The short answer
ITAR changes the sourcing process before machining begins. If the drawing, model, or part is controlled, the buyer has to manage who gets the data, where the work is done, and how access is restricted. That means supplier screening and RFQ handling matter as much as spindle capability.
Why ITAR starts at the RFQ
Controlled technical data is already a compliance issue before a machine ever touches material. If files are sent to the wrong party, stored in the wrong environment, or accessed by the wrong people, the problem has started long before production. Buyers who treat ITAR as a label added after quotation are already late.
This is why the RFQ workflow needs its own discipline.
What to check with suppliers
Ask who can access files, where work is performed, whether subcontracting is controlled, and whether the supplier has a routine method for handling export-controlled data. The supplier should be able to explain the workflow clearly, not just say yes, we do defense work.
A vague answer here is a real sourcing risk.
What changes commercially
ITAR-controlled work often narrows the supplier pool and can increase price or lead time. That is normal. The point is compliant execution, not commodity buying. Trying to force controlled work into a generic sourcing process usually creates risk without saving meaningful money.
Cheap and sloppy is not a smart compliance strategy.
How buyers should package the job
Mark controlled data clearly. Limit distribution. Use the right channel. Keep revision control tight. And state domestic-only or source-control expectations up front if they apply. Related reading: AS9100 vs ISO 9001: which certification matters for machined parts? and Machining lead time factors: what actually sets delivery dates.
Good ITAR handling is mostly disciplined admin work done before the first cutter spins.
Comparison table where relevant
| ITAR question | Why it matters | Weak practice |
|---|---|---|
| Who can access the files? | Controls technical-data exposure | Email blast to many shops |
| Where is work done? | Location control matters | No source visibility |
| Is subcontracting controlled? | Sub-tier risk matters | Assume outside processes are fine |
| How is data marked and stored? | Admin discipline protects compliance | Treat it like ordinary RFQ data |
How to specify this in your RFQ
State clearly that the RFQ contains ITAR-controlled technical data and ask suppliers to confirm compliant handling before you release the full package. Also say whether domestic-only manufacturing, approved processors, or restricted subcontracting applies.
Have a part that needs quoting? Email your drawings to rfq@precisionmachining.co - we return a competitive quote within 24 hours. Phone: +1 312-579-0808.