Managing ITAR and Other Risks in A&D Manufacturing

AEROSPACE AND DEFENSE MANUFACTURING ERP

By Thomas Blomquist, Founder/CEO Ideas to Solutions, a Tsunami Tsolutions Company

Joe LaVasseur, Executive Vice President, Tsunami Tsolutions

A&D manufacturers visiting the Tsunami Tsolutions exhibit at IFS Unleashed will gain deep insights into regulatory risk their ERP software can pose and the crucial role of their implementation or services partner in mitigating this risk. 

High Stakes for A&D ERP

A manufacturer with even a portion of their revenue coming from aerospace and defense will need to ensure they are compliant with numerous regulatory requirements, including some that have a great deal to do with their ERP software.  

  • Defense Federal Acquisition Regulation Supplement (DFARS) which outlines cybersecurity requirements along the lines of NIST SP 800-171 and cost accounting standards. 
  • International Traffic in Arms Regulations (ITAR): Ensuring that ERP systems can handle restrictions related to the handling and sharing of defense-related information. 

Visitors to the Tsunami Exhibit at IFS Unleashed will learn about several A&D manufacturing ERP risks, but as a preview, here are insights exclusive to regulatory risks including ITAR and DFARS. 

A&D ERP and Regulatory Risk

Enterprise software used by even the largest defense contractors and manufacturers may not provide adequate protection from these and other regulatory vulnerabilities. The cost for failure to comply with these regulations can be significant. Export control violations can result in fines totalling tens of millions of dollars. Even if dual use or controlled items are not shipped, improper disclosure of data relating to the product constitutes its own violation. Again, the software itself is only a tool that can be configured to ensure compliance, placing a premium not only on the software but the company and individuals implementing and supporting it. CMMC regulations are changing rapidly, and some changes may streamline compliance, including a move from five levels of compliance to only three. According to JD Supra, the proposed DFARS 252.204-7021 language requires a company: 

1.Have a current CMMC certificate or self-assessment at the requisite CMMC level, or higher; 

2.Maintain the required CMMC level for the duration of the contract for all applicable information systems; 

3.Only store, process, or transmit data in appropriate information systems; 

4.Notify the contracting officer within 72 hours of any lapses in information security or changes in the status of CMMC certificate or self-assessment levels; 

5.Complete and maintain on an annual basis, or when changes occur, an affirmation of continuous compliance with the security requirements; 

6.Ensure all subcontractors and suppliers complete and maintain on an annual basis, or when changes occur, an affirmation of continuous compliance with the security requirements. 

Most A&D Manufacturing ERP Software Struggles to Support Aerospace and Defense Regulatory Compliance Standards.

Visitors to the Tsunami Tsolutions IFS Unleashed exhibit will gain detailed insights on what ERP software can and cannot do to ensure compliance with these and other regulations affecting aerospace and defense manufacturers. 

Some enterprise software, out of the box, will have more baked-in functionality for the regulatory and program manufacturing requirements common in aerospace and defense than other products. Some things to keep in mind when selecting software will be: 

  • Partners with deeper aerospace and defense experience likely work closely with software vendors with more mature aerospace and defense functionality. 
  • Seeking a scripted rather than standard demo is important. A live demo is mandatory, and unless the exact functionality you need can be demoed, it may be time to look elsewhere or secure help from a services partner who can extend the solution for you. 
  • The software vendor should come ready with a number of case studies that, if not exactly like your use case, are similar enough to mitigate your risk of a failed or years-long implementation. And reference calls are critical. 
  • Even software vendors steeped in aerospace and defense manufacturing will resist the idea of a paid trial because it prolongs their sales process and may violate certain guidelines from your sales representative’s higher ups. Ask for one anyway—this is even more important if your use case will benefit from some custom configuration of the software, which will require a paid services project in addition to the paid trial. 

The role of the ERP software partner is critical for aerospace and defense manufacturers exposed to regulatory vulnerabilities. Visitors to the Tsunami Tsolutions exhibit at IFS Unleashed will learn: 

  • How they may be subject to regulatory exposure even before they go live on new ERP software 
  • The importance of their internal partner team in successful software adoption 
  • The risks that stem from a vendor or implementation partner not well-versed in aerospace and defense regulatory and business processes 

How Tsunami Tsolutions Ensures ITAR Compliance

Because of our history and focus on aerospace and defense, Tsunami Tsolutions is practiced at eliminating regulatory risks for our customers. 

  • Through recruiting, tooling and systems infrastructure to control access to data, Tsunami Tsolutions has the ability to execute all aspects of the work with U.S. Persons or even restrict access to U.S. citizens if required by a customer’s program. 
  • Tsunami Tsolutions invests in regular and extensive training to ensure personnel are prepared to handle customer data in a compliant fashion.  
  • Working with an empowered official within a customer organization, Tsunami Tsolutions adheres to a rigorous Technology Control Plan (TCP) with appropriate support infrastructure and an experienced export consultant to manage execution against the plan. 
  • Tsunami Tsolutions is ITAR/EAR Compliant and is registered with the Directorate of Defense Trade Controls (DDTC) to secure licenses to share data with other countries when export has been approved. 
Share
Latest Posts

Over decades in aviation, Tsunami Tsolutions has seen airlines, particularly smaller ones with fewer configuration engineers and mechanics, struggle to confidently verify that aircraft are configured with the right allowable parts.

Learn the the vulnerabilities A&D manufacturers face from their own aerospace and defense (ERP) software.

ERP and MRP were designed for repetitive manufacturing. How are IFS and Tsunami Tsolutions delivering shipbuilding ERP?

