[{"data":1,"prerenderedAt":501},["ShallowReactive",2],{"document-export-control-policy-D13838":3},{"document":4,"label":23,"preview":11,"thumb":24,"thumb600":25,"description":5,"descriptionCustom":6,"apiDescription":5,"pages":8,"extension":10,"parents":26,"breadcrumb":30,"related":38,"customDescModule":173,"customdescription":6,"mdFm":174,"mdProseHtml":500},{"description":5,"descriptionCustom":6,"label":7,"pages":8,"size":9,"extension":10,"preview":11,"thumb":12,"svgFrame":13,"seoMetadata":14,"parents":16,"keywords":15},"EXPORT CONTROL POLICY PURPOSE The purpose of this Export Control Policy is to establish guidelines and procedures for [COMPANY NAME] to comply with export control laws and regulations. This Policy outlines the company's commitment to preventing the unauthorized export of controlled items and technologies, ensuring compliance with applicable laws, and safeguarding national security interests. SCOPE This Policy applies to all employees, contractors, vendors, and authorized users who are involved in any aspect of export-controlled activities on behalf of [COMPANY NAME]. It encompasses the export of goods, technologies, services, and information. POLICY STATEMENTS Compliance with Export Control Laws [COMPANY NAME] is committed to complying with all applicable export control laws and regulations, including but not limited to the Export Administration Regulations (EAR), the International Traffic in Arms Regulations (ITAR), and economic sanctions programs administered by the Office of Foreign Assets Control (OFAC). Classification and Documentation [COMPANY NAME] will classify all items, technologies, services, and information to determine their export control status. Accurate classification is essential to ensuring compliance. Documentation of export-controlled transactions, including licenses, authorizations, and export/import records, must be maintained and made available as required by law. Export Authorization Employees and authorized users must obtain the necessary export authorizations, licenses, or approvals before engaging in controlled exports. This includes reviewing and obtaining licenses for transactions that involve restricted parties or sanctioned destinations. Restricted Parties and Denied Parties Screening",null,"Export Control Policy","3",513,"doc","https://templates.business-in-a-box.com/imgs/1000px/export-control-policy-D13838.png","https://templates.business-in-a-box.com/imgs/250px/13838.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#13838.xml",{"title":15,"description":6},"export control policy",[17,20],{"label":18,"url":19},"Business Plan Kit","/templates/business-plan-kit/",{"label":21,"url":22},"Administration","/templates/business-administration/","Export Control Policy Template","https://templates.business-in-a-box.com/imgs/400px/13838.png","https://templates.business-in-a-box.com/imgs/600px/13838.png",[27,17,20],{"label":28,"url":29},"Templates","/templates/",[31,32,35],{"label":28,"url":29},{"label":33,"url":34},"Software & Technology","/templates/software-technology/",{"label":36,"url":37},"Cybersecurity Policies","/templates/cybersecurity-policies/",[39,43,47,51,55,59,63,68,72,76,80,84,88,104,120,136,148,161],{"label":40,"url":41,"thumb":42,"extension":10},"Export Control and Trade Compliance Policy","/template/export-control-and-trade-compliance-policy-D13689","https://templates.business-in-a-box.com/imgs/250px/13689.png",{"label":44,"url":45,"thumb":46,"extension":10},"Access Control Policy","/template/access-control-policy-D13534","https://templates.business-in-a-box.com/imgs/250px/13534.png",{"label":48,"url":49,"thumb":50,"extension":10},"Internal Control Policy","/template/internal-control-policy-D13356","https://templates.business-in-a-box.com/imgs/250px/13356.png",{"label":52,"url":53,"thumb":54,"extension":10},"Quality Control and Assurance Policy","/template/quality-control-and-assurance-policy-D13757","https://templates.business-in-a-box.com/imgs/250px/13757.png",{"label":56,"url":57,"thumb":58,"extension":10},"Workplace Security and Access Control Policy","/template/workplace-security-and-access-control-policy-D13865","https://templates.business-in-a-box.com/imgs/250px/13865.png",{"label":60,"url":61,"thumb":62,"extension":10},"Import Export Agreement","/template/import-export-agreement-D13985","https://templates.business-in-a-box.com/imgs/250px/13985.png",{"label":64,"url":65,"thumb":66,"extension":67},"Inventory Control Sheet","/template/inventory-control-sheet-D12683","https://templates.business-in-a-box.com/imgs/250px/12683.png","xls",{"label":69,"url":70,"thumb":71,"extension":10},"Checklist Quality Control","/template/checklist-quality-control-D13621","https://templates.business-in-a-box.com/imgs/250px/13621.png",{"label":73,"url":74,"thumb":75,"extension":10},"Internal Control Framework","/template/internal-control-framework-D13987","https://templates.business-in-a-box.com/imgs/250px/13987.png",{"label":77,"url":78,"thumb":79,"extension":10},"Internal Control Checklist","/template/internal-control-checklist-D13355","https://templates.business-in-a-box.com/imgs/250px/13355.png",{"label":81,"url":82,"thumb":83,"extension":10},"Quality Control Plan","/template/quality-control-plan-D14041","https://templates.business-in-a-box.com/imgs/250px/14041.png",{"label":85,"url":86,"thumb":87,"extension":10},"AI Policy","/template/ai-policy-D13598","https://templates.business-in-a-box.com/imgs/250px/13598.png",{"description":89,"descriptionCustom":6,"label":90,"pages":91,"size":9,"extension":10,"preview":92,"thumb":93,"svgFrame":94,"seoMetadata":95,"parents":97,"keywords":102,"url":103},"ANTI-BRIBERY POLICY [COMPANY NAME] (\"Company,\" \"Us,\" \"We\") is dedicated to conducting all its business in an honest and ethical manner. The Company takes a zero-tolerance approach to bribery and corruption and is committed to acting professionally, fairly and with integrity in all its business dealings and relationships. Our Company strives to attain its mission through compliance with high legal and ethical standards. We do not tolerate any form of bribery, embezzlement, or corruption, and will uphold all laws countering bribery, fraud, and corruption in all forms. POLICY The purpose of this policy is to establish controls to ensure compliance with all applicable anti-bribery and corruption regulations, and to ensure that the Company's business is conducted in a socially responsible manner. POLICY STATEMENT Bribery is the offering, promising, giving, accepting, or soliciting of an advantage as an inducement for action which is illegal or a breach of trust. A bribe is an inducement or reward offered, promised, or provided to gain any commercial, contractual, regulatory, or personal advantage. It is our policy to conduct all our business in an honest and ethical manner. We take a zero-tolerance approach to bribery and corruption. We are committed to acting professionally, fairly and with integrity in all our business dealings and relationships wherever we operate, and implementing and enforcing effective systems to counter bribery. We will uphold all laws relevant to countering bribery and corruption in all the jurisdictions in which we operate. However, we remain bound by the laws in [COUNTRY] in respect of our conduct both at home and abroad. Bribery and corruption are punishable for individuals by up to [NUMBER OF YEARS] years' imprisonment and a fine. If we are found to have taken part in corruption, we could face an unlimited fine, be excluded from tendering for public contracts and face damage to our reputation. We therefore take our legal responsibilities very seriously. SCOPE In this policy, \"third party\" means any individual or organization Employees come into contact with during the course of their work for us, and includes actual and potential clients, customers, suppliers, distributors, business contacts, agents, advisers, and government and public bodies, including their advisors, representatives and officials, politicians and political parties. This policy applies to all individuals working at all levels and grades, including senior managers, officers, directors, employees (whether permanent, fixed-term or