\u201d and \u201csome sort\u201d are plainly not<\/em> synonyms for \u201cadequate\u201d and \u201ceffective.\u201d<\/p>\n

In addition to providing and requiring cybersecurity awareness training for all employees, truly wise managers and administrators conduct regular internal assessments of security awareness to gauge how well their employees understand the nature and seriousness of the security risks and how well prepared they are to respond to cyber threats.<\/p>\n

You can test your employees\u2019 understanding of cybersecurity with a survey or questionnaire. Better yet\u2014from the standpoint of accuracy, objectivity, and credibility \u2014 get help from qualified professionals in this critical area, and ask them to evaluate the effectiveness of your current cybersecurity awareness training as part of a comprehensive cybersecurity compliance risk assessment of your entire company.<\/p>\n

Here are some very basic questions about cybersecurity that all your employees should be able to answer:<\/p>\n