Home Community Support

Welcome to the Onshape forum! Ask questions and join in the discussions about everything Onshape.

First time visiting? Here are some places to start:
  1. Looking for a certain topic? Check out the categories filter or use Search (upper right).
  2. Need support? Ask a question to our Community Support category.
  3. Please submit support tickets for bugs but you can request improvements in the Product Feedback category.
  4. Be respectful, on topic and if you see a problem, Flag it.

If you would like to contact our Community Manager personally, feel free to send a private message or an email.

How to use Onshape in an aerospace/defense contractor enviroment

dave_allen78888dave_allen78888 Member Posts: 1
edited August 2016 in Community Support
 With the latest update now having enough document organization to be usable I would like to use Onshape professionally. I work as a programmer for a defense contractor we have over 100 machinist in which I need to collaborate with and feel that Onshape would be an ideal fit. Unfortunately the work is of a sensitive nature with regards to ITAR and the DoD. When I presented the concept of Onshape to management I was confronted with a flat NO! Not that anyone could explain why but that it's just safer not use Onshape. Therefore I need to clearly and verifiable explain how using OS isn't in violation of ITAR regulations.

 My question to Onshape and the community: Is it possible to use Onshape in a aerospace/defense enviroment. and how do you explain/rationalize ITAR compliance.

Answers

  • brucebartlettbrucebartlett Member, OS Professional, Mentor, User Group Leader Posts: 2,141 PRO
    Two-factor Authentication my be good for this. 

    Will be interested to see how this case can be augured and if you can win. Ideally it's got to be safer than emailing file's if that's what you currently do. 

    Can you post the ITAR or DoD reg's?
     
    Engineer ı Product Designer ı Onshape Consulting Partner
    Twitter: @onshapetricks  & @babart1977   
  • _Ðave__Ðave_ Member, Developers Posts: 712 ✭✭✭✭
    It's my understanding that the problem is that Onshape would have to become compliant. Meaning that Onshape would have to put in place procedures approved by the state department that insures how and who as access to documents. I'm sure that this would include encryption procedures with safeguards to insure forgein nationals don't gain access. I believe that if Onshape wishes to attract there target audience (military industrial institutions) they will have to take the initiative and become compliant. Once that happens there wouldn't be any doubt or questions as to weather or not Onshape can be used on sensitive data.
  • michael3424michael3424 Member Posts: 688 ✭✭✭✭
    edited August 2016
    _Ðave_ said:
    Meaning that Onshape would have to put in place procedures approved by the state department that insures how and who as access to documents. I'm sure that this would include encryption procedures with safeguards to insure forgein nationals don't gain access. 
    Is that the same State Department that has leaked massive amounts of sensitive data? >:)
  • _Ðave__Ðave_ Member, Developers Posts: 712 ✭✭✭✭
    michael3424 said:
    _Ðave_ said:
    Meaning that Onshape would have to put in place procedures approved by the state department that insures how and who as access to documents. I'm sure that this would include encryption procedures with safeguards to insure forgein nationals don't gain access. 
    Is that the same State Department that has leaked massive amounts of sensitive data? >:)
    Unfortunately the rules aren't the same for us as they are for a Clinton.
  • traveler_hauptmantraveler_hauptman Member, OS Professional, Mentor, Developers Posts: 419 PRO
    edited August 2016
    dave_allen78888 said:
     My question to Onshape and the community: Is it possible to use Onshape in a aerospace/defense enviroment. and how do you explain/rationalize ITAR compliance.
    This has been discussed in the past. Here's one. I can't find the one most relevant so I'll recount what I vaguely remember.

    For most of us, ITAR is about keeping sensitive information out of non US hands, rather than wading through the registration and permission seeking of actually engaging in export.

    When it comes to rationalizing/explaining compliance, it's really simple. As long as you can draw a nice secure line between restricted material and foreign entity access, it's all good. If you are a US company operating on US soil with US employees, it's easy. If you have non-US interns, contractors, cleaning staff, what-have-you, then it gets messy and you have to have a whole other security layer to keep the restrited info isolated.

    Onshape is a US company, and their services are built in part on amazon cloud services. Amazon offers ITAR compliant services, and I speculate that were there a business case, it would be possible for Onshape to deploy an ITAR compliant CAD over Amazons ITAR compliant cloud.

    But they don't. So you will have to continue to use desktop CAD X while that conveniently cheap USB extension cable you bought online siphons your keystrokes and usbkey data  and transmits it back to the glorious republik via your wireless router.


Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Sign In

Categories

Vanilla Forums