Foreign national access review before controlled access is granted.

From host sponsorship to a defensible record, a foreign national access request follows one path — so a reviewer, and later an assessor, can read the decision the same way every time.

Every foreign national access request is anchored to a named host and a specific site. The host states the business reason for the access, the relationship to the subject, and the duration of the sponsorship. Self-sponsorship is not a workflow — a host record and a reviewer are distinct people on every case.

Reviewers see who sponsored the access, when, and the scope the sponsor accepted responsibility for. The sponsorship signal is part of the evidence pack and the audit timeline.

Each request defines what the subject will reach: the purpose of the visit or assignment, the categories of controlled information or hardware in scope, the specific site, and the host. Scope decisions are explicit. A scope that grows mid-engagement creates a new request and a new decision.

The intake captures the subject's citizenship and the context relevant to the access decision — host relationship, sponsoring organization, and the access scope the host has accepted. The structured fields are how reviewers read the case; loose notes and email threads stay out of the evidence record.

Passport plaintext is single-use at intake. After submission the server retains only the last four digits, and document originals are stored per-case behind signed URLs — never bundled into the evidence pack.

The screening workflow is built around the source families most relevant to controlled-access review: OFAC SDN, BIS Entity / Denied Persons / Unverified / Military End-User, and DDTC debarred parties. Screening integration has been validated in controlled testing; production screening is available for configured pilot tenants under a written scope, not enabled by default for every customer.

When a screening run surfaces a potential match, reviewers classify it explicitly: false positive, confirmed, escalated, or resolved by policy exception. Every classification is captured in the audit log. The approval gate re-evaluates after each resolution — a case cannot advance while any match is still open.

Regulated Access gives the export compliance team a structured workflow for the access decision: the scope, the host, the screening result, and the reviewer's rationale all live on the same case record. When export counsel needs to attach a written determination, it lives on the case alongside the rest of the evidence.

SecurePoint does not determine export jurisdiction. Classification under ITAR, EAR, or any other regime — and the legal determination of whether a transfer is authorized — remain with your export counsel. The product documents the access decision; counsel determines the legal scope.

Every case can export an evidence pack: a JSON manifest covering intake, screening, reviewer actions, and audit events; an optional PDF summary; and an optional ZIP package. The manifest is PII-free by design — names, passport text, document filenames, IP addresses, and user-agent strings are excluded.

Document originals stay behind signed URLs on the case record. Third-party screening source data is not included in the pack. The hash-chained audit log behind every pack means the record can be verified as unmodified.

A foreign national access decision is not a one-time check. The re-screening workflow can re-run screening on active cases on a configured schedule. When a re-screen returns a new potential match, the case is flagged for reviewer attention with the same match-resolution structure as the original decision.

Re-screening activity, like the original screening run, is written to the case timeline and surfaced in the evidence pack on next export.

Regulated Access is commercial pilot ready and available for configured pilot tenants. It is access-decision infrastructure: structured intake, reviewer workflow, screening integration, match resolution, evidence packs, and a hash-chained audit log.

Federal-readiness is a separate track. SecurePoint is not claiming federal authorization, agency-specific deployment boundaries, or formal compliance attestation today. See the security page for the current operating scope.