Export Control Policy

This Policy applies to Web Manuals operations worldwide and to all its directors, officers and employees.

As a leading provider of a cloud-based document management system, Web Manuals is committed to full compliance with all applicable export regulations including the United States (U.S.) export controls.

This Policy applies to Web Manuals operations worldwide and to all its directors, officers and employees. Web Manuals also expects its customers and business partners to understand and comply with their obligations under the U.S. export controls and other international trade laws.

U.S. Export Controls: ITAR and EAR

The U.S. Government has two existing control regimes that apply to the export of transactions facilitated by cloud-based systems such as Web Manuals.

The International Traffic in Arms Regulations (ITAR) provides export and other legal requirements for items used in the defense industry. Under these controls, parties are prohibited from exporting, transferring or releasing ITAR-controlled items such as military, defense, space, and intelligence items (referred to as “defense articles”) including related technical data, to a “foreign person” unless a license is obtained or a license exemption applies. ITAR-controlled items are found in the United States Munitions List (USML). ITAR is administered by the Directorate for Defense Trade Controls (DDTC), Department of State.

Meanwhile, the Export Administration Regulations (EAR) regulates exports of a wide range of U.S. items for use in sensitive end-uses or by prohibited end-users or countries. It covers products, technologies and software with potential military applications although exported predominantly for commercial purposes (referred to as “dual-use”). The Commerce Control List (CLL) provides the list of items and categories used to determine whether an export license is needed from the Bureau of Industry and Security (BIS), Department of Commerce which administers EAR.

The BIS Guidelines further holds that when data is uploaded to the cloud, it is the data owner, i.e. the customer, that is the exporter and not the cloud service provider. It is therefore the responsibility of the data owner to assess whether the data is subject to export controls and to obtain the required license.

Our Policy

Although Web Manuals is not the exporter of customer data, we commit to full compliance with EAR. We acknowledge that our product – the Web Manuals application – is marketed toward a customer segment that is more likely to have export controlled technology and where our product is specifically intended for storing and sharing information relating to such items.

In order to ensure compliance with ITAR, Web Manuals does not handle customer ITAR-controlled data. Customers are obliged to negotiate additional agreements if they intend to store ITAR-controlled data in the Web Manuals application. The act of notifying Web Manuals of such intentions will initiate a process whereby Web Manuals and the customer work jointly to ensure compliance with ITAR.

Specifically, we established our Export Compliance Program which comprises measures that ensure our continuous export compliance. Key components of the program are:

  • Customer Screening – We screen our new and existing customers to ensure that we do not do business with prohibited entities and/or in sanctioned countries.
  • Data location – We use U.S.-based servers for our U.S. and Canadian customers. No Web Manuals data center is located in any of the 205 Group D:5 countries or the Russian Federation.
  • Restricted Access – Only eligible employees – U.S. persons, EAR licensed, or license-exempt –  are allowed access to customer export-controlled data.
  • Export Control Officer – All export-related matters must be approved by the company’s Export Control Officer who shall be a permanent legal resident of the U.S.
  • Technology Control Plan – We have in place a Technology Control Plan (TCP) which outlines the protection we provide to our customers’ classified and export-controlled data. It prescribes security measures that are in place to ensure that no unauthorized access by a non-U.S. citizen employee, visitors, or affiliates.
  • Export Control Training – All our employees undergo initial and recurrent Export Control Training  which covers export control regulations, the company’s export compliance policy and the TCP.
  • Export Compliance Clause – Our SaaS Agreements with customers as well as agreements with partners and suppliers contain a policy for export compliance.

Using Web Manuals to Become and Stay Export Control Compliant

Through its offered suite of tools, Web Manuals can assist organizations meet their export control obligations. Web Manuals’ ability to empower companies to manage their operational knowledge and keep front-line staff in mission-critical environments up-to-date holds true in the realm of export control.

We believe that the Web Manuals application can facilitate companies’ compliance with export requirements in three ways:

  • Documented Policies – Through documentation, customers can translate export regulations into their internal policies and processes. The Web Manuals application features a collaborative way of writing and improving processes, making the understanding of internal processes and ownership of responsibilities more robust.

 

  • Controlled Distribution – Role-based distribution of information ensures against unauthorized access.  This feature aids customers in handling and dealing with critical information such as controlled data. Web Manuals provides customers  with a high degree of control over how permissions are set for users to view and edit data.

 

  • Compliance Monitoring – Customers can create export regulations as a requirement list in their compliance library. The Web Manuals application features smart linking of documents to applicable requirements and allows for automatic notifications whenever updates to the requirements are made.

Recommendations

Customers are ultimately responsible for the data uploaded and transmitted through the services, as stated in the Web Manuals Terms and Conditions for Software-as-a-Service and reflecting the position of the U.S. Commerce Department.

As a general suggestion, customers should consider implementing internal procedures to ensure that export controlled data is not unlawfully exported. Web Manuals encourages U.S./Canadian customers to document these procedures within the Web Manuals software. All data uploaded by customers contracted with Web Manuals Inc. will by default be stored within the United States. In addition to this, Web Manuals provides customers with a high degree of control over how permissions are set for users to view and edit data. Still, depending on the nature of customers’ business, customers may need to implement their own controls with regards to how data permissions are assigned. This is especially true should customers have affiliates outside of the U.S./Canada.

Customers should consult their legal advisors for determining the best way of ensuring compliance with U.S. and international export regulations. The recommendations in this document may not be considered legal advice.

Further information

If you have any questions or concerns relating to this Policy, please contact:

  • for existing customers: your dedicated Customer Success Representative.
  • for organizations interested in evaluating or purchasing Web Manuals: sales@webmanuals.com

Resources

Web Manuals Terms and Conditions for Software-as-a-Service: Terms and conditions

About ITAR at U.S. Department of State website.

About EAR at U.S. Department of Commerce website.