by CIO Staff

8 (Not so Easy) Steps for Complying with Federal Export Regulations

Jan 15, 20041 min

1. Identify all sensitive data in a system. Start with the most obvious, but don’t assume anything is “safe.”

2. Assess the strength of outsourcers’ physical and information security practices before signing a contract with them.

3. Build not only the regulations compliance into outsourcing contracts but include specific processes for meeting requirements.

4. Include a change control mechanism in the contract so that as situations shift (for example, the outsourcer wants to add foreign nationals to a project), processes can be revised.

5. Create security profiles for all workers and lock down foreign nationals’ access to regulated information.

6. Employ at least a two-factor method of identification for all users.

7. Use an outside company to assess your network security. Find out, for example, if workers can break into the rest of the network when you provide access to a live production server.

8. Conduct periodic audits of the outsourcers’ compliance with the federal regulations.