temporary), consultants, contractors, trainees, seconded staff, home workers, casual workers and agency staff, volunteers, interns, agents, sponsors, or any other person associated with us, or any of our subsidiaries or their employees, wherever located (collectively referred to as Employees in this policy). This policy covers: Bribes; Gifts and hospitality; Facilitation payments; Political contributions; Charitable contributions. BRIBES Employees must not engage in any form of bribery, either directly or through any third party (such as an agent or distributor). Specifically, Employees must not bribe a foreign public official anywhere in the world. GIFTS AND HOSPITABILITY Employees must not offer or give any gift or hospitality: which could be regarded as illegal or improper, or which violates the recipient's policies; or to any public employee or government officials or representatives, or politicians or political parties; or which exceeds [SPECIFY AMOUNT] in value for each individual gift or [SPECIFY AMOUNT] in value for each hospitality event (not to exceed a total value of [SPECIFY AMOUNT] in any financial year), unless approved in writing by the Employee's manager. Employees may not accept any gift or hospitality from our business partners if: it exceeds [SPECIFY AMOUNT] in value for each individual gift or [SPECIFY AMOUNT] in value for each hospitality event (not to exceed a total of [SPECIFY AMOUNT] in any financial year), unless approved in writing by the Employee's manager; or it is in cash; or there is any suggestion that a return favor will be expected or implied. Where a manager's approval is required above, if the manager is below director level, then approval must be sought from an appropriate director. If it is not appropriate to decline the offer of a gift, the gift may be accepted, provided it is then declared to the Employee's manager and donated to charity. We appreciate that the practice of giving business gifts varies between countries and regions, and what may be normal and acceptable in one region may not be in another. The test to be applied is whether in all the circumstances the gift or hospitality is reasonable and justifiable. The intention behind the gift should always be considered. Within these parameters, local management may define specific guidelines and policies to reflect local professional and industry standards. Where this policy requires written approval to be given, the Company Secretary shall put in place a process to maintain a register of all such approvals. FACILITATION PAYMENTS AND KICKBACKS Facilitation payments are a form of bribery made for the purpose of expediting or facilitating the performance of a public official for a routine governmental action, and not to obtain or retain business or any improper business advantage. Facilitation payments tend to be demanded by low-level officials to obtain a level of service which one would normally be entitled to. Our strict policy is that facilitation payments must not be paid. We recognize, however, that our Employees may be faced with situations where there is a risk to the personal security of an Employee or his/her family and where a facilitation payment is unavoidable, in which case the following steps must be taken: Keep any amount to the minimum; Create a record concerning the payment; and Report it to the line manager. In order to achieve our aim of not making any facilitation payments, each business of the Company will keep a record of all payments made, which must be reported to the Company Secretary, in order to evaluate the business risk and to develop a strategy to minimize such payments in the future. ","Anti-Bribery Policy","5","https://templates.business-in-a-box.com/imgs/1000px/anti-bribery-policy-D13246.png","https://templates.business-in-a-box.com/imgs/250px/13246.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#13246.xml",{"title":96,"description":6},"anti-bribery policy",[98,100],{"label":18,"url":99},"business-plan-kit",{"label":21,"url":101},"business-administration","anti bribery policy","/template/anti-bribery-policy-D13246",{"description":105,"descriptionCustom":6,"label":106,"pages":107,"size":9,"extension":10,"preview":108,"thumb":109,"svgFrame":110,"seoMetadata":111,"parents":113,"keywords":118,"url":119},"BUSINESS CODE OF CONDUCT [YOUR COMPANY/ORGANIZATION NAME] The purpose of this Business Code of Conduct is to establish clear and ethical guidelines that govern the behavior of all employees, contractors, and affiliates associated with [YOUR COMPANY/ORGANIZATION NAME]. This document outlines the standards expected in all interactions within the organization and with external stakeholders to ensure a professional and respectful environment. ETHICAL BEHAVIOR AND INTEGRITY Employees and affiliates are expected to conduct themselves with the highest level of integrity. This includes honesty in communications, transparency in actions, and accountability for decisions made on behalf of the organization. RESPECT FOR INDIVIDUALS We value diversity and promote a culture of inclusion. All individuals within the organization are to be treated with respect, fairness, and dignity, regardless of their background, beliefs, or identity. Discrimination or harassment of any kind is strictly prohibited. COMMITMENT TO CONFIDENTIALITY Maintaining the confidentiality of sensitive information is paramount. Employees must protect company data, client information, and proprietary knowledge from unauthorized access and disclosure, ensuring that such information is used only for legitimate business purposes. COMPLIANCE WITH LAWS AND REGULATIONS Our company is committed to adhering to all relevant laws, regulations, and industry standards. Employees must ensure that their actions are compliant with legal requirements and company policies, particularly those related to data protection, labor laws, and financial reporting. PROFESSIONAL CONDUCT All interactions, whether internal or external, should reflect the professionalism of [YOUR COMPANY/ORGANIZATION NAME]. Employees are expected to be courteous, collaborative, and constructive, promoting a positive work environment and fostering strong relationships with clients and partners.","Business Code Of Conduct","0","https://templates.business-in-a-box.com/imgs/1000px/business-code-of-conduct-D13909.png","https://templates.business-in-a-box.com/imgs/250px/13909.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#13909.xml",{"title":112,"description":6},"business code of conduct",[114,115],{"label":18,"url":99},{"label":116,"url":117},"Management","business-management","business code conduct","/template/business-code-of-conduct-D13909",{"description":121,"descriptionCustom":6,"label":122,"pages":8,"size":9,"extension":10,"preview":123,"thumb":124,"svgFrame":125,"seoMetadata":126,"parents":128,"keywords":127,"url":135},"DATA PRIVACY POLICY INTRODUCTION [COMPANY NAME] is committed to protecting the privacy and confidentiality of personal data collected or processed during its business operations. This Data Privacy Policy outlines the principles and practices that govern the collection, use, and disclosure of personal data by the Company. SCOPE This Policy applies to all employees, contractors, vendors, and third parties who collect, use, or process personal data on behalf of the Company. It also applies to all personal data collected from customers, clients, partners, and other individuals. PERSONAL INFORMATION COLLECTION We may collect personal information, such as name, address, email, phone number, and job title, from customers, employees, and stakeholders. We collect personal information through various channels, such as our website, email, phone, and in-person interactions. We may also collect personal information from third-party sources, such as service providers and business partners. USE OF PERSONAL INFORMATION The Company will only use personal data for the purposes for which it was collected or as otherwise permitted by applicable laws and regulations. Personal data may be used for, but not limited to, the following purposes: Providing products or services requested by individuals; Communicating with individuals about products, services, or other business-related matters; Conducting market research, analytics, and improving business operations; Managing and administering employee or contractor relationships; Complying with legal or regulatory requirements; Protecting the rights and interests of the Company or its customers. DISCLOSURE The Company may share personal data with third parties for legitimate business purposes, including but not limited to, service providers, vendors, contractors, and business partners. Personal data may also be disclosed to comply with legal or regulatory requirements, or in response to lawful requests from public authorities. The Company will take appropriate measures to ensure that third parties receiving personal data are bound by confidentiality obligations and provide adequate protection to the personal data. DATA RETENTION","Data Privacy Policy","https://templates.business-in-a-box.com/imgs/1000px/data-privacy-policy-D13465.png","https://templates.business-in-a-box.com/imgs/250px/13465.