Digital Storage of ITAR Controlled Documentation

Russ

Quite Involved in Discussions
#1
I am trying improve our handling of ITAR documentation and am looking for examples of how everyone stores their ITAR documentation be it drawings, records, etc. Do you keep these separate from all others or not? Is limiting access to the network enough control over this documentation or should we have all ITAR documents in an area where only a select few can access?:bonk:
 
Elsmar Forum Sponsor

WCHorn

Rubber, Too Glamorous?
Trusted Information Resource
#3
In my opinion, it depends on who has access to the documents, electronic or paper. Only US persons can have access; you need to protect the information from Foreign Persons. That protection extends to assurance that persons authorized to have access know about ITAR and duly protect the data from Foreign Persons.

We digitize almost everything and it has been effective for us. Again in my opinion, electronic documentation is far easier to control than paper. We don't keep it separate because we don't have foreign persons working for us, so we just have to worry about our intranet security and visitors.
 

Russ

Quite Involved in Discussions
#4
WCHorn, thanks for your reply. Since I am not one to make complex systems when simple will work it is good that I am not alone in that thinking!
 

JLyt207

Involved In Discussions
#5
In my opinion, it depends on who has access to the documents, electronic or paper. Only US persons can have access; you need to protect the information from Foreign Persons. That protection extends to assurance that persons authorized to have access know about ITAR and duly protect the data from Foreign Persons.

We digitize almost everything and it has been effective for us. Again in my opinion, electronic documentation is far easier to control than paper. We don't keep it separate because we don't have foreign persons working for us, so we just have to worry about our intranet security and visitors.
This is it in a nutshell. Your system has to prevent accidental "export" to non-U.S. persons. Hopefully you can prove that you screened everyone that does have access. In addition to citizenship make sure your records indicate you screened them against the denied persons list.

We go to the additional step of keeping controlled info on a separate network drive. It requires an extra step to get to and it is clearly marked so that users are less likely to accidentally export anything. We need hard copies on the floor and those are clearly stamped. They have folders they keep them in when not in use.
 

Pjservan

Involved In Discussions
#6
This is it in a nutshell. Your system has to prevent accidental "export" to non-U.S. persons. Hopefully you can prove that you screened everyone that does have access. In addition to citizenship make sure your records indicate you screened them against the denied persons list.

We go to the additional step of keeping controlled info on a separate network drive. It requires an extra step to get to and it is clearly marked so that users are less likely to accidentally export anything. We need hard copies on the floor and those are clearly stamped. They have folders they keep them in when not in use.
Agree with the above.

In addition, I recommend this network drive is only accessible from your physical location of business. Accessing the drive from external locations my expose you to some other risks. For example, if you have people that travel overseas for business and have access the drive, they might inadvertently "export" information .
 

Russ

Quite Involved in Discussions
#7
Three other points I would like to get input on which I think are weaknesses in our ITAR handling. We don't currently do these but I believe we need to include them in our system.
1) Have some kind of central tracking of all ITAR docs sent to anyone.
2) Label CNC programs for all ITAR parts
3) Label ITAR parts that are in RTS

Any thoughts?
 
#8
After doing some work on the subject of cloud storage of ITAR/EAR information, I was able to determine that the following conditions need to be met:
1) "End to end encryption" must be used to secure the technology or software;
2) The encryption technology in use must meet or exceed Federal Information Processing (FIPS) Publication 140-2 and be supplemented by security related software meeting or exceeding current NIST guidance; and
3) The technology or software must not be intentionally be stored in a country in Country Group D:5 or in Russia.

Hope this helps if you are planning to story information off site.
 
