Call Us: +1 860.266.6885

Exclusive Insights at IFS Unleashed: The Hidden Regulatory Risk In A&D ERP for Manufacturing

By Thomas Blomquist, Founder/CEO Ideas to Solutions, a Tsunami Tsolutions Company

Joe LaVasseur, Executive Vice President, Tsunami Tsolutions

Visit Tsunami Tsolutions at IFS Unleashed October 14-18 in Orlando, Fla. for exclusive insights into the vulnerabilities manufacturers face from their own aerospace and defense ERP (enterprise resource planning) software (book your appointment here).

A&D manufacturers visiting the Tsunami Tsolutions exhibit at IFS Unleashed will gain deep insights into regulatory risk their ERP software can pose and the crucial role of their implementation or services partner in mitigating this risk.

High Stakes for Aerospace and Defense ERP

A manufacturer with even a portion of their revenue coming from aerospace and defense will need to ensure they are compliant with a slough of regulatory requirements, including some that have a great deal to do with their ERP software.

  • •Defense Federal Acquisition Regulation Supplement (DFARS) which outlines cybersecurity requirements along the lines of (like NIST SP 800-171) and cost accounting standards.
  • •International Traffic in Arms Regulations (ITAR): Ensuring that ERP systems can handle restrictions related to the handling and sharing of defense-related information.
  • Cybersecurity Maturity Model Certification (CMMC) 2.0, a model structure in the DFARS rule that lays out three levels of compliance to National Institute of Standards and Technology (NIST) specifications. Compliance levels a manufacturer must comply with are defined in each program request for information (RFI).

A&D ERP Leaves Significant Compliance Risk

Enterprise software used by even the largest contractors and manufacturers may not provide adequate assurance of from these and other regulatory vulnerabilities. The cost for failure to comply with these regulations can be significant.

  • •In March of 2024, Boeing was fined $51 million for export control violations. According to a Department of State press release, the fine stems from “Boeing’s unauthorized exports and retransfers of technical data to foreign-person employees and contractors; unauthorized exports of defense articles, including unauthorized exports of technical data to the People’s Republic of China, a proscribed destination under ITAR § 126.1; and violations of license terms, conditions, and provisos of Directorate of Defense Trade Controls authorizations.”
  • •In May of 2021, Honeywell was fined $13 million for “alleged unauthorized export of dozens of technical drawings relating to components of various aircraft, missiles, and tanks to countries including China.” The data involved relate to the  F-35 Joint Strike Fighter,  F-22 Raptor, B-1B bomber, Tomahawk cruise missile and M1A1 Abrams battle tank.
  • •Manufacturers outside the United States will still have to contend with export control regimes in their own country, with investigations underway currently in the United Kingdom regarding Airbus after the group had paid fines of 9 million euros after a separate violation.
  • •In July of 2025, Raytheon Parent RDX announced it was setting aside $1.24 billion to address $384 million in penalties and other costs stemming from bribery allegations after $1.9 million was channeled through a consulting firm owned by the Quatari emir’s brother in violation of the Foreign Corrupt Practices Act.

CMMC regulations are changing rapidly, and some changes may streamline compliance, including a move from five levels of compliance to only three. According to JD Supra, the proposed DFARS 252.204-7021 language requires a company:

  1. Have a current CMMC certificate or self-assessment at the requisite CMMC level, or higher;
  2. Maintain the required CMMC level for the duration of the contract for all applicable information systems;
  3. Only store, process, or transmit data in appropriate information systems;
  4. Notify the contracting officer within 72 hours of any lapses in information security or changes in the status of CMMC certificate or self-assessment levels;
  5. Complete and maintain on an annual basis, or when changes occur, an affirmation of continuous compliance with the security requirements;
  6. Ensure all subcontractors and suppliers complete and maintain on an annual basis, or when changes occur, an affirmation of continuous compliance with the security requirements.

A&D Manufacturing ERP Is Not Compliant

Visitors to the Tsunami Tsolutions IFS Unleashed exhibit will gain detailed insights on what ERP software can and cannot do to ensure compliance with these and other regulations affecting aerospace and defense manufacturers.

