IT Management of Export Controls

Practical Strategies for Leveraging IT Security and Automation Tools and Strengthen Global Export Compliance

Tuesday, May 22, 2012
Washington Marriott, Washington, DC

8:00 Registration and Continental Breakfast

8:30 Opening Remarks from the Chair

Matthew T. Henson
Manager, Trade Automation and Systems
Integration Office of International Trade
ITT Corporation (McLean, VA)

8:45 Agency Requirements for Technology Controls and Anticipated Changes under Export Control Reform

Bernard Kritzer
Director, Office of Exporter Services
Bureau of Industry and Security
U.S. Department of Commerce (Washington, DC)

9:15 Identifying and Evaluating Virtual Compliance Risks: Developing Your IT Program Roadmap

William McAveney
Project Lead/Business Analyst
Export/Import Business Processes/Automation
Northrop Grumman Corporation (Falls Church, VA)

Matthew T. Henson
Manager, Trade Automation and Systems
Integration Office of International Trade
ITT Corporation (McLean, VA)

  • Export compliance considerations pertaining to infrastructure, directories, and administration
  • Building your IT roadmap: Core components of your infrastructure
  • Conducting an IT security risk assessment: What does your infrastructure house and the associated risks?
  • Tailoring your IT infrastructure and support model based on your product line
  • Determining the necessary levels of internal and external IT support and automation
    • risk and cost considerations for restricted party screening, license determinations, classification, sanction and embargo and end-use screening
    • pros and cons of using stand-alone applications, and their impact on your ability to interface with other systems
  • Vetting and selecting IT vendors: Key criteria

10:15 Identity Management: Verifying Network Users to Facilitate Secure Virtual Export Transactions

William McAveney
Project Lead/Business Analyst, Export/Import Business Processes/Automation,
Northrop Grumman Corporation (Falls Church, VA)

Umesh Bhatia
President,
Yukti Global, Inc. (East Brunswick, NJ)

  • What is Identity Management: How identity is verified, managed and maintained
  • The intersection of identity management and export compliance
  • Available soft ware and screening tools to confi rm an individual’s identity: Risks and benefi ts of using “digital certifi cates”
  • How to assess the legitimacy of an individual’s credentials provided through virtual channel
  • How to select third party providers of digital certification

10:45 Networking Coffee Break

11:00 Designing Your IT Infrastructure to Protect ITAR and EAR-Controlled Data: Strengthening Your Network, Server, Email, Laptop and Mobile Controls

Selcuk Cetinel
Solutions Executive,
Cisco Systems (UAE)

Ravi Nagubadi
CTO,
exportassure (Chicago, IL)

Sharon M. Wasileski
Director, Regulatory Compliance
Xeratec Corporation (Houghton, MI)

  • Export compliance considerations pertaining to data
    • where is data located?
    • what is the classification of the data?
    • who has access?
  • Tracking classifi cation of data under the ITAR and EAR, and for DoD contracts
  • Managing email transfers of technical data
  • Ensuring your application can record export classifi cation
  • Differences in eff ective laptop vs. server and email protections
  • When to create separate servers for controlled information and/or partition drives
  • Key considerations for using ERP systems to store and manage export-controlled data

12:15 Networking Luncheon

1:15 Controlling Foreign National Access for Cloud Computing, Shared Networks and Collaborative Platforms

Mary C. Menz
Vice President of Trade Compliance
Harris Corporation (Rochester, NY)

Keng Lim
CEO,
NextLabs, Inc. (San Mateo, CA)

  • Determining administrator and user access based on identity, location and rights
  • Creating a framework to share information with foreign parties, parent companies, subsidiaries and affiliates
  • Integrating compliance business systems into the cloud, and ensuring adequate data encryption
  • When cloud computing can help to prevent export violations vs. increase risk
  • Managing controlled technology located on a server in a restricted country

2:30 Networking Coffee Break

2:45 Integrating Export Controls into ERP, PRC, Engineering and Supply Chain Systems: Overcoming Challenges to Successful Program Management

Matthew T. Henson
Manager, Trade Automation and Systems
Integration Office of International Trade
ITT Corporation (McLean, VA)

Scott M. Flicker
Partner,
Paul Hastings (Washington, DC)

  • Mapping out your infrastructure administration
    • designating administrator responsibilities, rights and access
    • identifying network administration challenges, and cost constraints
  • Tailoring implementation of IT processes to affected facilities: Deciding which sites receive which programs and features
  • Merging systems from US sites and non-US sites
  • Measuring the success and limits of your program: Conducting routine assessments to identify and remedy weaknesses

3:45 Outsourcing Helpdesk, Third Level Support, R&D and Soft ware Development: Managing Unique, Heightened Risks of Unauthorized Technology Transfers

Benjamin H. Flowe, Jr.
Partner,
Berliner, Corcoran & Rowe LLP (Washington, DC)

Umesh Bhatia
President,
Yukti Global, Inc. (East Brunswick, NJ)

  • Deciding whether to outsource to a foreign vs. domestic provider
  • Developing a Technology Control Plan (TCP) to manage outsourcing
  • When a foreign “helpdesk” creates more problems than it solves
  • Managing data on outsourced managed computer systems
  • Managing access to internal databases and intranet
  • Monitoring engineering and scientific discussions, and exports of manuals with technical specifications
  • Contractual safeguards to incorporate into outsourcing agreements

4:30 Leveraging the Forensic Capabilities of Your IT Systems for Effective Internal Audits and Investigations

Selcuk Cetinel
Solutions Executive,
Cisco Systems (Detroit, MI)

Ravi Nagubadi
CTO,
exportassure (Chicago, IL)

Scott M. Flicker
Partner,
Paul Hastings (Washington, DC)

Sharon M. Wasileski
Director, Regulatory Compliance
Xeratec Corporation (Houghton, MI)

  • Measuring the forensic capability of your system
  • How IT and Compliance Departments can work together to analyze logging information and retrace the email trail
  • Conducting email and data searches, and how to proceed when servers are in foreign countries
  • Assessing the types of data in your applications and how to support forensic analyses

5:30 IT Seminar Concludes