Solutions - ITAR / EAR
Foreign national access decisions your compliance team can stand behind.
Give export compliance teams a structured intake, export-control screening workflow, and complete evidence record before controlled technical data or hardware access happens.
- Access scope
- Human review
- Exportable record
Decision before access
Intake, screening, review, approval gate, and evidence export stay on one record.
The problem
The access control gap in ITAR/EAR facilities
ITAR § 120.19 (deemed export) and EAR Part 734 require a written determination before foreign nationals access controlled technical data, defense articles, or covered hardware. In practice, that determination happens in email, a shared spreadsheet, or a meeting with no paper trail — and the review record lives in someone's inbox until they leave.
Regulated Access is a structured intake and reviewer workflow for exactly that gap: capture the subject's identity and citizenship, define the access scope and host, route the request through the configured screening workflow, and export a self-contained record of the decision.
Screening
Export-control screening at submission
The screening workflow is modeled around the source families most relevant to ITAR/EAR risk: DDTC debarred parties, BIS Entity List / Denied Persons List / Unverified List / Military End-User List, and OFAC SDN. Real provider activation remains deployment-gated. When configured, cases with an unresolved match cannot proceed to approval; the gate is enforced in the database, not in the UI.
Match resolution is structured: reviewers classify each match as a false positive, confirmed, escalated, or resolved by policy exception. Every classification is audited. The approval gate re-evaluates after each resolution — a case cannot advance while any match is still open.
Intake
Structured intake for foreign national access
Subject identity
First name, last name, date of birth, and citizenship — captured in a structured form. Passport plaintext is single-use; only the last four digits are retained after submission.
Access scope
Reviewers define what the subject will access: purpose, controlled-data categories, and the specific site and host. Scope is part of the evidence record.
Supporting documents
Attach visa, passport copy, sponsorship letter, or other supporting documents at intake. Documents are stored per-case and included in the evidence pack.
Host and site
Each request is anchored to a specific host and site. Reviewers can approve access to one site without automatically authorizing others.
Evidence
Evidence packs for export-record retention
Every case can export a self-contained evidence pack: a JSON manifest covering the full decision chain (intake, reviewer actions, screening results, audit events), an optional PDF summary, and an optional ZIP containing both. Evidence packs carry no raw PII — names, passport text, document filenames, and IP addresses are excluded from the manifest by design.
Export a pack the day of the decision, six months later, or in response to a DDTC or BIS inquiry. The hash-chained audit log behind every pack means the record can be verified as unmodified.
Scope
Where this fits in your export-control program
SecurePoint Regulated Access supports controlled-access reviews for export-sensitive environments. It gives your compliance team a structured workflow and a complete evidence record for every foreign-national access decision before controlled technical data or hardware is reached.
SecurePoint does not determine export jurisdiction. Classification under ITAR, EAR, or any other regime — and the legal determination of whether a specific transfer is authorized — remain with your export counsel. The product documents the access-control decision; counsel determines the legal scope.
The screening workflow is integration-ready for DDTC, BIS, and OFAC source families. See the security page for current deployment scope.
See it on a sandbox tenant.
We'll model a foreign national access scenario — visitor, contractor, or researcher — against a live sandbox. Bring your screening sources and we'll show you exactly what the intake captures, what screening flags, and what the evidence pack exports.