Selecting a PLM Solution for Defense Product Development
Manufacturers serving or entering into defense and aerospace markets face simultaneous, and what may be seen as competing, demands. First, manufacturers are tasked with delivering and accelerating product innovation. Second, they must adhere to strict regulatory standards such as International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR). Determining how to best meet these demands requires a range of important decisions, including how to approach product lifecycle management (PLM) and the solutions that can make PLM a critical business advantage instead of an uncomfortable or expensive must-do.
Moving from On-Premises to Cloud
Often, an early decision point in the PLM solution selection process is whether to opt for a “within-four-walls” on-premises approach or to choose a cloud-based solution. In the past, some manufacturers expressed doubt that Cloud PLM solutions could meet ITAR and EAR requirements and defaulted to the technical and data proximity comforts of on-premises options. That tendency has now reversed, as leading companies are adopting secure cloud-based PLM solutions to empower product innovation and support ITAR and EAR compliance. So, what has changed? Gartner notes that overall cloud adoption is projected to reach 85 percent in 2019. This rise has been fueled by two things: significant improvements in the technology stack that supports cloud environments and the tangible rewards that companies adopting cloud technology have realized. And, for companies in the defense supply chain, the United States government’s own promotion of Cloud is critical. The government began with the Cloud First initiative, recently updating it to a stronger Cloud Smart framework. Its goal is to encourage continued cloud migration so that more agencies and agency partners experience cloud technology’s wide-ranging benefits. In fact, Gartner reports continued growth in cloud adoption worldwide by government agencies.
Addressing ITAR and EAR Requirements
First things first. Before getting to the decision of whether on-premises vs. cloud technology makes the most sense for an approach to PLM, companies entering the defense market need a clear understanding of what ITAR and EAR will require from their business. In short, these standards compel companies to adopt measures that ensure technical data and technology deemed defense articles are properly controlled and protected across three general areas:
-
Data Location
ITAR and EAR regulated data is required to remain in the U.S. and remain controlled under export licenses.
-
Cybersecurity Protection
Systems handling applicable data should apply best practices for managing all security layers. This includes information security and vulnerability management policy articulation, regular testing and adjustments, and full encryption capability.
-
Access Management
Information access must be rigorously controlled and restricted to U.S. persons only. Assuring this also requires tracking and visibility
of who is accessing systems and information.
Understanding Compliance Violations
It’s important to stress that no matter where data subject to ITAR and EAR may be kept or transmitted—whether in Excel files, email, on machines, or in the Cloud—these requirements must be met in every instance. Violations under ITAR can bring civil penalties of $500,000 per violation and criminal penalties of up to $1 million per violation, along with up to 20 years in prison.
Achieving Product Innovation and Quality Objectives
While fully adhering to ITAR and EAR is imperative for businesses operating in defense and aerospace markets, compliance alone won’t get manufacturers where they want to go. To stay ahead of the competition and meet customer demands, they must also optimize their approach to product lifecycle management. The defense market is heavily comprised of complex products, often with thousands of electrical, mechanical, and software components, as well as a bevy of related specifications. In addition to product complexity, most teams today are cross-functional and, in many cases, geographically dispersed. Without the right approach to PLM, these characteristics result in siloed activities, significant inefficiencies, and quality issues that combine to delay product introduction, balloon costs, and introduce risk. Manufacturers should never be satisfied with tradeoffs between regulatory compliance and product innovation. Removing development barriers, ensuring quality, and achieving real-time collaboration throughout NPDI should be held as important as regulatory compliance if companies wish to maximize profitability and achieve desired growth.
How Secure Cloud Technology Meets Commercial and Defense Demands
Many advances in cloud service models, including public, private, and hybrid Cloud, have provided a framework for wider use case applications. In the case of Arena, we selected AWS GovCloud (US) as its data center partner so that regulated customers can more easily apply advances in cloud technology to defense product development. AWS GovCloud (US) itself adheres to ITAR regulations, DFARS, NIST SP 800-171, FIPS 140-2, ISO 27001, and other frameworks applicable to the data center portion of the complete solution. This includes the necessary physical and logical administrative access controls. Pairing these regulatory-compliant advances with modern PLM functionality brings manufacturers the added benefits of unifying the entire product record in a single secure platform. This breaks down the silos that prevent collaboration, gives users complete visibility and traceability, and maintains ITAR/EAR compliance at every phase. In contrast, the on-premises solutions adopted in the past sacrificed the product development components needed to move companies beyond compliance and consistently exceed customer expectations. Read about the opportunities and challenges of entering the defense market.
A New and Better Path—Secure PLM for ITAR Compliance
Companies wishing to capitalize on opportunities in regulated defense and aerospace markets should no longer view the simultaneous demands of accelerating product innovation and maintaining ITAR compliance as conflicting. The U.S. government itself subscribes to this view in continuing to promote the adoption of cloud technology to its agencies and partners, giving many the extra push they’ve needed to move to the Cloud for critical applications. It is encouraging that more and more companies are making the move to secure PLM in the Cloud in order to deliver better products to market, faster.
The defense and aerospace market beckons to many product companies seeking to diversify but also demands regulatory compliance in addition to the quality, product development efficiency, and technological innovations every market needs. Many product design and manufacturing companies in this market provide products subject to export regulations, including International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR), requiring compliance in technical data handling and access.
Secure ITAR and EAR Product Development in the Cloud
In this ebook, you’ll learn how ITAR and EAR compliance impacts your product lifecycle management practices and why the benefits of secure Cloud PLM gives you the foundation to win defense business and maintain your commercial market competitiveness.
In fifteen years of working with manufacturers of all sizes, Arena has developed deep insights into the different approaches and best practices of part numbering. These findings can be yours. Learn more about balancing defense market requirements and commercial concerns.