Thread starter Similar threads Forum Replies Date
DuncanGibbons Technical Data Package vs Digital Product Definition APQP and PPAP 0
D Calibration of Digital thermometer with surface probe General Measurement Device and Calibration Topics 1
A Digital Timer Calibration Requirements General Measurement Device and Calibration Topics 3
A Feedback of typical maintenance problems with LMI digital probes Inspection, Prints (Drawings), Testing, Sampling and Related Topics 0
O Mitutoyo Digital Caliper to PC USB question General Measurement Device and Calibration Topics 2
J Integrity of electronic digital records - Medical Devices ISO 13485:2016 - Medical Device Quality Management Systems 4
C Teaching Metrology - Vernier vs Digital General Measurement Device and Calibration Topics 7
M Informational TGA presentation: Digital Devices Webinar 3, 20 June 2019 Medical Device and FDA Regulations and Standards News 0
M Informational US FDA – Digital Health Update: Mid-Year Update on Software Precertification Program Medical Device and FDA Regulations and Standards News 0
M Informational USFDA – Digital Health Update: The FDA Announces an Opportunity for Test Case Volunteers for the Test Plan for the Software Precertification Program Medical Device and FDA Regulations and Standards News 0
M Informational COCIR paper – Advancing Cybersecurity Of Health And Digital Technologies Medical Device and FDA Regulations and Standards News 0
P How to Calibrate a HP 3458A Digital Multimeter with Fluke 5080A calibrator General Measurement Device and Calibration Topics 1
M Digital user manuals CE Marking (Conformité Européene) / CB Scheme 0
M FDA News USFDA Digital Health Update – New actions and documents Medical Device and FDA Regulations and Standards News 0
M Informational Webinar: The role of the TGA in digital health Medical Device and FDA Regulations and Standards News 0
M FDA News Digital Health Update: USFDA Report on Non-Device Software Functions Now Available Medical Device and FDA Regulations and Standards News 0
D How to Calibrate any Digital Sphygmomanometer under use for 2 years in a Hospital Forum News and General Information 1
M Medical Device News FDA News - 13-09-18 - FDA works w/ tech industry to promote digital health innovation Other US Medical Device Regulations 0
D Kanomax MODEL 3443 DIGITAL DUST MONITOR Calibration and Metrology Software and Hardware 3
S Repairing Mitutoyo Digital Micrometers General Measurement Device and Calibration Topics 7
D AMS 2750E - Digital Instrument Calibration Accuracy Requirements General Measurement Device and Calibration Topics 1
K 21 CFR Part 11 (and EU) compliant Digital Signatures on a Production Line Other US Medical Device Regulations 5
N Digital vs Dial Caliper Comparison Measurement Uncertainty (MU) 17
rob73 Digital DMF (Device Master File) Records EU Medical Device Regulations 3
A Automated calibration of Digital Multimeter without communication port Calibration and Metrology Software and Hardware 2
Ajit Basrur Do you use Digital Pen or Digital Highlighter during audits? General Auditing Discussions 6
D Hand-held Digital Tension Meter Calibration General Measurement Device and Calibration Topics 1
G Digital Autoclave Accuracy Requirements ISO 13485:2016 - Medical Device Quality Management Systems 2
B Do I need to perform Gage R&R on a Digital Temperature & Humidity Gage Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 18
B Digital Signature Solutions acceptable to use in an FDA Medical Device Environment 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
B Measurement Software for Digital Microscopes Manufacturing and Related Processes 2
J Digital Scale Re-Calibration Interval Frequency General Measurement Device and Calibration Topics 10
W In what format do you convert documents to digital form? Document Control Systems, Procedures, Forms and Templates 10
B Digital Torque Meter Gage R&R General Measurement Device and Calibration Topics 4
R Service Recommendation for Excel Digital Signatures Qualification and Validation (including 21 CFR Part 11) 2
K FAI (First Article Inspection) using Digital Design Data AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 7
L Remote Control Inspection Digital Indicator with a TIR (range) function Inspection, Prints (Drawings), Testing, Sampling and Related Topics 4
M Calibrating Digital Pressure Gages In-House General Measurement Device and Calibration Topics 10
I Should we immediately have recalibrated our Digital Torque Gauge? IATF 16949 - Automotive Quality Systems Standard 5
D Procedure for use of a Digital Indicator and a Height Gage Document Control Systems, Procedures, Forms and Templates 6
M Calibration of Digital Panel Meters General Measurement Device and Calibration Topics 4
T Purchasing a Digital Multimeter Calibration and Metrology Software and Hardware 3
AnaMariaVR2 Paper Productivity vs. Digital Productivity Systems Quality Tools, Improvement and Analysis 4
M Part 11 Compliant Digital Signature Requirements - Sharepoint Qualification and Validation (including 21 CFR Part 11) 1
F What are the Advantages of a Digital Caliper Compared with a Dial Caliper? General Measurement Device and Calibration Topics 8
W Digital Multi-Meter Calibration Procedure for various Meter Brands and Functions General Measurement Device and Calibration Topics 7
P Boeing D6-51991 Quality Assurance Standard for Digital Product Definition AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
G Clear-Cast - Indoor digital tv antenna Coffee Break and Water Cooler Discussions 5
A Has anyone tried a DAC (Digital to Analog Converter)? After Work and Weekend Discussion Topics 5
G Medical Device Digital Video Component Interface for Video Captures IEC 60601 - Medical Electrical Equipment Safety Standards Series 1

Similar threads

Top Bottom