EXPORT MANAGEMENT EXPORT CONTROL MANUAL & GUIDELINES FOR STAFF Maintained by the Office of Sponsored Programs UPDATED 9-20-2013 1 List of Commonly Used Acronyms BIS Department of Commerce Bureau of Industry and Security CCL Commerce Control List CJ Commodity Jurisdiction DDTC Department of State Directorate of Defense Trade Controls EAR Export Administration Regulations ECCN Export Control Classification Number EMCP Export Management and Compliance Program EO Empowered Official FRE Fundamental Research Exemption ITAR International Traffic in Arms Regulations OFAC Department of the Treasury Office of Foreign Assets Control OSP Office of Sponsored Programs PI Principal Investigator SDN List Specially Designated Nationals and Blocked Persons List SIT Stevens Institute of Technology TAA Technical Assistance Agreement TCP Technology Control Plan UECO University Export Controls Officer USML United States Munitions List 2 TABLE OF CONTENTS EXPORT MANAGEMENT AND COMPLIANCE PROGRAM Statement on Stevens’ Commitment to Export Control Compliance I. II. III. INTRODUCTION GENERAL DISCUSSION GENERAL ASPECTS OF UNIVERSITY COMPLIANCE PROGRAM A. Management of the EMCP 1. 2. 3. 4. 5. B. C. D. Maintaining and distributing the EMCP description and Manual Compliance training Export control analysis E. Initial review Final review Technology Control Plan F. G. H. I. J. K. L. M. Empowered official University export control officer OSP Key university managers Principal investigators Development Training and certification The license process and procedures License exception/exemption related to travel outside the U.S. Foreign nationals Maintenance of records Monitoring and auditing Detecting and reporting violations Corrective and disciplinary actions Employee protection Appendix Material for the ECMP A. B. C. D. E. F. G. H. OSP Preaward Checklist OSP Postaward Checklist Technology Control Plan UECO template for TCP briefing and certification PI memo - issued for every SIT award EAR exception checklist-TMP laptops etc (one-time and annual) ITAR exemption checklist – Checklist for consideration of information in the public domain Various other checklists and certifications 3 EXPORT MANAGEMENT AND COMPLIANCE PROGRAM Stevens’ Commitment to Export Control Compliance Stevens Institute of Technology conducts research to advance knowledge, enhance student learning experiences, and build its reputation in the scientific and technical communities while fostering productive experiences for our sponsoring partners. While SIT endorses the principles of freedom of inquiry and open exchange of knowledge, the university is committed to compliance with export control regulations. The export of certain technologies, software and hardware is regulated and controlled by Federal law for reasons of national security, foreign policy, competitive trade reasons and to prevent the spread of weapons of mass destruction. SIT and all its employees are required to comply with the laws and implementing regulations issued by the Department of State through its International Traffic in Arms Regulations (“ITAR”), the Department of Commerce through its Export Administration Regulations (“EAR”) and the Department of the Treasury through its Office of Foreign Asset Controls (“OFAC”). World events dictate the increased need for security and vigilance over the technology controlled on the Department of State’s United States Munitions List (“USML”) and the Department Commerce’s Commerce Control List (“CCL”). Accordingly, the importance and scrutiny for compliance with the regulations has increased and research contracts and agreements received by universities from sponsors, both Federal and non-federal, which contain export control provisions have increased significantly. Export control regulations apply regardless of the source of funding, both external and internal. Although most research conducted on U.S. college and university campuses is excluded from these regulations under the Fundamental Research Exclusion, university research involving specified technologies controlled under the EAR and/or ITAR, or transactions and exchanges with designated countries, individuals and entities may require SIT to obtain prior approval from the appropriate agency before allowing foreign nationals to participate in controlled research, collaborating with a foreign company and/or sharing research – verbally or in writing – with persons who are not U.S. citizens or permanent residents. Export control regulations affect not only research conducted on campus, but also travel and shipping items outside the U.S. Simply traveling to certain sanctioned countries could require a license from OFAC. OFAC sanctions prohibit transactions and the exchange of goods and services in certain countries and with designated persons and entities. SIT is committed to export control compliance, and the export control compliance function within the Office of Sponsored Programs is staffed to advise and assist faculty in conducting activities related to research and sponsored projects. More information regarding these and other regulations that impact university activities can be found at the Department of Commerce/BIS website; the Department of State/ITAR website; and the Department of the Treasury/OFAC website. 4 I. INTRODUCTION The objective of this EMCP is to ensure that our university’s exports, deemed exports, re-exports, transfers, and activities are transacted consistent with all applicable federal requirements. Various departments have a role in the management of our export transactions and compliance with U.S. export laws and regulations. It is the university’s expectation that each employee understands the standards described and the importance of creating a synergistic system to manage the overall export responsibilities. A vital part of an EMCP is the establishment of mechanisms within the university’s daily operational procedures to provide safeguards for maintaining controlled technology. Such mechanisms help ensure that the right questions are being asked in order to preclude making shipments that are contrary to U.S. export controls, and therefore inconsistent with the university’s and country’s best interests. A soundly implemented EMCP, coupled with good judgment, can greatly reduce the risk of inadvertently exporting to a restricted end-user, or for a prohibited end-use or activity. To ensure the integrity of this system, individual feedback and suggestions for strengthening the procedures are encouraged. For questions and to send feedback and suggestions related to the EMCP procedures, please contact: Barbara