Technology Control Plans
A Technology Control Plan (TCP) is a living document that outlines the means in which export controlled information and technology will be protected. The purpose of a TCP is to outline the characteristics of the project and to define the controls necessary to ensure that the transfer of identified items to visitors, employees, and students during the performance of research activities or other university endeavors occurs in an authorized and approved manner.
Establishing a TCP is a multi-step process and a TCP takes time to develop, implement and maintain. While a TCP is benefical under any condition, it is mandatory before application for an export license can be submitted. If a license is required, the U.S. Government processing time for applications varies from as little as 6 weeks to more than 6 months. Therefore, it is vital that a TCP be thoroughly detailed with as much supporting documentation as can be provided in order to mitigate additional delays in the license application process.
A TCP is project-specific. When the need for a TCP has been identified, the PI or department head will contact OCRM who will assist with development of a TCP that is appropriate to the project. When the terms of the project end, so does the associated TCP.
The TCP will include elements such as project information, personnel identification, technology and technical data, security, and international travel. More specifically, the TCP will include a thorough description of the information and/or items to be protected; specific measures to control access within the facility; procedures for control of access to equipment; and certification by all project personnel.
To fully understand the items being protected, documentation such as export classifications, equipment spec sheets, contracts / agreements, etc., may be needed to be included with the TCP as appendices. Other University departments, such as Campus Safety, may also need to be included, especially where area access controls are needed.
All personnel, regardless of citizenship, who are listed in the TCP as authorized for inclusion on the project form must undergo restricted party screening. This process will be conducted by OCRM. The reason for this screening is to comply with federal regulations ensuring that no person is debarred.
Once the TCP has been developed and approved by OCRM, it is the responsibility of the PI and/or department head to implement the security measures defined within the TCP. This includes diligence in overseeing employees so that they understand and follow the security measures and processes to be implemented.
In addition, all individuals affected by the TCP will undergo a live training session with OCRM as a group to discuss the developed TCP and export controls. This special session will be coordinated by the PI or department head prior to the start of the project.
Because the TCP is a living document, a copy of the TCP will be maintained by the PI in the project binder through the duration of the project and be accessible to only those authorized. An official copy of the TCP will be maintained by the responsible department for five (5) years from project completion or from expiration of the license (as applicable). A copy of the TCP will remain on file with OCRM.
An electronic version of the TCP and its supporting documents is acceptable for record retention.