CEOCFO MOBILE  CONTACT  |   CEOCFO-SERVICES HOME

RegDOX Solutions Inc.

CEOCFO-Members Login

February 13, 2017 Issue

CEOCFO MAGAZINE

 

Extending Cloud-based Electronic Storage and Collaboration Solutions to Documents and Data Controlled by US Government Export Regulations

 

 

William L. O'Brien

President/Chief Executive Officer
 

RegDOX Solutions Inc.

www.regdox.com

 

Interview conducted by:

Lynn Fosse, Senior Editor, CEOCFO Magazine, Published – February 13, 2017

 

CEOCFO: Mr. O’Brien, would you tell us about RegDOX?

Mr. O’Brien: RegDOX provides cloud-based electronic document storage, management and collaboration solutions and has a particular expertise in handling data subject to regulatory compliance. Hence our name is a contraction of the term, Regulated Documents, and is intended to represent that focus: allowing our clients to store, manage and collaborated on documents in the cloud and in compliance with applicable regulations. RegDOX’s document management solutions are provided both through customer on-premise applications and as shared cloud-based solutions. Approximately 90 percent of our business services customers using our technology as a cloud solution. In addressing any set of regulations, we first understand what the regulatory requirements are for storing and managing online documents and files. Then we assist our customers so that they might comply with those requirements while achieving efficiencies and using the leading features that just are not available with internal or low-end solutions.

 

CEOCFO: Is it generally accepted throughout most industries that online storage is acceptable or are there still some holdouts?

Mr. O’Brien: As the only full function storage and collaboration solution for US export controlled documents, RegDOX is addressing an area that has been a hold-out in the migration to cloud solutions. And that has made sense. There is good reason for caution here. US export controlled documents are subject to one of two principal sets of regulations. One is the ITAR, which refers to the International Traffic in Arms Regulations. The other also is popularly referenced as an acronym, in this case, EAR which is the Export Administration Regulations. Up until RegDOX, those two sets of regulations have been pretty much interpreted as instructing companies to never place export-controlled documents and data into a public or shared cloud solution. And there was good reason for that general understanding.  Companies could not be assured of who would be accessing or controlling the software or servers in a shared or public environment. They could not control whether individuals not entitled to received export-controlled data would be able to access their ITAR or EAR documents. They could not control whether there would be inadvertent transit of transmitted documents and files outside the US even when the transmissions begin and end inside the US. In other words, companies using cloud-based solutions could not avoid or prevent inadvertent violations of the ITAR or EAR and, in fact, could not prove even prove that an inadvertent or unlicensed export had not occurred. Those were all issues that prevented the use of cloud solutions for export-controlled documents and materials. It is those concerns that we have addressed through carefully controlled processes, new application, server and hosting security, and innovated features and functions, such as industry-leading audit and tracking, encrypted messaging and documents exchanges, and third generation user controls and permissioning. All of this taken means that RegDOX consequently has solved the barrier to using cloud solutions for export controlled data. With RegDOX, the traditional has been turned on its head: to ensure compliance with the ITAR and the EAR, bring your export-controlled documents and data into the cloud.
 

CEOCFO: What is the service and how does it work?

Mr. O’Brien: We sell subscriptions to our ITAR/EAR-compliant service. With a subscription, we assign a company an online data room center for its export-controlled documents and files. In its own data room center, each company can have as many data rooms as it requires. Our customers likewise can bring in as many licensed individual users and order as much set storage as they need. In our experience, their storage needs range from just a few gigabytes to many terabytes. The visualization of this arrangement of data room center, data rooms and customers choosing how many users and how much storage and being able to change those choices on the fly, would be as if RegDOX were to give each customer a house of its own and that customer decides how large the house will be, how many rooms, and how many occupants it will have, whether those invited users are guests or permanent residents. Thus, RegDOX’s customer companies choose, admit, and then remove their users. They can choose as many users as they want for the ITAR/EAR compliance solution and all that is required is that those users either must do be US persons as defined in the ITAR or individuals with US government authorization to have access to export controlled documents or data. This solution allows companies to deal in those documents. They have all the efficiency of a cloud solution. They have the audit, control and tracking that this high-end cloud solution can provide, but they never have to worry that that one of their users is going to inappropriately export a document intentionally, carelessly or through lack of training.


