ITAR Compliance

Brea Networks’s engagement with your organization’s compliance needs is a journey and not a one-time project.  We offer compliance as a service to help your organization obtain, manage, and maintain required compliance.
Our support will consist of advising on ITAR/EAR and U.S. export control laws for your current IT and Cybersecurity operation. Brea Networks has legal support resources who work with us to help us properly validate all controls, policies, and procedures.

The purpose of our engagement is to help your organization prepare an ITAR/EAR Compliance Program. If your product is on the U.S. Munitions List (USML), the State Department has jurisdiction over your export.

Your company must be registered with the State Department, and you must apply for an export license through the State Department and Brea Networks can guide you swiftly through this process.

Brea Networks breaks the ITAR/EAR compliance process down to 3 key phases. Once you have contracted Brea Networks as your ITAR/EAR consulting firm, Your project will be broken down as follows:

Gap Analysis

This is our discovery process. We evaluate your current ITAR/EAR data flow and security measures to determine your current compliance posture.

Provisional Assessment

This is where we review audit findings.


We commence updating/adjusting systems, new security practices, procedures, education and policy implementation.

Phase 1: Gap Analysis

We’ll walk you through the process of ITAR/EAR compliance, by understanding your business model, your contracts and your operation. We then perform a detailed analysis of your business and systems to understand your qualifications, and provide recommendations for you to meet ITAR/EAR compliance requirements .

The Gap Analysis process is interactive and requires significant time spent with your team to discuss the controls and what’s needed to meet them. We’ll work together as an extension of your team to accomplish your organizational compliance goals.

Phase 2: Provisional Assessment

Once you receive your Gap Analysis results, we will deliver a plan on how you’re going to implement any missing security controls, policies, and procedures. These controls will include both technical and non-technical measures. This will involve multiple departments, not just IT. If your staff doesn’t have the expertise to do this, we can help. There are options to help you meet those regulations. In any case relax and allow Brea Networks to help you navigate through this process.

One of our prime objectives, is to always provide recommendations that will allow your organization to implement your scope of compliance while minimizing the overall costs of your ITAR/EAR project, without compromising integrity and accuracy.

Phase 3: Remediation

For the remediation phase, the controls you put in place for ITAR/EAR compliance will need to be managed. Many of our customers outsource security and compliance to Brea Networks, even when they have in-house IT, because of its efficiency when bringing in all the knowledge, skills and tools that are needed for advanced security and ongoing compliance.

Brea Networks ITAR/EAR Preparation of the Compliance Program will consist of the following:

  1. Consultation with your organization to develop and understand of your company’s business, development of written ITAR data flow and corresponding policies and procedures.
  2. Identifying and classifying your goods using US Munitions List within scope requirements of ITAR.
  3. Compliance handbook tailored to the specific requirements of the company for the International Traffic In Arms Regulations (“ITAR”), Export Administration Regulation (“EAR”) and OFAC sanctions laws
  4. Steps for implementing the compliance program
  5. Risk assessment (identification of the greatest compliance risks that we see for your company
  6. Remediation compliance steps to protect from these risks
  7. Employee ITAR/EAR compliance training
  8. Technology remediation and implementation overhaul were needed
  9. Microsoft GCC High implementation with call compliance configuration requirements
  10. Register with Directorate of Defense Trade Control and apply for an export license
  11. Fulfill reporting requirements
  12. Create and maintain an export compliance program within your organization
  13. We offer fixed fee cost for the Compliance Programs and payments plans interest free.

Important FAQs:

ITAR Violations – What happens if you violate ITAR?
The Arms Export Controls Act (AECA) and the International Traffic in Arms Regulation (ITAR) provide that willful violations of the defense controls can be fined up to $1,000,000 per violation, or ten years of imprisonment, or both.

What are the most common ITAR violations?
Here, we’ll look at three of the most common ITAR compliance mistakes that can lead to violations and penalties.

  • Not having an internal compliance program or having your plan on paper only.
  • Not doing your due diligence about where your exports are going.
  • Not keeping complete and accurate records.

Who is responsible for enforcing ITAR?
The International Traffic in Arms Regulations (“ITAR,” 22 CFR 120-130) implements the AECA. The Directorate of Defense Trade Controls (DDTC) in the Bureau of Political-Military Affairs at the U.S. Department of State implements the ITAR including the United States Munitions List (USML).

What transactions does ITAR control?
The International Traffic in Arms Regulations (ITAR) is the United States regulation that controls the manufacture, sale, and distribution of defense and space-related articles and services as defined in the United States Munitions List (USML)

How much does it cost to become ITAR compliant?
If you are a first-time registrant, the current application fee will be $2,250. For renewals: If DDTC has not reviewed, adjudicated or issued a response to any application the current applicable fee is $2,250 per year.

Questions about ITAR/EAR Compliance? Contact us Today