Export Control Training Recommended by BIS and DDTC

export control training
export control training

Export Control Training

Export control training is an essential part of an effective export compliance program.  Both the Bureau of Industry and Security (BIS) and the Directorate of  Defense Trade Controls (DDTC) recommend regular training for all employees involved in exports.  For businesses that are involved with International Traffic in Arms Regulations (ITAR) this includes employees that have access to controlled information.

Elements of Effective Export Compliance Programs

The BIS and the DDTC recognize eight elements crucial to an effective export compliance program:

  1. Management commitment and organizational structure
  2. Risk Assessment that identifies risks and builds controls
  3. Processes that ensure that the organization makes correct decisions, tracks and protects exported items, and screens all parties associated with a transaction
  4. Record keeping in accordance with requirements
  5. Training for all involved employees
  6. Periodic audits to access the integrity of the program
  7. Procedures for reporting and addressing violations
  8. An export compliance manual that defines processes, roles, and responsibilities

Changing Regulatory Landscape

In recent months there have been major changes in export regulations.  Ignorance is not an adequate defense for violation of these regulations.  Therefore it is important to maintain an up to date export compliance knowledge base.  When investigating export compliance incidents, export enforcement agents are instructed to assess an organization’s compliance program .  As a result, when programs are found negligent, increases in civil fines, penalties, and criminal prosecution occur .  Specific items of concern are:

  • Is the corporation’s compliance program well designed?
  • Is the program being applied earnestly and in good faith?  In other words, is the program adequately resourced and empowered to function effectively?
  • Does the corporation’s compliance program work in practice?

CVG Strategy Export Control Training

CVG Strategy provides a one-day live export compliance webinar.   This training covers the regulatory and statutory framework of export law.  It covers the key principals and essentials of ITAR and EAR Export compliance.  Subjects covered in this training include:

  • ITAR and USML (U.S. Munitions List).
  • EAR and CCL (Commerce Control List).
  • Registration with the State Department.
  • ITAR and EAR technical data controls.
  • ITAR and EAR licenses.
  • Compliance and enforcement.
  • Transition of hardware and technical data from the USML to the Export Administration Regulations (EAR)
  • Regulation of brokering activities.
  • Using classification of articles to organize the necessary controls for US Law.

Other CVG Strategy Export Services

CVG Strategy, LLC is a premier provider of customized ITAR Consulting and ITAR & Export Compliance Programs.  Visit our ITAR store for badges, signs, and visitor log books to help with your facility security requirements.  We also offer answers to your ITAR questionsContact Us today to see how we can help your export compliance program.

 

Remote Workforce Cybersecurity Concerns Grow

Remote Workforce Cybersecurity
Remote Workforce Cybersecurity

Business Executives Have Concern About Remote Workplace Cybersecurity

Remote Workforce Cybersecurity is a growing concern for businesses who are adapting to the Covid-19 pandemic.  Although many tools are available to secure vital data, the remote employee still poses the greatest threat.  The challenge therefore is to train employees how to regularly use effective cybersecurity practices.

Effective IT Tools and Policies

A number of tools are available for cybersecurity.  These include the use of Virtual Personal Networks (VPN)s, encrypted data protocols, dual authentication, and providing employees with properly set up equipment.  Policies can also help to mitigate cyber vulnerabilities.  These include prohibiting data from being on employees’ personal devices and establishing protocol for meeting software usage.  All of these, however are only as effective as the daily habits of the employees that are accessing secure data.

Information Security Management Systems

An Information Security Management System (ISMS) is  a comprehensive approach to keeping corporate information secure.  It involves people, processes, and IT systems to coordinate business security efforts.  ISO 27001 (ISO/IEC 27001) is a standard for developing an ISMS that ensures comprehensive integration of internationally recognized best practices.  Because it employs risk management and continual evaluation for improvement it is a dynamic tool capable of adapting to a cyberthreat environment that is growing in scale and complexity.  As with any management system, continual training is critical for effective implementation.

Improving Remote Workforce Cybersecurity Practices

Although cyber-criminals are using increasingly sophisticated tools phishing remains a leading form of attack.  Employees should be trained to think before they click on suspicious emails and links.  Other basic practices include proper password etiquette.  Passwords should be should be strong and unique.  Follow this link for The National Institute for Science and Technology’s guidance on Choosing and Protecting Passwords.

People can be brilliant and still not regularly practice common sense.  Instilling good practices involves continual education.  While it is easy to point the finger elsewhere, you may well ask yourself how well you practice cybersecurity basics.  To find out take the Federal Trade Commission Cybersecurity Basics Quiz.

CVG Strategy

CVG Strategy cybersecurity experts are committed to keeping business information secure.  This is more critical than ever as remote workforce cybersecurity practices increase vulnerability.  We can help your business implement ISMS solutions that fit your unique requirements and provide the training required to make them work.  Contact Us today to see how we can help.