We are considering what would happen if foreign company were added to our instance of Epicor.
Since Epicor ERP is not really an engineering system, what are the regulatory risks of letting non-us persons access the data? An export happens when a non-us person looks at some information like a custom print, CAD, firmware or work instructions and can glean clues as to how a military article is made. This is not to be confused with classified information which is totally another level.
In Epicor all of those are links to our file server so nobody from the outside can get to them.
The only thing I can think of that could be considered an export is bills of materials.
I realize from a user perspective it’s easy to compartmentalize into separate companies. What about administrators? Is there a way to prevent them from pulling an ITAR Bill of Materials?