Practitioners of the ITAR often experience frustration when customers can’t or will not provide an accurate classification of controlled data being passed on (i.e. a drawing of a part or assembly). For example we have all received that all to common warning:
WARNING – This document contains technical data whose export is restricted by the Arms Export Control Act (Title 22, U.S.C., Sec 2751, et seq.) or the Export Administration Act of 1979 (Title 50, U.S.C., App. 2401 et seq.), as amended.
You find yourself asking… Which it is, ITAR or EAR controlled? The good and bad news is that the USG also uses this statement, in fact the USAF MRO Depots are required by policy through the SCIENTIFIC AND TECHNICAL INFORMATION (STINFO) PROGRAM the implementing publication AFPD 61-2, Management of Scientific and Technical Information to use the statement when marking technical data.
If your organization is ITAR compliant and/or AS9100 D registered then assessing risk is well within your management system. What happens when a customer adds unexpected risk to your organization? If operational risk is the risk of loss resulting from inadequate or failed processes, people and systems or from external events including legal risk, then in the example here an organization must make a decision, require the proper classification from the Depot or choose to self classify as the data as ITAR or EAR.