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#13465.xml",{"title":127,"description":6},"data privacy policy",[129,132],{"label":130,"url":131},"Human Resources","human-resources",{"label":133,"url":134},"Company Policies","company-policies","/template/data-privacy-policy-D13465",{"description":137,"descriptionCustom":6,"label":138,"pages":91,"size":9,"extension":10,"preview":139,"thumb":140,"svgFrame":141,"seoMetadata":142,"parents":144,"keywords":143,"url":147},"CORPORATE GOVERNANCE POLICY PURPOSE The purpose of this Corporate Governance Policy at [YOUR COMPANY NAME] is to establish a comprehensive framework for the governance of the organization. This policy ensures that the company is managed in an ethical, transparent, and accountable manner, aligning with regulatory requirements and best practices in corporate governance. It aims to promote the long-term interests of shareholders, while taking into account the interests of other stakeholders, including employees, customers, suppliers, and the community. CORPORATE GOVERNANCE PRINCIPLES Accountability: Ensure the company is accountable to its shareholders and stakeholders. This includes regular reporting, transparent decision-making processes, and a robust system of checks and balances. Transparency: Provide clear and timely information about the company's activities, performance, and governance. This involves regular disclosures, financial reporting, and open communication channels. Integrity: Conduct business with honesty and integrity, adhering to ethical standards. This includes fostering a culture of ethical behavior and ensuring that all employees understand and follow the company's code of conduct. Fairness: Treat all stakeholders fairly and equitably. This means providing equal opportunities, preventing conflicts of interest, and ensuring that decisions are made impartially. Responsibility: Ensure the company meets its legal and regulatory obligations and operates sustainably. This involves maintaining compliance with all applicable laws and regulations and implementing policies that promote social and environmental responsibility. BOARD OF DIRECTORS Composition: The Board shall consist of [NUMBER] members, including a mix of executive and non-executive directors. A majority of the Board members shall be independent directors to ensure objectivity and prevent conflicts of interest. The Board shall include a diverse mix of skills, experience, and backgrounds to provide comprehensive oversight and strategic direction. Roles and Responsibilities: Strategic Guidance: Provide strategic guidance and oversight of the company's management. This includes setting the company's strategic goals and monitoring their implementation. Policy Approval: Approve major corporate plans, budgets, and policies. This ensures that all significant decisions are aligned with the company's strategic direction. Performance Monitoring: Monitor the performance of the CEO and senior management. This involves regular evaluations and feedback to ensure effective leadership. Compliance Oversight: Ensure the company's compliance with legal and regulatory requirements. This includes establishing internal controls and monitoring their effectiveness. Committees: Audit Committee: Responsible for overseeing the financial reporting process, internal controls, and the audit process. Compensation Committee: Determines executive compensation and ensures it aligns with the company's performance and strategic goals. Nomination and Governance Committee: Oversees Board composition, development, and governance practices. Establish additional committees as necessary to address specific issues or areas of concern. EXECUTIVE MANAGEMENT CEO and Senior Management: The CEO is responsible for the overall management of the company, implementing the Board's policies and strategies, and ensuring operational efficiency. Senior management supports the CEO in implementing the company's strategic and operational plans, managing day-to-day operations, and ensuring that all activities comply with internal policies and external regulations. Ensure effective communication between the Board and executive management to facilitate informed decision-making and alignment of goals. SHAREHOLDER RIGHTS Protect the rights of shareholders and ensure equitable treatment. This includes facilitating the effective exercise of voting rights and providing mechanisms for shareholders to express their views and concerns.","Corporate Governance Policy","https://templates.business-in-a-box.com/imgs/1000px/corporate-governance-policy-D13943.png","https://templates.business-in-a-box.com/imgs/250px/13943.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#13943.xml",{"title":143,"description":6},"corporate governance policy",[145,146],{"label":130,"url":131},{"label":133,"url":134},"/template/corporate-governance-policy-D13943",{"description":149,"descriptionCustom":6,"label":150,"pages":8,"size":9,"extension":10,"preview":151,"thumb":152,"svgFrame":153,"seoMetadata":154,"parents":156,"keywords":155,"url":160},"VENDOR MANAGEMENT POLICY OVERVIEW [COMPANY NAME] is committed to ensuring coordinate and consistent management of critical vendors as part of its overall management, maintain member privacy and confidentiality of member information. [COMPANY NAME] is ensures full compliance with the requirements applicable law and regulations regarding risk management, vendor, and contract management of third-party service providers. PURPOSE The purpose of the Vendor Management Policy is to provide written guidelines surrounding the procurement of third-party services and products in accordance with [COMPANY NAME] (the Company) mission, obligations, and ongoing administration of Company functions. SCOPE This policy applies to all vendors and service providers. [COMPANY NAME] must enforce this policy and vendors and suppliers are required to follow. VENDOR DEFINITION A \"Vendor\", also referred to as a \"seller\", is an enterprise that contributes goods or services to other business partners. POLICY STATEMENT Business Owners will evaluate all vendor products and services, negotiate the prices, and negotiate the contract terms before contracting with the vendor. The type of evaluation will vary and should be commensurate with risk, complexity and product or service cost. A formal due diligence analysis will be conducted for any relationship where the combined implementation and annual contract costs exceed [TOTAL COST]. A Business Owner has the discretion to alter this amount or waive this requirement up to his/her authorized signing limits. Any alteration of the amount or waiver of this requirement must be documented in the due diligence file of the 3rd party vendor. Verbal product and service agreements are prohibited. All vendors must provide, depending upon the services and products engaged, a purchase invoice, legal contract and/or service agreement. The Business Owner will appoint, as needed, appropriate staff members to perform a due diligence review prior to entering any arrangement with a third-party vendor and due diligence reviews for existing third-party vendors. The Business Owner will review the contract(s) along with the supporting due diligence in order to determine if any outstanding issues exist. If then willing to contract with a vendor, the Business Owner will execute the contract and proceed with implementation of service or product as defined in Section I above (New Product or Service Provider). Business Owners will have the responsibility for the management of the vendor relationship. The Business Owner, either directly or through the assistance of staff will conduct oversight reviews for third party services in accordance the appropriate laws, regulations, and policies/procedures. The Business Owner will record the results of the oversight review for the third-party services and will determine the appropriate action","Vendor Management Policy","https://templates.business-in-a-box.com/imgs/1000px/vendor-management-policy-D12802.png","https://templates.business-in-a-box.com/imgs/250px/12802.