Latest News

Managing ITAR and Other Risks in A&D Manufacturing

AEROSPACE AND DEFENSE MANUFACTURING ERP

By Thomas Blomquist, Founder/CEO Ideas to Solutions, a Tsunami Tsolutions Company

Joe LaVasseur, Executive Vice President, Tsunami Tsolutions

A&D manufacturers visiting the Tsunami Tsolutions exhibit at IFS Unleashed will gain deep insights into regulatory risk their ERP software can pose and the crucial role of their implementation or services partner in mitigating this risk. 

High Stakes for A&D ERP

A manufacturer with even a portion of their revenue coming from aerospace and defense will need to ensure they are compliant with numerous regulatory requirements, including some that have a great deal to do with their ERP software.  

  • Defense Federal Acquisition Regulation Supplement (DFARS) which outlines cybersecurity requirements along the lines of NIST SP 800-171 and cost accounting standards. 
  • International Traffic in Arms Regulations (ITAR): Ensuring that ERP systems can handle restrictions related to the handling and sharing of defense-related information. 

Visitors to the Tsunami Exhibit at IFS Unleashed will learn about several A&D manufacturing ERP risks, but as a preview, here are insights exclusive to regulatory risks including ITAR and DFARS. 

A&D ERP and Regulatory Risk

Enterprise software used by even the largest defense contractors and manufacturers may not provide adequate protection from these and other regulatory vulnerabilities. The cost for failure to comply with these regulations can be significant. Export control violations can result in fines totalling tens of millions of dollars. Even if dual use or controlled items are not shipped, improper disclosure of data relating to the product constitutes its own violation. Again, the software itself is only a tool that can be configured to ensure compliance, placing a premium not only on the software but the company and individuals implementing and supporting it. CMMC regulations are changing rapidly, and some changes may streamline compliance, including a move from five levels of compliance to only three. According to JD Supra, the proposed DFARS 252.204-7021 language requires a company: 

  1. Have a current CMMC certificate or self-assessment at the requisite CMMC level, or higher; 
  1. Maintain the required CMMC level for the duration of the contract for all applicable information systems; 
  1. Only store, process, or transmit data in appropriate information systems; 
  1. Notify the contracting officer within 72 hours of any lapses in information security or changes in the status of CMMC certificate or self-assessment levels; 
  1. Complete and maintain on an annual basis, or when changes occur, an affirmation of continuous compliance with the security requirements; 
  1. Ensure all subcontractors and suppliers complete and maintain on an annual basis, or when changes occur, an affirmation of continuous compliance with the security requirements. 

Most A&D Manufacturing ERP Software Struggles to Support Aerospace and Defense Regulatory Compliance Standards.

Visitors to the Tsunami Tsolutions IFS Unleashed exhibit will gain detailed insights on what ERP software can and cannot do to ensure compliance with these and other regulations affecting aerospace and defense manufacturers. 

Some enterprise software, out of the box, will have more baked-in functionality for the regulatory and program manufacturing requirements common in aerospace and defense than other products. Some things to keep in mind when selecting software will be: 

  • Partners with deeper aerospace and defense experience likely work closely with software vendors with more mature aerospace and defense functionality. 
  • Seeking a scripted rather than standard demo is important. A live demo is mandatory, and unless the exact functionality you need can be demoed, it may be time to look elsewhere or secure help from a services partner who can extend the solution for you. 
  • The software vendor should come ready with a number of case studies that, if not exactly like your use case, are similar enough to mitigate your risk of a failed or years-long implementation. And reference calls are critical. 
  • Even software vendors steeped in aerospace and defense manufacturing will resist the idea of a paid trial because it prolongs their sales process and may violate certain guidelines from your sales representative’s higher ups. Ask for one anyway—this is even more important if your use case will benefit from some custom configuration of the software, which will require a paid services project in addition to the paid trial. 

The role of the ERP software partner is critical for aerospace and defense manufacturers exposed to regulatory vulnerabilities. Visitors to the Tsunami Tsolutions exhibit at IFS Unleashed will learn: 

  • How they may be subject to regulatory exposure even before they go live on new ERP software 
  • The importance of their internal partner team in successful software adoption 
  • The risks that stem from a vendor or implementation partner not well-versed in aerospace and defense regulatory and business processes 

How Tsunami Tsolutions Ensures ITAR Compliance

Because of our history and focus on aerospace and defense, Tsunami Tsolutions is practiced at eliminating regulatory risks for our customers. 

  • Through recruiting, tooling and systems infrastructure to control access to data, Tsunami Tsolutions has the ability to execute all aspects of the work with U.S. Persons or even restrict access to U.S. citizens if required by a customer’s program. 
  • Tsunami Tsolutions invests in regular and extensive training to ensure personnel are prepared to handle customer data in a compliant fashion.  
  • Working with an empowered official within a customer organization, Tsunami Tsolutions adheres to a rigorous Technology Control Plan (TCP) with appropriate support infrastructure and an experienced export consultant to manage execution against the plan. 
  • Tsunami Tsolutions is ITAR/EAR Compliant and is registered with the Directorate of Defense Trade Controls (DDTC) to secure licenses to share data with other countries when export has been approved. 
Share
Latest Posts

Over decades in aviation, Tsunami Tsolutions has seen airlines, particularly smaller ones with fewer configuration engineers and mechanics, struggle to confidently verify that aircraft are configured with the right allowable parts.

Learn the the vulnerabilities A&D manufacturers face from their own aerospace and defense (ERP) software.

ERP and MRP were designed for repetitive manufacturing. How are IFS and Tsunami Tsolutions delivering shipbuilding ERP?

Shopping Basket

Welcome

Subscribe today for the latest industry insights, news, and exclusive updates

name@companyname.com