Some enterprise software, out of the box, will have more baked-in functionality for the regulatory and program manufacturing requirements common in aerospace and defense. Some things to keep in mind when selecting software will be:

  • •Partners with deeper aerospace and defense experience likely work closely with software vendors with more mature aerospace and defense functionality.
  • •Seeking a scripted rather than standard demo is important—the old joke is that some ERP runs better on certain middleware and hardware—namely, Powerpoint on an overhead projector. A live demo is mandatory, but unless the exact functionality you need can be demoed, it may be time to look elsewhere.
  • •The software vendor should come ready with a number of case studies that, if not exactly like your use case, are similar enough to mitigate your risk of a failed or years-long implementation. And reference calls are critical.
  • •Even software vendors steeped in aerospace and defense manufacturing will resist the idea of a paid trial because it prolongs their sales process and may violate certain guidelines from your sales representative’s higher ups. Ask for one anyway.

The role of the ERP software partner is critical for aerospace and defense manufacturers exposed to regulatory vulnerabilities. Visitors to the Tsunami Tsolutions exhibit at IFS Unleashed will learn:

  • •How their regulatory exposure may start even before they go live on new ERP software
  • •The importance of their internal partner team in successful software adoption
  • •The risks that stem from a vendor or implementation partner not well-versed in aerospace and defense regulatory and business processes

 

Share
Latest Posts

Learn the the vulnerabilities A&D manufacturers face from their own aerospace and defense (ERP) software.

IFS Service Management and Maintenance Software Insights at IFS Unleashed By Zoltan Rakoczi-Nagy Implementation Consultant, Tsunami Tsolutions Visit Tsunami Tsolutions at IFS …

Exclusive IFS Enterprise Asset Management (EAM) Insights at IFS Unleashed By Jerry Browning Senior Advisor, ERP, Tsunami Tsolutions Visit Tsunami Tsolutions at IFS …

Latest News

Aerogility drives US expansion with Tsunami Tsolutions partnership Leading model-based AI company Aerogility is accelerating its expansion into the Americas and forming …

Exclusive Insights at IFS Unleashed: The Hidden Regulatory Risk In A&D ERP for Manufacturing

By Thomas Blomquist, Founder/CEO Ideas to Solutions, a Tsunami Tsolutions Company

Joe LaVasseur, Executive Vice President, Tsunami Tsolutions

Visit Tsunami Tsolutions at IFS Unleashed October 14-18 in Orlando, Fla. for exclusive insights into the vulnerabilities manufacturers face from their own aerospace and defense ERP (enterprise resource planning) software (book your appointment here).

A&D manufacturers visiting the Tsunami Tsolutions exhibit at IFS Unleashed will gain deep insights into regulatory risk their ERP software can pose and the crucial role of their implementation or services partner in mitigating this risk.

High Stakes for Aerospace and Defense ERP

A manufacturer with even a portion of their revenue coming from aerospace and defense will need to ensure they are compliant with a slough of regulatory requirements, including some that have a great deal to do with their ERP software.

  • Defense Federal Acquisition Regulation Supplement (DFARS) which outlines cybersecurity requirements along the lines of (like NIST SP 800-171) and cost accounting standards.
  • International Traffic in Arms Regulations (ITAR): Ensuring that ERP systems can handle restrictions related to the handling and sharing of defense-related information.
  • Cybersecurity Maturity Model Certification (CMMC) 2.0, a model structure in the DFARS rule that lays out three levels of compliance to National Institute of Standards and Technology (NIST) specifications. Compliance levels a manufacturer must comply with are defined in each program request for information (RFI).

A&D ERP Leaves Significant Compliance Risk

Enterprise software used by even the largest contractors and manufacturers may not provide adequate assurance of from these and other regulatory vulnerabilities. The cost for failure to comply with these regulations can be significant.