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#12802.xml",{"title":155,"description":6},"vendor management policy",[157],{"label":158,"url":159},"Production & Operations","production-operations","/template/vendor-management-policy-D12802",{"description":162,"descriptionCustom":6,"label":163,"pages":8,"size":9,"extension":10,"preview":164,"thumb":165,"svgFrame":166,"seoMetadata":167,"parents":169,"keywords":168,"url":172},"INFORMATION SECURITY POLICY PURPOSE The purpose of this Information Security Policy is to establish guidelines and procedures for safeguarding [COMPANY NAME]'s sensitive information, data, and resources. This Policy aims to ensure the confidentiality, integrity, and availability of information assets and protect against unauthorized access, use, disclosure, and breaches. SCOPE This Policy applies to all employees, contractors, vendors, and third-party entities who access, handle, or manage [COMPANY NAME]'s information systems, networks, applications, and data. INFORMATION CLASSIFICATION Data Classification: Information assets will be classified based on their sensitivity and criticality into categories such as \"Confidential,\" \"Internal Use Only,\" and \"Public.\" Handling Procedures: Different handling procedures and security controls will apply to each classification level. ACCESS CONTROL User Authentication: Access to systems and data will require strong authentication methods, including passwords, biometrics, and multi-factor authentication (MFA). Least Privilege: Users will be granted access privileges based on the principle of least privilege, meaning they will have access only to the information and systems necessary to perform their roles. DATA PROTECTION Encryption: Sensitive data in transit and at rest will be encrypted using strong encryption algorithms. Data Loss Prevention (DLP): DLP measures will be implemented to prevent the unauthorized transmission or sharing of sensitive data outside the organization. Data Retention: Data will be retained in compliance with legal and regulatory requirements. SECURITY AWARENESS ","Information Security Policy","https://templates.business-in-a-box.com/imgs/1000px/information-security-policy-D13552.png","https://templates.business-in-a-box.com/imgs/250px/13552.png","https://templates.business-in-a-box.com/svgs/docviewerWebApp1.html?v6#13552.xml",{"title":168,"description":6},"information security policy",[170,171],{"label":130,"url":131},{"label":133,"url":134},"/template/information-security-policy-D13552",false,{"seo":175,"reviewer":185,"quick_facts":189,"at_a_glance":191,"personas":195,"variants":220,"glossary":247,"sections":284,"how_to_fill":335,"common_mistakes":376,"faqs":401,"industries":429,"comparisons":445,"diy_vs_pro":460,"related_template_ids_curated":473,"schema":486,"classification":488},{"meta_title":176,"meta_description":177,"primary_keyword":178,"secondary_keywords":179},"Export Control Policy Template (Free Word)","Free export control policy template for businesses that ship goods, software, or technology internationally. Used in 190+ countries. Free Word and PDF download.","export control policy template",[15,180,181,182,183,184],"export compliance policy template","export control compliance program","export control policy word","export control policy free download","export control procedure template",{"name":186,"credential":187,"reviewed_date":188},"Bruno Goulet","CEO, Business in a Box","2026-05-02",{"difficulty":190,"legal_review_recommended":173,"signature_required":173},"advanced",{"what_it_is":192,"when_you_need_it":193,"whats_inside":194},"An Export Control Policy is a formal internal document that defines how a company identifies, classifies, and manages the export of controlled goods, software, technology, and technical data under applicable trade laws such as the US Export Administration Regulations (EAR) and International Traffic in Arms Regulations (ITAR). This free Word download gives you a structured, audit-ready starting point you can edit online and share with your compliance, legal, and operations teams.\n","Use it when your company ships physical products, transfers software, or shares technical data across international borders — or when a government auditor, customer, or investor asks for evidence of a formal export compliance program. It is also triggered when you hire foreign nationals with access to controlled technology or when your products are reclassified under a new Export Control Classification Number (ECCN).\n","Purpose and scope, regulatory framework references, product classification procedures, denied-party and sanctions screening, export licensing requirements, recordkeeping standards, employee training requirements, and a violation-reporting and corrective-action process.\n",[196,200,204,208,212,216],{"title":197,"use_case":198,"icon_asset_id":199},"Trade compliance managers","Formalizing a written compliance program required by regulators or auditors","persona-compliance-manager",{"title":201,"use_case":202,"icon_asset_id":203},"Export operations coordinators","Establishing step-by-step screening and documentation procedures for international shipments","persona-operations-director",{"title":205,"use_case":206,"icon_asset_id":207},"Defense and aerospace contractors","Meeting ITAR compliance obligations before working with government customers","persona-contractor",{"title":209,"use_case":210,"icon_asset_id":211},"Technology company executives","Protecting the company from EAR violations when distributing software or hardware globally","persona-ceo",{"title":213,"use_case":214,"icon_asset_id":215},"HR and legal teams","Managing deemed export risk when onboarding foreign national employees with access to controlled technology","persona-hr-manager",{"title":217,"use_case":218,"icon_asset_id":219},"Small business exporters","Establishing a basic compliance framework before entering new international markets","persona-small-business-owner",[221,225,229,233,237,240,244],{"situation":222,"recommended_template":223,"slug":224},"Company exports dual-use commercial goods and software subject to EAR","Export Control Policy (EAR-focused)","export-control-policy-D13838",{"situation":226,"recommended_template":227,"slug":228},"Defense contractor or manufacturer subject to ITAR","ITAR Compliance Policy","tax-compliance-policy-D13786",{"situation":230,"recommended_template":231,"slug":232},"Company needs a standalone sanctions screening procedure","Sanctions Compliance Procedure","checklist-compliance-D13915",{"situation":234,"recommended_template":235,"slug":236},"Company requires a broader trade compliance manual covering import and export","Trade Compliance Policy","trade-compliance-policy-D13790",{"situation":238,"recommended_template":239,"slug":224},"Company needs to document how it handles technology transfers to foreign nationals","Deemed Export Policy",{"situation":241,"recommended_template":242,"slug":243},"Company is seeking ISO or government certification requiring written compliance procedures","Export Control Compliance Program Manual","export-control-and-trade-compliance-policy-D13689",{"situation":245,"recommended_template":246,"slug":224},"Company needs a shorter policy summary for employee distribution","Export Control Policy Summary (One-Page)",[248,251,254,257,260,263,266,269,272,275,278,281],{"term":249,"definition":250},"EAR (Export Administration Regulations)","US federal regulations administered by the Bureau of Industry and Security (BIS) that control the export of dual-use commercial goods, software, and technology.",{"term":252,"definition":253},"ITAR (International Traffic in Arms Regulations)","US federal regulations administered by the Directorate of Defense Trade Controls (DDTC) that control the export of defense articles, services, and technical data listed on the US Munitions List.",{"term":255,"definition":256},"ECCN (Export Control Classification Number)","A five-character alphanumeric code used under the EAR to classify a specific item and determine what export license requirements apply.",{"term":258,"definition":259},"Deemed Export","The transfer of controlled technology or source code to a foreign national inside the United States, which is treated as an export to that person's home country under EAR.",{"term":261,"definition":262},"Denied Party Screening","The process of checking customers, vendors, and other parties against US government lists — including the Entity List, Denied Persons List, and SDN List — to identify prohibited counterparties.",{"term":264,"definition":265},"Export License","Written authorization from a US government agency (BIS or DDTC) permitting the export of a specific controlled item to a specific end user in a specific country.",{"term":267,"definition":268},"License Exception","A provision in the EAR that allows an item to be exported without a license under defined conditions, such as EAR99 classification or a specific country tier exception.",{"term":270,"definition":271},"SDN List (Specially Designated Nationals)","A list maintained by the US Treasury's OFAC of individuals and entities with whom US persons are generally prohibited from doing business.",{"term":273,"definition":274},"End-Use Certificate","A document signed by the buyer confirming the intended final use and end user of exported goods, required for certain controlled items and licensing conditions.",{"term":276,"definition":277},"Red Flag Indicators","Warning signs identified by BIS that suggest a transaction may involve a prohibited end use or end user, requiring additional due diligence before proceeding.",{"term":279,"definition":280},"Re-export","The shipment of US-origin controlled items from one foreign country to another, which may require additional US government authorization even after the initial export.",{"term":282,"definition":283},"OFAC (Office of Foreign Assets Control)","The US Treasury office that administers and enforces economic and trade sanctions against targeted countries, entities, and individuals.",[285,290,295,300,305,310,315,320,325,330],{"name":286,"plain_english":287,"sample_language":288,"common_mistake":289},"Purpose and scope","States why the policy exists, which laws it is designed to satisfy, and which employees, business units, and transaction types it covers.","This Export Control Policy establishes the procedures [COMPANY NAME] follows to comply with the US Export Administration Regulations (EAR, 15 C.F.R. Parts 730–774), the International Traffic in Arms Regulations (ITAR, 22 C.F.R. Parts 120–130), and all applicable sanctions programs administered by OFAC. It applies to all employees, contractors, and third parties acting on behalf of the Company who are involved in the sale, transfer, or disclosure of Company products, software, or technical data outside the United States or to foreign nationals within the United States.","Defining scope too narrowly by covering only physical shipments and omitting software downloads, cloud-based technology transfers, and deemed exports to foreign national employees — leaving the most common violation vectors unaddressed.",{"name":291,"plain_english":292,"sample_language":293,"common_mistake":294},"Regulatory framework","Identifies the specific laws and agency jurisdictions that govern the company's export activities, so employees understand the authority behind each requirement.","The Company's export activities are primarily governed by: (1) the EAR, administered by BIS within the US Department of Commerce; (2) the ITAR, administered by DDTC within the US Department of State; and (3) economic sanctions programs administered by OFAC within the US Department of the Treasury. Where products are subject to both EAR and ITAR jurisdiction, ITAR controls prevail.","Referencing only EAR and omitting OFAC sanctions programs. OFAC violations carry strict-liability penalties — a company can be fined even without knowledge that a counterparty was sanctioned.",{"name":296,"plain_english":297,"sample_language":298,"common_mistake":299},"Product and technology classification","Describes how the company determines the ECCN or USML category for each product, software, or technology item and keeps that classification current.","The Compliance Manager shall maintain an up-to-date Product Classification Matrix listing each Company product, its applicable ECCN or USML category, and the date of last review. New products shall be classified within [30] days of commercial release. Classification shall be reviewed annually and upon any material change to the product's technical parameters or intended use.","Classifying a product once at launch and never revisiting it. Engineering changes, firmware updates, or new capabilities can shift an item from EAR99 (no license required) to a controlled ECCN, creating unlicensed export exposure.",{"name":301,"plain_english":302,"sample_language":303,"common_mistake":304},"Denied-party and sanctions screening","Defines the process for checking all transaction parties — customers, distributors, freight forwarders, and end users — against US government restricted-party lists before each transaction.","Prior to accepting any order, the Company shall screen all transaction parties — including the buyer, end user, freight forwarder, and any known intermediary — against the BIS Consolidated Screening List and OFAC's SDN List using [SCREENING TOOL NAME]. Screening results shall be documented and retained for [5] years. Any potential match shall be escalated to the Compliance Manager before the transaction proceeds.","Screening only at the time of initial customer onboarding and not at each transaction. Parties are added to restricted lists continuously — a customer who was clean at onboarding may be sanctioned 6 months later.",{"name":306,"plain_english":307,"sample_language":308,"common_mistake":309},"Export licensing determination","Establishes how the company determines whether a specific export requires a license, qualifies for a license exception, or may proceed as EAR99 with no license required.","For each proposed export, the Compliance Manager shall complete a License Determination Checklist documenting: (1) the item's ECCN or EAR99 classification; (2) the destination country and its Country Group under the EAR; (3) the end use and end user; and (4) whether a license exception applies. No controlled item shall be exported under a claimed license exception without documented analysis confirming eligibility. If no exception applies, the Compliance Manager shall initiate a license application with BIS or DDTC before the export proceeds.","Relying on a blanket assumption that the company's products are EAR99 without completing a written classification analysis. EAR99 is a conclusion, not a default — and shipping an unclassified item that turns out to be controlled carries the same penalty as a knowing violation.",{"name":311,"plain_english":312,"sample_language":313,"common_mistake":314},"Recordkeeping requirements","Specifies which export documents must be retained, in what format, and for how long — consistent with BIS, DDTC, and OFAC retention requirements.","The Company shall retain all export-related records — including shipping documents, export declarations (EEIs), license determinations, screening results, end-use certificates, and correspondence — for a minimum of [5] years from the date of export or the expiration of any applicable license, whichever is later. Records shall be maintained in [SYSTEM NAME] in a format accessible for government inspection within [3] business