PRI EXPORT

CONTROL
SYSTEM General Training for PRI
UPDATED
Registrar Staff and
APRIL 2018 Independent Contractors

Copyright© Performance Review Institute 1

PRI EXPORT CONTROL SYSTEM

 PRI has maintained an Export Control system since April 2005 to

ensure compliance with U.S. Export Control Regulations

 It is important for all PRI employees and Independent Contractors to

be aware of PRI’s EC system, and their specific responsibilities within
the system, to ensure PRI remains compliant with U.S. Export Control
Regulations

 The following presentation will outline key aspects of U.S. Export

Control Regulations, the impact on PRI, and PRI’s system to ensure
compliance with regulations

Copyright© Performance Review

2
Institute
PRI EXPORT CONTROL SYSTEM
PRI AND U.S. EXPORT REGULATIONS

1. Why does the U.S. have these regulations?

2. What are the regulations?

3. What is technical data?

4. What is an export?

5. What is a foreign person?

6. How is PRI impacted?

7. PRI’s EC system

Copyright© Performance Review

3
Institute
PRI EXPORT CONTROL SYSTEM
WHY DOES THE U.S. HAVE EXPORT REGULATIONS?

 There are a number of countries who wish to do harm to the United

States
 The government wants to assure that certain products, technologies,
software and know-how do not fall into the wrong hands
 The U.S. protects information and products from other countries as
they deem is in their best interest
 The interests of the United States are protected through export
regulations, in the same way companies protect their information
through proprietary restrictions (e.g., Non-Disclosure Agreements)

Copyright© Performance Review

4
Institute
PRI EXPORT CONTROL SYSTEM
TOP THREE REASONS

Top three reasons for U.S. export regulations:

 National Security

 Foreign Policy

 Non Proliferation

Copyright© Performance Review

5
Institute
PRI EXPORT CONTROL SYSTEM
WHAT ARE THE REGULATIONS?

 Two major regulations:

 International Traffic in Arms Regulations (ITAR) protect military products,
items, technology, and know how

 Export Administration Regulations (EAR) protect commercial or dual-

use products, items, technology, know how

 The regulations define the items and technical data that must be
protected, and the persons allowed to access the protected
items/data.

Copyright© Performance Review

6
Institute
PRI EXPORT CONTROL SYSTEM
THE ITAR

 Administered by U.S. Department of State (Directorate of Defense

Trade Controls)

 Broadly defined and tightly controlled

 Includes all items on United States Munitions List

 If an item was designed, developed or modified for a military

application; and is found on the United States Munitions List, then it is
subject to the ITAR

Copyright© Performance Review

7
Institute
PRI EXPORT CONTROL SYSTEM
THE EAR

 Administered by U.S. Department of Commerce (Bureau

of Industry and Security)
 Detailed item descriptions and varying levels of control
 Includes all items on Commerce Control List
 If an item was designed for commercial or dual-use
(commercial and military), and it is found on the
Commerce Control List, then it is controlled by the EAR

Copyright© Performance Review

8
Institute
PRI EXPORT CONTROL SYSTEM
WHAT IS TECHNICAL DATA?

 Technical data …
 helps a person design, develop or manufacture an item
 can exist on paper or digitally
 can be stored in your mind and exported through face-to-
face or other communication with a Foreign Person
 includes all types of information which is not in the public
domain

Copyright© Performance Review

9
Institute
PRI EXPORT CONTROL SYSTEM
TECHNICAL DATA DEFINED IN ITAR

“Technical data is:

1. Information, other than software, which is required for the
design, development, production, manufacture,
assembly, operation, repair, testing, maintenance or
modification of defense articles
This includes information in the form of blueprints,
drawings, photographs, plans, instructions or
documentation.

Copyright© Performance Review

10
Institute
PRI EXPORT CONTROL SYSTEM
TECHNICAL DATA DEFINED IN ITAR

“Technical data also includes:

2. Classified information relating to defense articles and
defense services
3. Information covered by an invention secrecy order
4. Software directly related to defense articles

Copyright© Performance Review

11
Institute
PRI EXPORT CONTROL SYSTEM
TECHNICAL DATA DEFINED IN EAR

“Technical Data:
May take forms such as blueprints, plans, diagrams, models,
formulae, tables, engineering designs and specifications,
manuals and instructions written or recorded on other media
or devices such as disk, tape, read-only memories.

Copyright© Performance Review

12
Institute
PRI EXPORT CONTROL SYSTEM
WHAT IS AN EXPORT?

Any item sent from the United States to a foreign destination (company or person) is
an export
The U.S. government controls exports based upon the item and foreign destination.
For example,
 An X-box listed as a dual use item on the commerce control list under EAR cannot be exported to
countries like North Korea, Cuba, Iran, etc.

 A drawing of a landing gear listed on the munitions list under ITAR cannot be exported to any
foreign person without a license

Exports can be …
 physical (sending an item to a foreign country or person)
 aural or verbal (telling a Foreign Person information about an item)
 visual (a Foreign Person sees information about an item … even if they see it on your
laptop in a public place)

Copyright© Performance Review

13
Institute
PRI EXPORT CONTROL SYSTEM
U.S. PERSONS AND FOREIGN PERSONS

 U.S. Persons are U.S. citizens or Permanent Resident Aliens

(green card holders)
 Foreign Persons are everyone else
 The term “Person” in this context also applies to companies
 Generally, U.S. Persons are allowed access to items, technical
data, and know how listed in U.S. ITAR and EAR regulations

Copyright© Performance Review

14
Institute
PRI EXPORT CONTROL SYSTEM
HOW IS PRI IMPACTED?

 ITAR and EAR are the law

 The U.S. Government takes these laws very seriously

 PRI activities create the opportunity for technical data

controlled under ITAR and EAR to be exported to Foreign
Persons

 PRI can be penalized for non-compliance

Copyright© Performance Review

15
Institute
PRI EXPORT CONTROL SYSTEM
PENALTIES

 Fines

 Imprisonment

 Government oversight

 Penalties can be civil or criminal

 Penalties can be imposed against both companies and

individuals

 Violations are public record

Copyright© Performance Review

16
Institute
PRI EXPORT CONTROL SYSTEM
MAXIMUM PENALTIES

EAR
 Civil penalties may be the greater of $250,000 or twice the
value of the transaction.
 Criminal penalties may be up to $1,000,000 and/or 20
years imprisonment.

