Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

DRAFT Office of Research Administration TECHNOLOGY

advertisement 
Office of Research Administration
TECHNOLOGY CONTROL PLAN
This project/activity involves the use of export-controlled information. As a result, the
project/activity comes under the purview of either the State Department’s International
Traffic in Arms Regulations (ITAR) at Title 22, C.F.R., Parts 120-130 or the Department of
Commerce’s Export Administration Regulations (EAR) at Title 22, C.F.R. Parts 730-774.
In accordance with Export Control Regulations (EAR and ITAR), a Technology
Control Plan (TCP) is required in order to prevent unauthorized exportation of
protected items / products, information, or technology deemed to be sensitive to
national security or economic interests.
Date:
Title of Sponsored Project/Activity (Project):
Technical Description of Item, Technology, Equipment, Software to Be
Transferred:
Principal Investigator (PI):
Phone:
Email:
This plan has been approved and adopted by the Colorado School of Mines
__________________________________________________________
John M. Poate, Ph.D., Empowered Official
Vice President for Research and Technology Transfer
Office of Research Administration
1. Scope
All CSM employees having access to ITAR or EAR information owned by or
entrusted to CSM are within the scope of these requirements. Compliance with the
requirements set forth in the following TCP is mandatory.
2. Information Subject to Control
The Project has been identified to fall under ITAR. The definition of what articles
and services are subject to the ITAR is defined in the ITAR in section 120.3, and is
reproduced below:
An article or service may be designated or determined in the future to be a defense
article (see § 120.6) or defense service (see § 120.9) if it:
(a) Is specifically designed, developed, configured, adapted, or modified for a
military application, and
(i) Does not have predominant civil applications, and
(ii) Does not have performance equivalent (defined by form, fit and
function) to those of an article or service used for civil applications; or
(b) Is specifically designed, developed, configured, adapted, or modified for a
military application, and has significant military or intelligence applicability such
that control under this subchapter is necessary.
The intended use of the article or service after its export (i.e., for a military or
civilian purpose) is not relevant in determining whether the article or service is
subject to the controls of this subchapter. Any item covered by the U.S. Munitions
List must be within the categories of the U.S. Munitions List. The scope of the U.S.
Munitions List shall be changed only by amendments made pursuant to section 38
of the Arms Export Control Act (22 U.S.C.2778).
Specifically, the Project is controlled by ITAR Category XII – Fire Control, Range
Finder, Optical and Guidance and Control Equipment.
Physical Security Plan:
Project data, materials (Controlled Information) and equipment (Controlled
Technology) will be physically shielded from observation by unauthorized
individuals by operating in secured laboratory spaces, or during secure time blocks
when observation by unauthorized persons is prevented.
Office of Research Administration
a. Location: (describe the physical location of each sensitive technology /
item to include building and room numbers. Attachment of a diagram of
the location is highly recommended)
b. Physical Security: (provide a detailed description of your physical
security plan designed to protect your item/technology form unauthorized
access, ie., secure doors, limited access, security badges, CCTV, etc.)
c. Perimeter Security: (describe perimeter security features of the location
of the protected technology / item)
3. Information/Technology Security Plan
a. Communications
Conversations. Discussions about the Project are limited to the Project
Personnel identified below and held only in areas where unauthorized
personnel are not present. Discussions with third party sub-contractors
will only be conducted under signed confidentiality agreements subject to
U.S. export control regulations.
Voicemail. Voicemail shall not be used to share Controlled Information.
Voicemail may be used for non-technical messages associated with the
Project (e.g., announcement of project meetings).
Instant Messaging. Instant messaging shall not be used to transmit
Controlled Information.
Telephone. Controlled Information may be transmitted by telephone or
through conference calls if previously authorized by both parties and U.S.
citizenship is confirm prior to release of Controlled Information.
Email. All emails containing Controlled Information shall contain a
contents label as follows and be encrypted at a level consistent with
corporate best practices.
“This email transmission contains information controlled for export purposes
under U.S. International Traffic in Arms Regulations (ITAR) and is intended for the
recipient only. No export, sale, transfer, release or other disposition of this
information is permitted without prior authorization from the U.S. Government.”
Email that contains Controlled Information shall only be sent to recipients that
the send has verified are authorized to receive Controlled Information.
Office of Research Administration
b. Controlled Information Identification
The technology will be clearly marked as export controlled. Electronic
files of Controlled Information will be marked in the header or footer as
export controlled. Raw data files will be stored on an external hard drive
physically marked as containing export controlled data. Physical marking
shall include the following disclosure:
“This __________ contains information controlled for export purposes under U.S.
International Traffic in Arms Regulations (ITAR). No export, sale, transfer, release
or other disposition of this information is permitted without prior authorization
from the U.S. Government.”