days of request.","Storing export records in employee email inboxes rather than a centralized system. When an employee leaves, those records become inaccessible — and a BIS audit that cannot locate required documentation can result in penalties even if the underlying transactions were compliant.",{"name":316,"plain_english":317,"sample_language":318,"common_mistake":319},"Employee training and awareness","Defines who must complete export control training, how often, and what the training covers — including red flag indicators and how to escalate a concern.","All employees involved in sales, engineering, operations, or IT who handle controlled items or technical data shall complete Export Control Awareness training within [30] days of hire and annually thereafter. Training shall cover: applicable regulations, the Company's classification and screening procedures, red flag indicators, deemed export obligations, and the escalation process for potential violations. Completion shall be documented in [HR SYSTEM NAME].","Limiting training to the compliance team and shipping department. Sales engineers who share product specifications with foreign prospects, and IT staff who grant foreign nationals access to controlled source code repositories, are equally high-risk roles that are frequently overlooked.",{"name":321,"plain_english":322,"sample_language":323,"common_mistake":324},"Deemed export controls","Addresses the company's obligations when foreign nationals — employees, contractors, or visitors — have access to controlled technology or source code inside the United States.","Prior to granting any foreign national access to controlled technology, source code, or technical data, the Compliance Manager shall determine whether the access constitutes a deemed export requiring a BIS license or qualifies for an exception. HR shall notify the Compliance Manager at least [10] business days before a foreign national employee's start date or before a foreign visitor is granted access to restricted areas or systems. Documentation of the deemed export analysis shall be retained in the employee's or visitor's file.","Treating deemed export compliance as solely an HR onboarding task. The determination of whether a license is required is a legal and technical analysis that HR cannot perform alone — it requires input from the compliance function and knowledge of the specific technology the individual will access.",{"name":326,"plain_english":327,"sample_language":328,"common_mistake":329},"Violation reporting and corrective action","Establishes a clear internal process for employees to report potential violations, how the company investigates them, and the steps for voluntary self-disclosure to regulators when appropriate.","Any employee who suspects a potential export control violation shall report it immediately to the Compliance Manager or through the Company's anonymous reporting hotline at [CONTACT / URL]. The Compliance Manager shall investigate all reports within [10] business days and document findings. Where a violation is confirmed, the Company shall assess whether voluntary self-disclosure to BIS, DDTC, or OFAC is warranted. Voluntary self-disclosure is a significant mitigating factor in penalty calculations and shall be made within [60] days of confirming a violation, in coordination with outside counsel.","Having no escalation path for employees who suspect a violation. Without a clear reporting mechanism, employees either ignore red flags or report them to their direct manager — who may not know what to do — delaying detection and increasing penalty exposure.",{"name":331,"plain_english":332,"sample_language":333,"common_mistake":334},"Policy administration and review","Identifies the policy owner, defines the review cycle, and explains how updates are communicated and acknowledged by employees.","This policy is owned by the [TITLE — e.g., Chief Compliance Officer / VP Legal / Trade Compliance Manager] and shall be reviewed annually and upon any material change in applicable regulations or Company export activity. All covered employees shall acknowledge receipt and understanding of this policy upon hire and upon each annual update. The Compliance Manager shall maintain a current distribution log of all acknowledgments.","Assigning policy ownership to a department rather than a named role. When the department is reorganized, ownership becomes ambiguous and the policy goes unreviewed — a gap that regulators treat as evidence of a non-functional compliance program.",[336,341,346,351,356,361,366,371],{"step":337,"title":338,"description":339,"tip":340},1,"Identify your regulatory exposure","Determine which regulations apply to your company based on what you export — EAR for dual-use commercial goods and software, ITAR for defense articles and services, and OFAC sanctions for all international transactions. If your products fall under both, ITAR takes precedence.","Review BIS's Commerce Control List (CCL) and the US Munitions List (USML) simultaneously — some items migrate between the two lists following Export Control Reform, and misidentifying jurisdiction is one of the most common compliance errors.",{"step":342,"title":343,"description":344,"tip":345},2,"Classify your products and technology","Assign an ECCN or EAR99 designation to every product, software package, and category of technical data the company exports. Document the classification rationale in writing and record the date.","If you are unsure of a classification, submit a Classification Request (SNAP-R) to BIS — the response is binding and gives you a documented good-faith basis for your compliance decisions.",{"step":347,"title":348,"description":349,"tip":350},3,"Define your screening process and tool","Select a denied-party screening tool or database (BIS Consolidated Screening List, Visual Compliance, Descartes MK Denied Party Screening) and document the process for screening every transaction party before each shipment or transfer.","Set the screening tool's fuzzy-match threshold to at least 85% — a 100% exact-match setting misses common name transliteration variants and intentional misspellings.",{"step":352,"title":353,"description":354,"tip":355},4,"Build your license determination checklist","Create a documented checklist that walks through ECCN, destination country group, end user, end use, and available license exceptions for every controlled export. Attach completed checklists to the transaction record.","BIS publishes country group tables in Supplement No. 1 to Part 740 — bookmark this page and verify the destination country's group assignment for each new market you enter.",{"step":357,"title":358,"description":359,"tip":360},5,"Establish your recordkeeping system","Designate a centralized repository — a compliance module in your ERP, a shared drive with access controls, or a dedicated trade compliance platform — and confirm it meets the 5-year minimum retention requirement. Map each document type to its required retention period.","Configure automatic retention holds in your system so records tied to open licenses or pending transactions cannot be deleted until the retention clock starts.",{"step":362,"title":363,"description":364,"tip":365},6,"Assign roles and draft the training plan","Identify every employee role that touches controlled items or foreign parties — sales, engineering, IT, HR, shipping — and assign each to an appropriate training track. Set a completion deadline and document it in your HR system.","Include a scenario-based red flag exercise in the training, not just regulatory definitions. Employees recognize violations in context far more reliably than from a list of rules.",{"step":367,"title":368,"description":369,"tip":370},7,"Set the review cycle and name the policy owner","Insert the name and title of the policy owner in the administration section, set a specific annual review date on the compliance calendar, and draft a brief summary of how updates will be communicated and acknowledged.","Tie the annual review date to a fixed calendar event — such as the first week of the fiscal year — so it is never deferred when the compliance team is busy.",{"step":372,"title":373,"description":374,"tip":375},8,"Circulate