CEOCFO: How are you able to be that secure?

Mr. O’Brien: When you look at the details of some of the cyber-security breaches that we see time and again, and then you consider the security solutions that we have developed in the RegDOX ITAR/EAR-compliant cloud solution, none of those breaches should have happened. We achieve this security through a sequence of user, document, information and document rights management controls. We enable our customers to set permissions at the data room center level, the data room level, the IP address and device levels, the user level, and the document level. Consequently, our customers can decide exactly what should and should not occur with a document and file. They can preclude anything else from occurring. There are all kinds of tools we give our customers to make sure their sensitive documents stay where they are supposed to be and, if they are sent to another location, the journey is known, reported and protected at that location unless, again, the customer chooses to have it moved as an unprotected, original document. In addition, and as part of our commitment to our customers and to regulatory compliance, we assure our customers their documents are not going to leave the United States unless and until they choose to direct it to a non-US location. When a document is sent from Boston to Seattle, our customers can expect that it will not transit through internet connections in Toronto, and thus result in an inadvertent export. That is just one example of what we do to allow customers to comply with export regulations.

 

CEOCFO: Who is using your services and who should be?

Mr. O’Brien: Anyone who is handling documents and data subject to US export controls needs our services. The need to be ITAR and EAR compliant when handling electronic documents and files is particularly well-recognized among first-tier defense and aerospace contractors, but these requirements really need to be further understood and met among others working in that industry. All companies need to be aware that anyone using or possessing any information that is either referenced or described in the United States munitions list or is otherwise described in the Department of Commerce’s similar list, is required to know and comply with these regulations. The most economical and straight-forward way to achieve that compliance is RegDOX.


CEOCFO: Do people in those industries know and are they up to date on what they should be doing?

Mr. O’Brien: RegDOX is in a unique position because we can see the best practices for storing and sharing ITAR and EAR technical data being carried out daily not only by ourselves, but first-tier defense contracts, while at the same time being reminded daily that there are those covered by these regulations who appear to remain wholly or mostly ignorant of these requirements. At times, we get the impression that some companies are waiting for a knock on the door, while hoping it will never come or, when it does, it will be faint knock that may be ignored. Many larger companies over time have had their difficulties with ITAR compliance and suffered resulting losses in fines, reputations and the costs of direct government supervision of their export practices. Accordingly, these large, first-tier defense contractors understand this area and they have moved into some compliance. Their compliance certainly does not involved tools with the productivity and security features of RegDOX, but, despite the awkwardness of some of their homegrown solutions, their ITAR/EAR regulatory needs are mostly met. Where we really get concerned is when we come across medium size to smaller companies who appear to either not know the reach of these regulations, or if they do, believe there is not much they can do that is affordable. That is the market we are targeting with our recent product announcements. We can provide them a best of breed document collaboration, management solution, ITAR compliance that is off the shelf and reasonably priced.

 

CEOCFO: Is that the RegDOX® On the Fives™?

Mr. O’Brien: Yes. Through RegDOX® On the Fives, we are bringing the best ITAR and EAR document handling practices used by larger companies to other, smaller companies that are also at-risk. This recently announced marketing and pricing initiative is specifically intended to reach and service companies that need an off the shell, government reviewed program that can quickly bring them into compliance. Through RegDOX on the Fives™ program, we can limit the financial commitment of smaller companies while allowing them to meet their legal and ethical requirements when handling export-controlled documents and data.


CEOCFO: How do companies find out about RegDOX? How are you reaching out and if a company is looking, how would you jump off the page in a search?

Mr. O’Brien: Over the last year and a half, the US State Department agency that administers the ITAR reviewed and confirmed the compliance of RegDOX’s ITAR/EAR solution. In fact, RegDOX is the only company that has up to this point had that compliance addressed in an advisory opinion. We filed a patent on the technology and have really become known as being out there with larger companies. We know we must reach the smaller companies and we are doing so through social media, establishing an Internet presence and building on early efforts in this area. It is gratifying that these efforts are beginning to bear fruit.


CEOCFO: What surprised you as RegDOX has grown and evolved and morphed in some ways?