ITAR
 Civil penalties up to $500,000 per violation
 Criminal penalties up to $1,000,000 per violation
and/or 10 years imprisonment

Copyright© Performance Review

17
Institute
PRI EXPORT CONTROL SYSTEM
PRI’S EXPORT CONTROL SYSTEM

• PRI developed an Export Control system to ensure compliance with

U.S. Export Control Regulations

• PRI’s EC system is defined in PRI-AD-POL-03 that is maintained on

PRI’s internal network (SharePoint)
• The policy:
• Requires Staff to disclose their nationality
• Requires Staff to be knowledgeable of EC requirements and to follow the policy
• Includes stakeholder responsibilities for identifying and controlling technical
data
• Defines control of technical data in RMS or OASIS

Copyright© Performance Review

18
Institute
PRI EXPORT CONTROL SYSTEM
RESTRICTED TECHNICAL DATA

• The PRI EC system and associated procedures use the term

restricted technical data
 Restricted technical data is a general term used by PRI to indicate items,
technical data, and know how which are subject to U.S. export regulations
 Restricted technical data must be controlled and cannot be exported to
foreign persons
 Restricted technical data requires authorization from the U.S. government
prior to export (license), or have some other type of restriction or
consideration required prior to export
• PRI’s system is based upon controlling access to restricted technical
data as opposed to obtaining licenses to export restricted technical
data
Copyright© Performance Review
19
Institute
PRI EXPORT CONTROL SYSTEM
CONTROL OF RESTRICTED TECHNICAL DATA

• PRI’s EC system is designed to

• Control access to restricted technical data during
the audit
• Prevent restricted technical data from being
stored in RMS or OASIS, or within PRI
computers, networks or email systems
• Prevent restricted technical data from being
disclosed/shared during PRI sponsored
meetings or events
Copyright© Performance Review
20
Institute
PRI EXPORT CONTROL SYSTEM
CONTROL DURING THE AUDIT

• Auditors are classified as U.S. Persons (Unrestricted) or Foreign

Persons (Restricted)
• The Auditee communicates that restricted technical data is part of
their audit by answering the ITAR/EAR question in RMS or OASIS
• Restricted auditors are not scheduled on ITAR/EAR audits
• Unrestricted auditors are not allowed to remove restricted
technical data from the Auditee’s facility or retain on personal
computers
• Restricted auditors that suspect restricted technical data is part of
the audit are to stop the audit and contact PRI

Copyright© Performance Review

21
Institute
PRI EXPORT CONTROL SYSTEM
CONTROL OF DATABASES, COMPUTERS, NETWORK AND EMAIL
SYSTEMS

• Audit Report Reviewers are classified as U.S. Persons (Unrestricted) or

Foreign Persons (Restricted)
• All submitted audits are quarantined until they are reviewed by an
Unrestricted reviewer and any restricted technical data removed prior to the
audit being released into the system
• Auditees are not permitted to post restricted technical data into RMS or
OASIS or send restricted technical data to the reviewer via email
• Restricted technical data that is posted in RMS or OASIS is removed by an
Unrestricted reviewer
• Restricted technical data that is emailed to a reviewer is deleted
immediately
• Restricted technical data that must be reviewed as part of the audit is sent
to a secure system, reviewed by an Unrestricted reviewer, and discarded
Copyright© Performance Review
22
Institute
PRI EXPORT CONTROL SYSTEM
STAKEHOLDER RESPONSIBILITIES

• Auditees:
• Recognize restricted technical data associated with the audit

• Communicate the ITAR/EAR status of the audit

• Safeguard restricted technical data during the audit
• Must not post restricted technical data in RMS or OASIS
• Are not to disclose restricted technical data at meetings
and events

Copyright© Performance Review

23
Institute
PRI EXPORT CONTROL SYSTEM
AUDITOR RESPONSIBILITIES

• Provide proof of citizenship to PRI and notify PRI of any changes

• Communicate their EC status to the Auditee during the Opening
Meeting
• Unrestricted auditors must safeguard restricted technical data
during the audit
• Unrestricted auditors must not post restricted technical data in
RMS or OASIS
• Restricted auditors are to stop the audit and contact PRI if they
suspect that restricted technical data is part of the audit
• Report any potential EC issues to PRI immediately

Copyright© Performance Review

24
Institute
PRI EXPORT CONTROL SYSTEM
STAFF RESPONSIBILITIES

• Provide proof of citizenship to PRI and notify PRI of any changes

• Know your EC status (Unrestricted or Restricted)
• Understand PRI’s EC policy
• Know the EC requirements for your specific job duties
• If your status is “Restricted”, do not access restricted technical data
• If you know or suspect an EC violation or issue, contact your
supervisor immediately
• If you are unsure how to proceed, ask questions before you act.

Copyright© Performance Review

25
Institute
PRI EXPORT CONTROL SYSTEM
CONTACT

If you have questions about this information,

contact:

Pete Kucan
pkucan@p-r-i.org
1-724-772-7170

Copyright© Performance Review

26
Institute