for employee acknowledgment","Distribute the final policy to all covered employees and collect signed (or electronically confirmed) acknowledgments. Store acknowledgments in your HR system alongside training completion records.","Include a one-paragraph plain-language summary with the acknowledgment form — employees are more likely to retain the policy's key obligations when the acknowledgment is paired with a readable summary rather than the full legal document.",[377,381,385,389,393,397],{"mistake":378,"why_it_matters":379,"fix":380},"Omitting software and technical data from scope","EAR and ITAR controls apply to software downloads, API access, and technical data disclosures — not just physical shipments. A policy that covers only hardware misses the majority of modern export transactions.","Explicitly list software, source code, cloud-hosted technology, and technical data in the policy's scope section, and map each to the relevant ECCN or USML category.",{"mistake":382,"why_it_matters":383,"fix":384},"Screening only at customer onboarding","Parties are added to the SDN List and Entity List continuously. A customer screened clean at contract signing may be sanctioned before the next shipment, and OFAC violations carry strict liability regardless of intent.","Require transaction-level screening for every shipment or technology transfer, not just a one-time check at onboarding, and document each screening result.",{"mistake":386,"why_it_matters":387,"fix":388},"Treating EAR99 as the default without a written analysis","EAR99 is a classification conclusion, not a safe assumption. Exporting an unclassified item that is later determined to be controlled carries the same civil and criminal penalty exposure as a knowing violation.","Complete and retain a written classification analysis for every product and software version, referencing the specific CCL entry reviewed and the date of analysis.",{"mistake":390,"why_it_matters":391,"fix":392},"Ignoring deemed exports for foreign national employees","Granting a foreign national employee access to controlled source code or technical data inside the US is legally an export to their home country. Companies that fail to address this are frequently cited in BIS enforcement actions.","Add a deemed export review step to the HR onboarding workflow and require the compliance function — not HR alone — to complete the license determination before access is granted.",{"mistake":394,"why_it_matters":395,"fix":396},"Storing export records in employee email","BIS requires exporters to produce records within a short window during an audit. Records stored in individual inboxes become inaccessible when the employee departs and cannot be searched systematically.","Designate a centralized, access-controlled repository for all export documentation and migrate existing records to it when the policy is implemented.",{"mistake":398,"why_it_matters":399,"fix":400},"No voluntary self-disclosure process","BIS and OFAC treat voluntary self-disclosure as a major mitigating factor that can reduce penalties by 50% or more. Companies without a defined process often miss the disclosure window because internal escalation is too slow.","Define a specific escalation timeline in the policy — for example, report suspected violations to the compliance manager within 5 business days of discovery — and empower the compliance function to engage outside counsel promptly.",[402,405,408,411,414,417,420,423,426],{"question":403,"answer":404},"What is an export control policy?","An export control policy is an internal company document that defines how the organization identifies controlled goods, software, and technical data and manages their transfer across international borders in compliance with applicable trade laws. In the United States, the primary frameworks are the EAR (administered by BIS), the ITAR (administered by DDTC), and OFAC sanctions programs. A written policy is evidence of a functioning compliance program and is reviewed by regulators during audits and enforcement investigations.\n",{"question":406,"answer":407},"Who needs an export control policy?","Any company that exports physical goods, transfers software internationally, shares technical data with foreign parties, or employs foreign nationals with access to controlled technology needs a written export control policy. This includes manufacturers, technology companies, defense contractors, distributors, and software vendors. Companies that believe their products are EAR99 and require no license still need a policy to document the classification analysis and screening procedures that support that conclusion.\n",{"question":409,"answer":410},"What is the difference between EAR and ITAR?","The EAR covers dual-use items — commercial goods, software, and technology that have both civilian and potential military applications — and is administered by BIS within the US Department of Commerce. The ITAR covers defense articles and services specifically listed on the US Munitions List and is administered by DDTC within the US Department of State. ITAR requirements are generally stricter: registration with DDTC is mandatory for manufacturers and exporters of USML items, and licenses are required for virtually all exports. When an item could fall under either framework, ITAR takes precedence.\n",{"question":412,"answer":413},"What is a deemed export and why does it matter?","A deemed export is the transfer of controlled technology or source code to a foreign national inside the United States — legally treated as an export to that person's home country. It matters because companies that hire foreign national engineers, grant foreign visitors access to controlled labs, or allow foreign national contractors access to restricted source code repositories may be making unlicensed exports without realizing it. BIS has brought numerous enforcement actions on deemed export grounds, and penalties can be substantial even when the transfer was entirely internal.\n",{"question":415,"answer":416},"What penalties apply for export control violations?","Civil penalties under the EAR can reach $364,992 per violation or twice the value of the transaction, whichever is greater (amounts are adjusted periodically for inflation). Criminal penalties can include fines up to $1 million per violation and up to 20 years imprisonment for knowing violations. OFAC civil penalties can reach over $300,000 per transaction or twice the transaction value under certain programs. Penalties apply even where violations were unintentional, making a documented compliance program the primary defense.\n",{"question":418,"answer":419},"Does my company need an export license?","Whether a license is required depends on the item's ECCN classification, the destination country, the end user, and the intended end use. Items classified as EAR99 generally do not require a license for most destinations, but may still be prohibited to sanctioned countries or parties on restricted lists. Controlled items with an ECCN designation require a license or a qualifying license exception for exports to certain country groups. A documented license determination analysis is required for every controlled export regardless of whether a license is ultimately needed.\n",{"question":421,"answer":422},"How often should an export control policy be reviewed?","At minimum, annually. The BIS Commerce Control List, USML, and OFAC sanctions programs are updated regularly — sometimes multiple times per year. Product lines, customer bases, and supply chains also change in ways that can create new export control obligations. A policy that was accurate at adoption may be materially incomplete 18 months later. Assign a named policy owner and set a fixed annual review date on the compliance calendar to ensure the review actually happens.\n",{"question":424,"answer":425},"Can a small business use a template for its export control policy?","Yes. A well-structured template covers the core framework — scope, classification, screening, licensing, recordkeeping, training, and violation reporting — that regulators expect to see in any compliance program. Small businesses with straightforward product lines and limited international sales can typically complete the template with internal resources. Companies with ITAR-controlled products, complex supply chains, or operations in multiple countries should supplement the template with a review by a trade compliance attorney or licensed customs broker.