A Technology Control Plan ("TCP") is a living document that outlines the means by which export-controlled information and technology will be protected.  The purpose of a TCP is to outline the characteristics of the project and to define the controls necessary to ensure that the transfer of identified tangible or intangible items to visitors, employees, and students during the performance of research activities or other University endeavors occurs in an authorized and approved manner.  

Contact the NYU Office of Ethics and Compliance ("OEC") to determine whether a TCP is required. 

Establishing a TCP is a multi-step process and a TCP takes time to develop, implement and maintain.  While a TCP is benefical under any condition, it is mandatory before application for an export license can be submitted.  If a license is required, the U.S. Government processing time for applications varies and can take several months or longer, with a possibility of denial.  Therefore, it is vital that a TCP be thoroughly detailed with as much supporting documentation as can be provided in order to mitigate additional delays in the license application process. 

A TCP is project-specific.  When the need for a TCP has been identified, the PI/department will work with OEC and other relevant University organizations to develop a TCP that is appropriate to the project.  When the terms of the project end, so does the associated TCP. 

The TCP will include elements such as project information, personnel identification, technology and technical data, security, and international travel. More specifically, the TCP will include a thorough description of the information and/or items to be protected; specific measures to control access within the facility; procedures for control of access to equipment; and certification by all project personnel.

To fully understand the items being protected, documentation such as export classifications, equipment spec sheets, contracts/agreements etc., may be needed to be included with the TCP as appendices.

Once the TCP has been developed and approved by OEC, it is the responsibility of the PI/department to implement the security measures defined within the TCP.  This includes diligence in overseeing employees so that they understand and follow the security measures and processes to be implemented.

In addition, all individuals affected by the TCP will undergo training with OEC to discuss the developed TCP and applicable export controls prior to the start of the project. 

Because the TCP is a living document, a copy of the TCP will be maintained by the PI in the project binder through the duration of the project and be accessible to only those authorized.  An official copy of the TCP will be maintained by the responsible department for five (5) years from the project completion or expiration of the license, as applicable.  A copy of the TCP will remain on file with OEC.

An electronic version of the TCP and its supporting documents is acceptable for record retention.