Lumiform Mobile audits & inspections
Get App Get App

ITAR Compliance Audit Template

Use this extensive audit template to carry yearly compliance audits and identify ITAR non-compliance based on export clearance requirements, ITAR-controlled technical data, use of ITAR exceptions, and more. This 60-point checklist template is designed for compliance officers to quickly determine ITAR compliance based on 26 categories, including registration, licenses, and voluntary disclosure.

Downloaded 57 times
ITAR Compliance Audit
Jurisdiction and Classification
Has the company properly determined if its products being exported are on the U.S. Munitions List (“USML”) and subject to ITAR?
Has the company maintained adequate records of the basis of its classification for each of its products?
Has the company complied with the ITAR recordkeeping requirements as set forth at 22 CFR § 122.5?
Is an export license required for a transaction?
If an export license is required for a transaction, has the company obtained the license (e.g. DSP-5, DSP-6, DSP- 73, DSP-74)?
Has the company complied with the terms, conditions, and provisos set forth in the license?
ITAR–Controlled Technical Data and Software
Has the company disclosed ITAR-controlled technical data to Foreign Persons in the U.S. (including to employees) with a license or applicable exemption?
Has the company transferred technical data regarding ITAR-controlled items with a license or applicable exemption to 1) Foreign sales agents or marketing intermediaries; 2) Foreign prospective customers as part of marketing proposals; 3) Prime or subcontractors, suppliers, program partners; and 4) Persons in trade shows, marketing presentations?
Have company employees taken ITAR-controlled technical data in overseas travel, including in documents, laptop computers, PDA’s, iPhones, iPads and similar devices with a license?
Has the company transferred ITAR-controlled technical data to company employees who are Foreign Persons specifically authorized in the company’s Technical Assistance Agreements or other DDTC authorizations? (This includes in both foreign offices and in U.S. offices.)
Has the company NOT posted ITAR-controlled technical data or software on websites, chat rooms or transferred such items to Foreign Persons through e-mails, text messages, e-mail attachments, faxes, videos, telephone calls or other electronic communications?
Defense Services
Has the company performed any services for Foreign Persons related to any items on the USML, or items within the definition of Defense Services, with a Technical Assistance Agreement (“TAA”) or other applicable agreement approved by DDTC? (This includes services performed in the U.S. and overseas.)
Will the company be performing services for foreign military customers in connection with the sale of items subject to EAR?
Has the company performed services for a foreign military organization or foreign defense industry company in connection with an item regulated under the EAR?
Imports of Defense Items
Has the company imported any items on the USML in temporary import transactions or on the USML in permanent import transactions with a license?
Is the company registered with DDTC as a manufacturer and/or an exporter?
Has the company notified DDTC within 5 days of changes of the information set forth in its Registration Statement?
Does the company engage in brokering activities that require the company to register as a broker?
Debarred Party List Review
Has the company conducted reviews of all parties to its transactions involving ITAR-controlled items to verify that such parties are not listed on DDTC’s Debarred Parties List?
Export Clearance Requirements
Has the company complied with the export procedures for exports of ITAR-controlled unclassified technical data?
Has the company complied with the export procedures for its exports of ITAR-controlled hardware?
Has the company complied with the export procedures for the performance of Defense Services?
Reexports and Retransfers
If an ITAR-controlled item was properly exported (including ITAR-controlled technical data), was proper authorization obtained for reexports or retransfers of such items?
License/Agreement Administration
Has the company followed the requirements for the proper administration of licenses and agreements?
See-Through Rule
Has the company exported, reexported or retransferred an item that incorporates ITAR-controlled parts, components, attachments or accessories or is based upon ITAR-controlled technical data?
Reports For Sales Commissions, Fees and Political Contributions
Has the company or its Vendors (as defined at 22 CFR § 130.8) paid or offered to pay sales fees or commissions in connection with the sale of ITAR-controlled items in excess of $100,000, or political contributions in excess of $5,000?
Receipt, Tracking, Marking and Security for ITAR-Controlled Items
Does the company provide adequate security within its facilities to prevent unauthorized access to ITAR-controlled items (including access by Foreign Persons)?
Does the company provide adequate notice to customers and other parties to which the company transfers ITAR-controlled items that such items are ITAR-controlled, through the use of destination control statements and other forms of notice such as under 22 CFR § 123.9(b)? (This includes transfers in the U.S. as well as transfers to overseas parties.)
Does the company properly mark all ITAR-controlled products, technical data, and software within the company’s facilities to provide adequate notice that such items are ITAR-controlled?
Processing, Handling or Forwarding of ITAR-Controlled Items
Does the company track ITAR-controlled items if it receives them within its facilities?
Controls In Company IT System
Does the company maintain adequate controls in its information technology system to protect against unauthorized access, disclosure and transfer of ITAR-controlled technical data and software?
Manufacturing License Agreements and Distribution Agreements
Is the company licensing ITAR-controlled technical data to permit the manufacture overseas of an item on the USML?
Is the company establishing a warehouse or distribution point abroad for defense articles exported from the U.S. for subsequent distribution to entities in a sales territory approved by DDTC?
Has the company engaged in “brokering” activity as defined at 22 C.F.R. Part 129?
If the company retains third parties to engage in “brokering activity” on behalf of the company as defined in § 129.2(a) and (b), have such third parties registered with DDTC under 22 CFR Part 129?
Use of ITAR Exemptions
Has the company relied on exemptions from requirements under ITAR?
Proscribed Countries, Significant Military Equipment and Major Defense Equipment
Has the company engaged in any unauthorized transactions involving ITAR-controlled items with any of the “§ 126.1 Proscribed Countries”?
Classified Defense Articles and Technical Data
Have the company’s exports of classified defense articles and technical data complied with the provisions of 22 CFR § 125.3 and 125.9, including use of DSP-85, as well as the NISPOM?
Obligations In Working With Subcontractors and other Program Partners
Will the company be working with subcontractors, teaming partners or other independent parties in the transaction?
Congressional Notification For Defense Articles and Agreements
Has Congressional Notification been provided in connection with exports of defense articles that exceed the threshold amounts set forth at 22 CFR § 123.15, or major defense equipment as defined at 22 CFR § 120.8?
Has Congressional Notification been provided for TAA’s and MLA’s for manufacturing abroad defense items classified as Significant Military Equipment as set forth in 22 CFR § 124.11?
Parts and Components – Definition of “Specially Designed”
For parts, components, attachments, and accessories that are still covered under USML “catch-all” provisions following Export Control Reform, do such items fall within the definition of “Specially Designed” as set forth at 22 CFR § 120.41?
ITAR Items Acquired In Mergers and Acquisitions
Is the company undertaking acquisition transactions?
Procedure To Limit Illegal Diversion, Transshipment and Reexports
Does the company face the risk of illegal diversion, transshipment, reexport or retransfer in its transactions?
Voluntary Disclosures
If a violation or possible violation has occurred, has the company considered submitting a voluntary disclosure to DDTC to reduce or mitigate potential penalties and eliminate past compliance risks?
Sign Off
Compliance Manager Name
Compliance Manager Signature
Department Representative Name
Department Name
Department Representative Signature
Share this template:

This post is also available in: Deutsch

Please note that this checklist template is a hypothetical appuses-hero example and provides only standard information. The template does not aim to replace, among other things, workplace, health and safety advice, medical advice, diagnosis or treatment, or any other applicable law. You should seek your professional advice to determine whether the use of such a checklist is appropriate in your workplace or jurisdiction.
This site is registered on as a development site. Switch to a production site key to remove this banner.