Or
“Export Controlled Information – ITAR”
c. IT Systems and Computer Security
Controlled Information will be processed on the PI’s laptop. Per CSM
standard procedures, the laptop has been installed with encryption
software that complies with current commercial standards. Controlled
Information will not be stored on any of the CSM servers but on external
hard drives under control of the PI. Each hard drive will also be
encrypted using CSM encryption software.
Email security. Project Personnel will work with CSM’s Campus
Computing, Communications and Information Technologies (CCIT)
Department to obtain email certificates which will guarantee sender and
receiver identities and encrypt the emails sent between certificate
holders.
d. Disposal
All Controlled Information will be removed from the external hard dive
upon completion of the project. Any hard copy of Controlled Information
will be shredded. Controlled Technology will be disassembled until each
component is no longer be classified as “controlled” under ITAR.
4. Project Personnel
a. Authorized Individuals: The following individuals are authorized to
work on the Project:
Office of Research Administration
No foreign national, as defined by 8 U.S.C. 1101(a)(20)1 or who is not a
protected individual as defined by 8 U.S.C. 1324b(a)(3)2, will perform
any work on the Project or have access to the Controlled Information and
Technology.
b. Personnel Screening Procedures: All personnel on the project are
screened against the U.S. Federal Governments Restricted and Denied
Party List and undergo criminal background checks and screening using
the U.S. Citizen and Immigration Services’ E-Verify System. In the event
that there is any concern regarding the citizenship of project personnel,
hard copy proof in the form of a U.S. birth certificate or passport will be
required.
c. Training: The PI shall ensure that all persons working on the Project are
aware of the content of ITAR rules and regulations and the contents of the
plan. Should any questions arise during the course of the Project or oneon-one trainings, they will be director to the Office of Research
Administration’s Research Compliance Officer.
5. Self-Evaluation Program
Project personnel shall report non-compliance with this TCP to the PI, who shall
work with the Office of Research Administration’s Research Compliance Officer to
determine what, if any, disciplinary or corrective action is required. Violations or
suspected violations of the ITAR shall be assessed and the Research Compliance
Officer, in connection with CSM upper management, shall determine the appropriate
action based on ITAR. A violation of the ITAR is the unauthorized release of ITAR
Controlled Information or Technology to foreign national(s).
All corrective actions will be handled in accordance to CSM policies and procedures,
including the CSM Faculty Handbook.
The Research Compliance Officer shall review the compliance status of the Project
semi-annually with the PI. The discussion will cover all items stated in this TCP and
how they were addressed by the Project and a review of any disciplinary or
corrective actions taken. The Research Compliance Officer will provide a written
summary of the discussion and an opinion of the compliance status of the Project to
the PI and also keep a copy of that summary on file.
Office of Research Administration
TECHNOLOGY CONTROL PLAN BREIFING
This is to acknowledge that I have read the Colorado School of Mines Technology
Control Plan relating to PROJECT TITLE. Accordingly, I understand the procedures as
contained in this TCP and agree to comply with all Colorado School of Mines and U.S.
government regulations as those regulations pertain to export controlled information. I
agree to update this plan as required and as additional personnel are added to this
project.
1
2
3
4
Signature
Printed
Name
Title
Signature
Printed
Name
Title
Signature
Printed
Name
Title
Signature
Printed
Name
Title
Date
Date
Date
Date
Office of Research Administration
TECHNOLOGY CONTROL PLAN AND NON DISCLOSURE STATEMENT
I acknowledge and understand that any technical data related to defense articles on the U.S.
Munitions List, or dual use goods on the Commerce Control List to which I have access or
which may be disclosed to me in the course of my employment at Colorado School of Mines,
is subject to export controls under the International Traffic in Arms Regulations (Title 22,
CFR, Parts 120-130), or the Export Administration Regulations (EAR) Parts 730-774. I
hereby certify that such data or technology will not be further disclosed, exported or
transferred in any manner to any foreign national or any foreign country without prior
written approval of the Office of Defense Trade Controls, U.S. Department of State or the
Bureau of Industry and Security, U.S. Department of Commerce.
I have read the Colorado School of Mines Technology Control Plan relating to PROJECT TITLE
and executed the Technology Control Plan Breifing.
Project Personnel:
Signature
Printed
Name
Signature
Printed
Name
Signature
Printed
Name
Date
Dept
Date
Dept
Date
Dept
Related documents
In order to register for Export Control training, go to www.d2l.arizona
In order to register for Export Control training, go to www.d2l.arizona
Deemed Export Control
Deemed Export Control
What do you think of this?
What do you think of this?
Export Controls - Rose
Export Controls - Rose
OSP-OSA Training - Export Controls
OSP-OSA Training - Export Controls
Technology Control Plan Template
Technology Control Plan Template
Download
advertisement