Technology Control Plan
What is a Technology Control Plan?
A Technology Control Plan (TCP) helps ensure that controlled materials will not be accessed by unauthorized persons. The need for a plan occurs whenever ITAR, Commerce Controlled List (CCL) or other controlled items or data are present on campus or when UTEP personnel are using controlled materials while not under the direct control of the provider.
The most common use of a Technology Control Plan (TCP) is to identify controlled materials or data and describe how these items will be secured while at the university. It includes plans for storing / housing the items and procedures for guarding against unauthorized access to the restricted items or information.
The plans are customized dependent on the security measures needed for the circumstances and situations. It is the responsibility of the PI to manage and enforce compliance within the terms of the TCP. The Office of Research Compliance & Regulatory Assurances and Information Security Office assist with the development and determine whether or not it is sufficient to adequately protect the item and information for unauthorized access and export (deemed export). TCPs will include:
- A commitment to export control compliance.
- Identification of the applicable export controls and items or technologies subject to the controls.
- A description of the agreed upon security measures to control the item / technology.
- Identification and nationality of each individual who will have access to the controlled item or technology.
- Personnel screening measures for granting access to the controlled item / technology.
- Appropriate security measures for disposal of the item / technology when use is complete.
- The PI should submit the Technology Control Plan (TCP) to the Office of Research Compliance and Regulatory Assuarances to initiate this process.
TCPs protecting export-controlled information generally address the following:
- Operate in secured laboratory space or during secure times so you can prevent unauthorized persons from observing the activities.
- Lock data, lab notebooks, hard copy reports and research materials in fireproof cabinets in rooms with key-controlled access.
- Do NOT transmit export-controlled information through email.
- Encrypt electronic records on a stand-alone storage device that is not networked with other university computers.
- Limit your discussions about the project or work products to the identified contributing investigators and talk where unauthorized persons are not present.
- Complete a signed confidentiality agreement before discussing with third-party subcontractors, such as identified manufacturing sites.
There is a cost to protecting controlled materials so please keep this in mind when preparing a budget for a grant application. If you encounter unanticipated costs or changes in research require more money, consider other options for covering the additional costs, whether for a separate computer, special storage facilities or separate workspace. Be sure your project sponsor is aware of the need for additional security measures related to the project and could perhaps help locate revenue. In any case, controlled information, technology, and materials must be protected; there is no other option.
Use the TCP Template to begin your TCP. UTEP's export control office will help you complete the plan and then work to have it approved.
Additional Tips
- In some situations, it is possible to put a TCP in place instead of applying for a license.
- Researchers must complete the CITI export control initial training requirements prior to beginning the research.