Failures to properly safeguard and compliantly release Export Controlled Information (ECI) are a leading cause of export violations and penalty agreements. The first step in mitigating this risk is understanding your IT capabilities to identify, control, and track ECI in compliance with export regulations. TC Engine’s IT Export Compliance Assessment identifies policy, process, and technology gaps to deliver a prioritized remediation roadmap for maturing IT export compliance capabilities.
IT focus areas:
- Export control requirements, IT policy, and IT architecture – articulation and embedding of export control requirements in IT policy and architecture
- IT asset management – articulation and embedding of export control requirements in IT asset inventory management systems
- Identity & access management – articulation and embedding of export control requirements in user IDs and access controls
- Data tagging & marking – articulation and embedding of export control requirements in structured and unstructured data
- Data scanning & monitoring – identify Export Controlled Information (ECI) location, users with potential access, and users actually accessing ECI
- Data loss prevention – leverage ECI identifiers and release authorities in DLP solutions to control movement of data
- Digital rights management – leverage ECI identifiers and release authorities to encrypt, safeguard, and compliantly release ECI
Export compliance focus areas:
- Export control requirements for IT networks, systems, and data
- Safeguarding and compliant release decision models
- Denied party screening
- Export control jurisdiction & classification
- Export authorization management
- Export control automation
- Automated recordkeeping and reporting