Mr. O’Brien: Two things have been surprising. One is how conservative the defense community is in adopting new technologies. They really at times seem to be in the position of waiting for the government to instruct them on best practices rather than seeking and implementing best practices as reflected in other environments where sensitive or confidential information is stored. It likewise has been surprising that seemingly very successful companies are operating in this area without fully understanding the ramifications of what they are doing and the possible downside. I have spoken with trade compliance officials from very large companies who have conceded that they are often looked upon as obstacles to sales and that doesn’t change until the government arrives and discusses potential violations. In their experience, it was only then that their companies really became serious about ITAR/EAR compliance. We are trying to get out there and not create a problem, but let companies know there is an issue, there is an opportunity to be better run through compliance, and that is what we can provide.

 

CEOCFO: What is the competitive landscape?

Mr. O’Brien: The area of online document storage is very crowded, but in this niche (and it is a large niche), there is no real competition. There are companies out there that provide training in ITAR compliance. There are companies that will consult on how to be ITAR compliant. But there is no one else with an ITAR/EAR cloud storage solution that companies can buy off the shelf and know works from day one and, while doing so, achieve the best security and collaboration tools available in the marketplace. They do not have to guess about the RegDOX solution working because the solution has been government reviewed and held to conform to regulations. It is a new, cloud-based landscape out there and we are the first, and if we get the now pending patent, will perhaps be the only company that has an ITAR and EAR-complaint document storage, management and collaboration solution.


CEOCFO: Would the talk of loosening regulations with the administration not affect the area that you are in?

Mr. O’Brien: ITAR-controlled data is by its very nature extremely sensitive information. This is one area where there is an independent and inescapable reason to regulate. Sensitive US defense information must be protected. Moreover, with RegDOX’s solution, it is not very difficult to comply with these regulations. Commendably, the Obama administration attempted to loosening these regulations where it could by moving data from under the control from the ITAR, and therefore the State Department, to the EAR, which is administered by the Department of Commerce. But still, even with this effort, when the two administrative schemes are reviewed, much of the same definitions and requirement are found. A violation of either can result in a million dollar fine for example. Because the penalties, approaches and definitions are virtually the same, this is not an area that is going to go away. At RegDOX, we offer an opportunity to companies to comply with both sets of regulations and not have to suffer great losses in productivity and financial investments to do so.


CEOCFO: Why pay attention to RegDOX?

Mr. O’Brien: Companies should pay attention to RegDOX because they want to be efficient, comply with regulations, and not have to put together a whole new IT infrastructure to reach these goals.

 

 

“Through RegDOX® On the Fives, we are bringing the best ITAR and EAR document handling practices used by larger companies to other, smaller companies that are also at-risk… Through RegDOX on the Fives™ program, we can limit the financial commitment of smaller companies while allowing them to meet their legal and ethical requirements when handling export-controlled documents and data.”- William L. O'Brien


 

RegDOX Solutions Inc.

www.regdox.com

 

Contact:

William L. O’Brien

(603) 589-4868

WOBrien@RegDOX.com



RegDOX Solutions Inc.

Print Version - PDF


 

twitter - facebook
linkedin -
blog

google plus

news - events



Recent News

RegDOX Solutions Announces a DFARS Assessment and Compliance Program to Meet the December 31 Deadline






 

 



 

 


disclaimers

Any reproduction or further distribution of this article without the express written consent of CEOCFOinterviews.com is prohibited.

 

 

Enterprise Storage Solution, RegDOX Solutions Inc.,, Secure Date Room, CEO Interviews 2017, William L. O'Brien, Extending Cloud-based Electronic Storage and Collaboration Solutions to Documents and Data Controlled by US Government Export Regulations, Technology Companies, Government Services Company, cloud solutions for confidential data storing, sharing, management and collaboration for confidential files, encrypted email, secure enterprise storage and collaboration solution, store corporate information, Export Control Materials (ECM) Platform, Secure Data Room for ITAR, compliance for the ITAR (International Traffic in Arms and Regulations) and the EAR (Export Administrative Regulations), RegDOX Solutions Inc. Press Releases, News, Tech Stock, Companies looking for venture capital, Angel Investors, private companies looking for investors, enterprise storage companies seeking investors, data room companies needing investment capital, regdoxsolutions blog, events, twitter, facebook, linkedin, google plus

 

ceocfointerviews.com does not purchase or make
recommendation on stocks based on the interviews published.