|What is a Technology Control Plan (TCP)?|
A TCP is a document that formalizes the processes and procedures used by university personnel to control access to and release of export controlled items, information, materials, etc. in accordance with federal export regulations. The Office of Export Controls has developed a template TCP, which should be modified and tailored to comply with the specific regulatory requirements and to accommodate the particular project or program.
|When do I need a TCP?|
A TCP is appropriate if:
- A project or activity involves the receipt of Sensitive Unclassified Information (SUI) from an outside party or sponsor under a nondisclosure agreement or sponsored research agreement;
- A project or activity is not considered Fundamental Research; or
- A project or activity involve technology or software associated with export-controlled equipment.
TCPs should be completed and approved prior to handling export-controlled information associated with a research project, which may be prior to the project start date.
|What is addressed in a TCP?|
A TCP generally includes:
- A statement of institutional commitment to export control compliance;
- Identification of the relevant export control categories and controlled technologies;
- Identification of the project's sponsor(s);
- A description of physical security measures;
- A description of information security measures;
- Personnel requirements; and
- Administrative elements (i.e., inspections, training, recordkeeping, etc.)
|What type of Security Measures need to be included?|
The physical and information security measures necessary to prevent unauthorized access and export must be included in the TCP. Examples of security measures include, but aren't limited to:
- Restricted Access/Compartmentalization: Project may be limited to laboratory areas with restricted access/observation by unauthorized individuals. Such areas must remain secured at all times when subject items or information are in use.
- Marking: Clearly marking all export controlled information/items.
- Personnel Identificaiton: Identify those individuals will access to the controlled areas and the approval, process and documentation required before any visitors are allowed in the controlled area.
- Secure Storage: Provide adequate safeguards to ensure tangible items, electronics, technology and electronic data are securely stored.
- Training: All project personnel should be trained on the TCP and project specific export control areas.
|Who is responsible for the TCP?|
It is the responsibility of the Principal Investigator or program leader to develop, maintain and enforce compliance with the terms of the TCP. The Office of Export Controls will assist with development and determine whether or not it is sufficient to adequately protect the subject items and information from unauthorized access and export.
The completed TCP should be sent to the System Export Control Officer for review and comment BEFORE collecting the required signatures on the TCP. Once the System Export Control Officer has approved the safeguards and confirmed the eligibility of the identified users, the PI will be notified. At that point, the PI will need to distribute the TCP to the authorized users and have them sign the TCP. Once all of the user signatures have been obtained, a copy of the executed TCP should be provided to the System Export Control Officer.
Contact the Office of Export Controls if you have any questions regarding TCPs or Export Controls in general.