ITAR Information For DPACK
The DPACK team has been asked on multiple occasions about the certification of DPACK related to US Department of States' ITAR (International Traffic in Arms) compliance. Below is some information we were able to gather relating to ITAR and where the DPACK program falls under this compliance designation. Should there be any questions related to DPACK and ITAR, please open a support ticket with DPACK Support (click here) so that we can work to address your specific needs.
What is ITAR?
"ITAR means International Traffic in Arms Regulations (ITAR), which are a set of US regulations that are promulgated, maintained, and enforced by the US Department of State, Directorate of Defense Trade Controls (DDTC). Very generally, the ITAR prohibits the export of hardware, services, and technical data (software and information) listed on the US Munitions List (USML) to non-US persons without authorization from DDTC. The ITAR defines export to include providing access to ITAR-controlled information to non-US persons, both in the US and abroad. Activity as seemingly benign as having a conversation can fall within the controls of the ITAR. Penalties for violating the ITAR are severe, and not only include prison sentences and fines in the tens of millions, but can also shut a company down overnight – so the ITAR gets lots of attention from defense contractors, and its sphere of influence has grown to the point where, today, just about every global business gets touched by the ITAR (even those without any immediately recognizable nexus to the defense sector).
Furthermore, because most ITAR-controlled items are unclassified, the handling, processing and storage of ITAR-controlled information often lacks the USG-established rigor for control we associate with classified information and the NISPOM. DDTC basically told industry it’s our duty to control access to ITAR-controlled information, but has pretty much left us on our own to figure out how to go about doing that (except when someone makes a mistake – that’s when DDTC blasts someone with a huge fine and a Consent Agreement).
--Dell Import/Export Compliance Consultant Group
Does DPACK Require ITAR certification?
"...It appears to us that DPACK does not expose the content of customer technical data to specific inspection or disclosure. The tool is looking at computer performance, not the content of files on a customer’s computer (whether that information is defense controlled or otherwise). On that basis, we should be able to affirm that it does not create a vulnerability or disclosure in violation of ITAR."
--Procurement, Fulfillment & Logistics Group