A Technology Control Plan (TCP) is a living document that outlines the means in which export controlled information and technology will be protected. The purpose of a TCP is to outline the characteristics of the project and to define the controls necessary to ensure that the transfer of identified items to visitors, employees, and students during the performance of research activities or other university endeavors occurs in an authorized and approved manner.
Answer "Yes" or "No" to the following questions noted below. If you are unsure how to answer the question, contact the University's Chief Global Compliance Officer for assistance. DO NOT ASSUME the answer is "NO" if you do not know with certainty the answer.
If you answered "YES" to any one question above, a TCP is required.
Establishing a TCP is a multi-step process and a TCP takes time to develop, implement and maintain. While a TCP is benefical under any condition, it is mandatory before application for an export license can be submitted. If a license is required, the U.S. Government processing time for applications varies from as little as 6 weeks to more than 6 months. Therefore, it is vital that a TCP be thoroughly detailed with as much supporting documentation as can be provided in order to mitigate additional delays in the license application process.
The first step is for the Principle Investigator (PI) and/or department heads who will be overseeing the project to complete export compliance training.
NYU provides online training for export compliance through the Collaborative Institutional Training Initiative (CITI) Program. If you have not used CITI before, you will need to register and select New York University as your associated institution.
The required CITI Program Export Compliance modules for a TCP will be:
Other modules may be deemed appropriate depending on the nature of the project.
A TCP is project-specific. When the need for a TCP has been identified, the PI or department head will contact the Import & Export Compliance Officer who will assist with development of a TCP that is appropriate to the project. When the terms of the project end, so does the associated TCP.
The TCP will include elements such as project information, personnel identification, technology and technical data, security, and international travel. More specifically, the TCP will include a thorough description of the information and/or items to be protected; specific measures to control access within the facility; procedures for control of access to equipment; and certification by all project personnel.
To fully understand the items being protected, documentation such as export classifications, equipment spec sheets, contracts / agreements, etc., may be needed to be included with the TCP as appendices. Other University departments, such as Public Safety, may also need to be included, especially where area access controls are needed.
All personnel, regardless of citizenship, who are listed in the TCP as authorized for inclusion on the project form must undergo restricted party screening. This process will be conducted by the Chief Global Compliance Officer. The reason for this screening is to comply with federal regulations ensuring that no person is debarred.
Yes, there is. After discussing your project with NYU's Import & Export Compliance Officer (IECO), the template will be provided and the IECO will work with you each step of the way.
Once the TCP has been developed and approved by the Chief Global Compliance Officer, it is the responsibility of the PI and/or department head to implement the security measures defined within the TCP. This includes diligence in overseeing employees so that they understand and follow the security measures and processes to be implemented.
In addition, all individuals affected by the TCP will undergo a live training session with the IECO as a group to discuss the developed TCP and export controls. This special session will be coordinated by the PI or department head prior to the start of the project.
The TCP is a living document, therefore, as changes within the project occur the TCP will need to be updated accordingly in order to maintain compliance. Changes that can affect the TCP could be: scope of work; additions/deletions of authorized personnel; equipment; work spaces; amendments to regulations; etc.
The IECO will conduct periodic reviews to ensure the TCP is being monitored and followed as defined within the documentation itself.
Because the TCP is a living document, a copy of the TCP will be maintained by the PI in the project binder through the duration of the project and be accessible to only those authorized. An official copy of the TCP will be maintained by the responsible department for five (5) years from project completion or from expiration of the license (as applicable). A copy of the TCP will remain on file with the Office of Compliance and Risk Management.
An electronic version of the TCP and its supporting documents is acceptable for record retention.