  • In March of 2024, Boeing was fined $51 million for export control violations. According to a Department of State press release, the fine stems from “Boeing’s unauthorized exports and retransfers of technical data to foreign-person employees and contractors; unauthorized exports of defense articles, including unauthorized exports of technical data to the People’s Republic of China, a proscribed destination under ITAR § 126.1; and violations of license terms, conditions, and provisos of Directorate of Defense Trade Controls authorizations.”
  • In May of 2021, Honeywell was fined $13 million for “alleged unauthorized export of dozens of technical drawings relating to components of various aircraft, missiles, and tanks to countries including China.” The data involved relate to the  F-35 Joint Strike Fighter,  F-22 Raptor, B-1B bomber, Tomahawk cruise missile and M1A1 Abrams battle tank.
  • Manufacturers outside the United States will still have to contend with export control regimes in their own country, with investigations underway currently in the United Kingdom regarding Airbus after the group had paid fines of 9 million euros after a separate violation.
  • In July of 2025, Raytheon Parent RDX announced it was setting aside $1.24 billion to address $384 million in penalties and other costs stemming from bribery allegations after $1.9 million was channeled through a consulting firm owned by the Quatari emir’s brother in violation of the Foreign Corrupt Practices Act.

CMMC regulations are changing rapidly, and some changes may streamline compliance, including a move from five levels of compliance to only three. According to JD Supra, the proposed DFARS 252.204-7021 language requires a company:

  1. Have a current CMMC certificate or self-assessment at the requisite CMMC level, or higher;
  2. Maintain the required CMMC level for the duration of the contract for all applicable information systems;
  3. Only store, process, or transmit data in appropriate information systems;
  4. Notify the contracting officer within 72 hours of any lapses in information security or changes in the status of CMMC certificate or self-assessment levels;
  5. Complete and maintain on an annual basis, or when changes occur, an affirmation of continuous compliance with the security requirements;
  6. Ensure all subcontractors and suppliers complete and maintain on an annual basis, or when changes occur, an affirmation of continuous compliance with the security requirements.

A&D Manufacturing ERP Is Not Compliant

Visitors to the Tsunami Tsolutions IFS Unleashed exhibit will gain detailed insights on what ERP software can and cannot do to ensure compliance with these and other regulations affecting aerospace and defense manufacturers.

Some enterprise software, out of the box, will have more baked-in functionality for the regulatory and program manufacturing requirements common in aerospace and defense. Some things to keep in mind when selecting software will be:

  • Partners with deeper aerospace and defense experience likely work closely with software vendors with more mature aerospace and defense functionality.
  • Seeking a scripted rather than standard demo is important—the old joke is that some ERP runs better on certain middleware and hardware—namely, Powerpoint on an overhead projector. A live demo is mandatory, but unless the exact functionality you need can be demoed, it may be time to look elsewhere.
  • The software vendor should come ready with a number of case studies that, if not exactly like your use case, are similar enough to mitigate your risk of a failed or years-long implementation. And reference calls are critical.
  • Even software vendors steeped in aerospace and defense manufacturing will resist the idea of a paid trial because it prolongs their sales process and may violate certain guidelines from your sales representative’s higher ups. Ask for one anyway.

The role of the ERP software partner is critical for aerospace and defense manufacturers exposed to regulatory vulnerabilities. Visitors to the Tsunami Tsolutions exhibit at IFS Unleashed will learn:

  • How their regulatory exposure may start even before they go live on new ERP software
  • The importance of their internal partner team in successful software adoption
  • The risks that stem from a vendor or implementation partner not well-versed in aerospace and defense regulatory and business processes

 

Share
Latest Posts

Learn the the vulnerabilities A&D manufacturers face from their own aerospace and defense (ERP) software.

IFS Service Management and Maintenance Software Insights at IFS Unleashed By Zoltan Rakoczi-Nagy Implementation Consultant, Tsunami Tsolutions Visit Tsunami Tsolutions at IFS …

Exclusive IFS Enterprise Asset Management (EAM) Insights at IFS Unleashed By Jerry Browning Senior Advisor, ERP, Tsunami Tsolutions Visit Tsunami Tsolutions at IFS …

Latest News

Aerogility drives US expansion with Tsunami Tsolutions partnership Leading model-based AI company Aerogility is accelerating its expansion into the Americas and forming …

Shopping Basket