ITAR compliance gaps in two real-world use cases
22 Jan 2020
When it comes to ITAR compliance, organizations need to run a tight ship.
Stringent rules paired with complex operations can make compliance a tall order, but failing to adhere means opening the door to extremely harsh penalties. Two recent cases illustrate this. Compliance problems for two large organizations resulted in $13 million USD and $30 million USD in civil fines and remedial compliance measures respectively. Administration, documentation, and communication mistakes contributed to these penalties, and unfortunately, these are categories of errors that we often see organizations encounter.
In this piece, we examine the errors that led to these penalties and discuss what organizations can do to reduce the possibility of repeating them.
ITAR for manufacturing and supply chain organizationsInternational Traffic Control Regulations (ITAR) control the export of goods, services, and data listed on the United States Munitions List. Manufacturers, exporters, and brokers of these items must adhere to wide-ranging and detailed regulations. It is expected that leaders and employees in organizations subject to ITAR are fully educated and trained regarding the requirements. Violations can lead to significant civil and criminal consequences. Our companion article on ITAR explains this in greater detail and illustrates how a visitor management system can support compliance.
“Violations caused by systemic administrative issues”The charging letter against one information technology services provider and defense contractor listed a number of ITAR violations, including some related to “systemic administrative issues.” These issues specifically involved the handling of DSP-73 licenses, which permit the temporary export of controlled goods.
Many of the infractions were related to information management. Issues included the presentation of incorrect license numbers, insufficient record maintenance related to licenses, and the incorrect listing of item quantities and values on import and export paperwork.
The resulting agreement with the U.S. Department of State required the company to come into compliance, and to accept a penalty of $13 million USD in fines and resources devoted to remedial measures.
Failure to collect citizen information: A second example involves a technology company that did not collect citizenship information about some employees. Collection of this information is required in some cases for licensing purposes. In a voluntary disclosure, the company admitted that due to this oversight, permission to access sensitive technical data may have been improperly provided to some employees.
The penalty in this case: $30 million USD in fines and remedial compliance measures.
ITAR compliance in facility security: As we’ve seen, human error and spotty recordkeeping can be costly. The types of errors that led to millions of dollars in penalties can also be made when documenting visitors to a facility containing sensitive equipment, products, and information.
Well-designed processes combined with automation and training can help to streamline and strengthen an ITAR compliance program and demonstrate the existence of processes to regulators. A visitor management system can support compliance best practices by:
Screening all parties and verifying citizenshipMaintaining complete, detailed, and uniform records on guestsProviding easily accessible visitor audit documentsEnsuring visitor identification badge issuance is included in check-in processesNotifying hosts of guest arrival or alerting relevant parties of visitor-related risks and issuesWith a VMS, visitor data can be exported and records can be kept and retrieved as needed. Just as importantly, the system automates steps to reduce human error or single points of failure when one person is responsible for collecting and inputting visitor data. This means that processes can be established to decrease the odds that small, avoidable oversights and omissions will result in hefty, publicly-listed fines and penalties.
VMS can make compliance processes faster and more seamless by simplifying steps for users, arranging required actions in one smooth workflow, and reducing the kinds of administrative, documentation, and communication errors that lead to massive penalties like the ones highlighted above. Awareness of these examples and exploration of how automated systems can enhance compliance programs can help organizations avoid similar, costly outcomes.
ITAR compliance gaps in two real-world use cases
See Traction Guest at IFSEC International 2021
Traction Guest will be exhibiting on Stand IF1832 at IFSEC International 2021, 18-20 May, ExCeL, London, UK
Product News
Traction Guest opens Dublin office, expanding into European market
Traction Guest, a global leader in cloud-based solutions for enterprise visitor management, is excited to announce the opening of a Dublin location. The new office, which follows the company’s Seattle launch earlier this year, will expand its sales and customer success teams, focusing on providing visitor management solutions and support for enterprises throughout Europe.
Product News
Traction Guest named one of Canada’s Companies-to-Watch in Deloitte’s Technology Fast 50™ Awards
VANCOUVER, B.C. (November 7, 2019) - Traction Guest, a global leader in cloud-based solutions for enterprise visitor management systems (VMS) has received a 2019 Companies-to-Watch award. The award spotlights companies that exhibit strong growth and show potential to be a future candidate for the Technology Fast 50™ award.
Product News
Traction Guest expands global presence with the opening of Seattle office
Traction Guest, a global leader in cloud-based solutions for enterprise visitor management, is excited to announce the opening of a Seattle office. The new U.S. office will be instrumental in expanding the company’s sales, development and customer success teams and capitalizing on the growing demand for visitor management solutions worldwide.
Product News
Forbes names Traction Guest a Rising Star in the Cloud 100 list
VANCOUVER, B.C. (September 11, 2019) – Traction Guest, a global leader in cloud-based solutions for enterprise visitor management systems (VMS), has been named one of the 20 Rising Stars as part of the Forbes 2019 Cloud 100 list, the definitive list of the top 100 private cloud companies in the world, published by Forbes in partnership with Bessemer Venture Partners and Salesforce Ventures.
Product News
Bessemer Venture Partners leads USD $13 Million Series A for Traction Guest to accelerate the global expansion of enterprise visitor management
VANCOUVER, CANADA, June 13, 2019 – Traction Guest, a global leader in cloud-based solutions for enterprise visitor management, announces the completion of a USD $13 million Series A financing round, led by Bessemer Venture Partners with participation from existing investor Salesforce Ventures and other private investors. The funding will further accelerate Traction Guest’s expansion that follows year-over-year rapid revenue and employee growth of over 200%.
Product News
3 Ways Salesforce Ventures used a Visitor Management System to Welcome Guests
We all know what it feels like to walk into a new place and feel completely invisible. A good handshake is often all it takes to dispel that feeling, but unfortunately, our frenetic world makes it harder to personally meet the people who visit our organizations.
The first time a guest walks into your facility, the welcome you give them sets the tone for the entire relationship. If, before anything else, your visitors know that they are anticipated, valued and remembered, then you have laid the foundation for a partnership built on real human connection.
Product News
Thermo Fisher: Managing compliance requirements with visitor management
Given its enterprise size, managing facilities and hosting guests is a complex matter for Thermo Fisher, the American multinational biotechnology product development company with over 65,000 employees globally. Their Oyster Point location in San Francisco hosts hundreds of visitors each week and multiple buildings are needed. Each guest is unique and is visiting for a different purpose which requires a high degree of customization. Operating in the biotechnology and medical industry, Thermo Fisher Scientific faces a highly regulated environment. The organization is required to adhere to compliance standards and manage detailed audit trails on who has had access at any given point in time. Health and safety are key priorities for every location and requires strict procedures for anyone walking through their doors. With that in mind, Thermo Fisher looked for the leading enterprise visitor management system for its locations.
List your business for free
Create a business listing on the UK's leading security and fire directory
Get the IFSEC Global newsletter
The latest security and fire news, trends and insights