\n",{"question":427,"answer":428},"What records does an export control policy require the company to keep?","BIS requires exporters to retain all records related to export transactions for 5 years from the date of export or from the expiration of an applicable license, whichever is later. Required records typically include export declarations (Electronic Export Information filings), shipping documents, license determinations and exception analyses, screening results and documentation, end-use certificates, and correspondence related to controlled transactions. DDTC requires ITAR records to be retained for 5 years as well. Records must be produced for government inspection within a defined window during audits.\n",[430,434,438,441],{"industry":431,"icon_asset_id":432,"specifics":433},"Defense and aerospace","industry-manufacturing","ITAR registration is mandatory for manufacturers and exporters of USML items; export control policies must address Technical Assistance Agreements (TAAs) and Manufacturing License Agreements (MLAs) alongside standard shipment procedures.",{"industry":435,"icon_asset_id":436,"specifics":437},"Technology and SaaS","industry-saas","Software downloads, API access, and cloud-hosted technology are subject to EAR controls; deemed export risk is elevated given the prevalence of foreign national engineers, and encryption items require specific classification review under ECCN 5D002.",{"industry":439,"icon_asset_id":432,"specifics":440},"Manufacturing and industrial equipment","Dual-use machinery, components, and materials frequently carry ECCN designations that require license determinations for exports to Country Group D nations, and supply chain re-export obligations must be addressed with distributors.",{"industry":442,"icon_asset_id":443,"specifics":444},"Life sciences and medical devices","industry-healthtech","Certain biological agents, chemical precursors, and medical devices appear on the CCL; exports to sanctioned countries may be prohibited even for humanitarian items unless an OFAC license exception applies.",[446,449,452,456],{"vs":235,"vs_template_id":447,"summary":448},"D{TRADE_COMPLIANCE_POLICY_ID}","A trade compliance policy covers both import and export compliance — including customs valuation, tariff classification, and import controls — in a single document. An export control policy focuses exclusively on the outbound side: EAR, ITAR, and sanctions screening. Companies with significant import activity need a trade compliance policy; those focused on international sales or technology transfers can start with the narrower export control document.",{"vs":227,"vs_template_id":450,"summary":451},"D{ITAR_COMPLIANCE_POLICY_ID}","An ITAR compliance policy is scoped specifically to defense articles and services listed on the US Munitions List and addresses DDTC registration, Technical Assistance Agreements, and Directorate-specific requirements. An export control policy addresses both EAR and ITAR within a unified framework, making it the better starting point for companies whose product portfolio spans both regimes.",{"vs":453,"vs_template_id":454,"summary":455},"Sanctions Compliance Policy","D{SANCTIONS_COMPLIANCE_POLICY_ID}","A sanctions compliance policy focuses on OFAC-administered programs — identifying sanctioned countries, entities, and individuals and establishing screening and transaction-blocking procedures. An export control policy incorporates sanctions screening as one component within a broader framework that also covers product classification, licensing, and recordkeeping. Companies with exposure only to financial sanctions (not controlled goods) may only need the narrower sanctions document.",{"vs":457,"vs_template_id":458,"summary":459},"Code of Business Conduct","D{CODE_OF_CONDUCT_ID}","A code of business conduct sets general ethical standards across all company activities — including anti-bribery, conflicts of interest, and fair dealing — at a high level of abstraction. An export control policy is a specific operational procedure document with concrete checklists, roles, and recordkeeping requirements. The code of conduct typically references the export control policy rather than replacing it.",{"use_template":461,"template_plus_review":465,"custom_drafted":469},{"best_for":462,"cost":463,"time":464},"Companies with EAR-only exposure, straightforward product lines, and limited ECCN-controlled items seeking a documented compliance framework","Free","3–5 hours to complete and distribute",{"best_for":466,"cost":467,"time":468},"Companies with ITAR-controlled products, foreign national employees with access to controlled technology, or first-time export compliance programs","$500–$2,500 for a trade compliance attorney or licensed customs broker review","1–2 weeks",{"best_for":470,"cost":471,"time":472},"Defense contractors subject to DDTC registration requirements, companies under BIS or OFAC investigation, or multinationals with complex re-export obligations across multiple jurisdictions","$3,000–$15,000+ depending on complexity and attorney time","4–8 weeks",[474,475,476,477,478,479,480,481,482,483,484,485],"anti-bribery-policy-D13246","business-code-of-conduct-D13909","data-privacy-policy-D13465","corporate-governance-policy-D13943","vendor-management-policy-D12802","information-security-policy-D13552","employee-training-plan-D13175","risk-management-plan-D13391","records-management-and-retention-policy-D13761","whistleblower-policy-D12649","supplier-code-of-conduct-D12745","international-agent-agreement-D13520",{"emit_how_to":487,"emit_defined_term":487},true,{"primary_folder":489,"secondary_folder":490,"document_type":491,"industry":492,"business_stage":493,"tags":494,"confidence":499},"software-technology","cybersecurity-policies","policy","general","all-stages",[495,491,496,497,498],"compliance","data-protection","export-control","trade-regulations",0.85,"\u003Ch2>What is an Export Control Policy?\u003C/h2>\n\u003Cp>An \u003Cstrong>Export Control Policy\u003C/strong> is a formal internal document that defines how a company classifies, screens, licenses, and documents the export of controlled goods, software, technology, and technical data in compliance with applicable trade laws. In the United States, the primary frameworks are the Export Administration Regulations (EAR), administered by the Bureau of Industry and Security, the International Traffic in Arms Regulations (ITAR), administered by the Directorate of Defense Trade Controls, and economic sanctions programs administered by the Office of Foreign Assets Control. A written policy translates these regulatory requirements into concrete internal procedures — covering who is responsible, what must be checked before each transaction, what records must be kept, and how violations are reported and remediated.\u003C/p>\n\u003Ch2>Why You Need This Document\u003C/h2>\n\u003Cp>Operating without a written export control policy creates exposure on every international transaction your company executes. Regulators treat the absence of a documented compliance program as an aggravating factor in penalty calculations — meaning the same underlying violation draws a higher fine if the company cannot demonstrate it had functioning procedures in place. Civil penalties under the EAR can exceed $360,000 per transaction, and OFAC violations carry strict liability regardless of intent. Beyond regulatory risk, customers in defense, aerospace, and government contracting routinely require suppliers to produce a written export compliance program before awarding a contract. A documented policy also protects the company when an employee makes a mistake: it establishes that the violation was a process failure rather than a systemic one, which is a meaningful distinction in enforcement negotiations. This template gives you the framework to build that program without starting from a blank page.\u003C/p>\n",1781185992845]