DeHaven, Executive Director/Empowered Official, OSP, bdehaven@stevens.edu, 201.216.8762 or Steven Berhang, University Export Compliance Officer (UECO), sberhang@stevens.edu, 201-216-3464. II. GENERAL DISCUSSION The U.S. export control system generally requires export licensing for dual-use defense items, i.e., items that have both commercial and military applications, and for exports to sanctioned persons and destinations. U.S. national security, economic interests and foreign policy shape the U.S. export control regime. The export laws and regulations aim at achieving various objectives, such as preventing the proliferation of weapons of mass destruction, advancing the U.S. economic interests at home and abroad, aiding regional stability, implementing anti-terrorism and crime controls, and protecting human rights. These controls generally restrict the export of products and services based on the type of product and the destination of the export. In both the defense and high-technology sectors, the U.S. Government tightly regulates the export not only of equipment and components, but also of technology. Technology includes technical data, such as blueprints and manuals, as well as design services (including the transfer of “knowledge”) and training. U.S. laws assert jurisdiction over U.S.-origin equipment and technology even after it is exported (i.e., restricting the re-export or re-transfer to third parties). In addition to general export licensing, the United States maintains economic embargoes 5 against a number of countries whose governments consistently violate human rights or act in support of global terrorism. Such embargoes bar most transactions by U.S. persons with these countries. Three principal agencies regulate exports from the United States: the U.S. Department of State Directorate of Defense Trade Controls (“DDTC”) administers export control of defence exports; the U.S. Department of Commerce Bureau of Industry and Security (“BIS”) administers export control of socalled "dual-use" technology exports; and the U.S. Department of the Treasury Office of Foreign Assets Control (“OFAC”) administers exports to embargoed countries and designated entities. III. GENERAL ASPECTS OF THE UNIVERSITY’S COMPLIANCE PROGRAM Where possible, the organizational structure of the university has centralized the key export functions and coordinated export activities with other departments that may become involved in export-related issues, i.e., legal counsel, shipping, university contracts, and sponsored research. Each export control task discussed in Section III (A) has a specific person assigned to perform the task and a specific person who is responsible for assuring that it is performed. Personnel assigned export control functions have been given authority commensurate with their responsibilities. Formal lines of communication between key personnel and other with export-related functions have been established. Underscoring its commitment to promote aggressive management of controlled technology by all Stevens’ employees, university administration will hire, train, and motivate quality export compliance personnel. Compliance personnel must have a working knowledge of export control laws and regulations and be able to competently ensure the university’s compliance through the effective management of its export management and compliance program. Export control personnel will have authority commensurate with their responsibilities, including authority to stop export transactions when warranted; and training, expertise and authority sufficient to safeguard the university against long-range legal implications that it risks through an ineffective export management and compliance program. Compliance personnel must not only possess the ability to discern the right thing to do but will be supported by university management and the university community. A. MANAGEMENT OF THE EMCP There are individuals and functions that are central to a successful EMCP. At SIT those are: 1. i. EMPOWERED OFFICIAL (EO)– assigned responsibilities The Executive Director of the Office of Sponsored Programs is the Empowered Official for Stevens Institute of Technology. In this capacity, the EO has authority to represent the university before the export control regulators in matters related to registration, licensing, commodity jurisdiction requests, or voluntary disclosures. While certain oversight functions may be delegated, only the EO has the power to sign such paperwork and bind the university in any proceeding be DDTC, BIS, OFAC, or any other 6 government agency with export control responsibilities. The EO will oversee management of the university’s ECMP and all related aspects including communication to the Provost, Vice Provost of Research, the Director of Risk Management, and General Counsel when necessary. ii. EMPOWERED OFFICIAL – responsibility monitoring The Director of Risk Management shall monitor activities and performance of the Empowered Official by means of a quarterly meeting and reporting in order to identify and assess potential areas in need of strengthening and improvement. 2. i. UNIVERSITY EXPORT CONTROLS OFFICER – assigned responsibilities The UECO has authority and the responsibility for implementation and enforcement of the procedures set forth in the EMCP. The UECO works closely with the EO: OSP and the OSP in performing his/her duties. The UECO: (a) makes the determination as to whether a project involves controlled technology, if a TCP is needed or if a license is required (b) establishes a monitoring and visitation timeline in order to visit and audit key campus functional areas and PIs as to their respective oversight activities. The UECO will document discussion content as well as recommended improvements and follow-up on progress at the next visit. Any serious breaches in protocol or deviations from the ECMP that are detected during the visit will be reported immediately to the EO:OSP/ED for implementation of a mitigation strategy (c) Identifies areas at SIT relative to research and other activities that are impacted by export control regulations; (d) Develops control procedures to ensure the university remains in compliance; (e) Recommends procedures to the senior SIT administration to strengthen SIT compliance; (f) Educates inventors, principal investigators, center directors, and academic unit heads about export control regulations and procedures followed at SIT; (g) Educates other units within SIT such as Finance, Purchasing, Travel, International programs, Human Resources, and Academic Entrepreneurship about export control regulations and procedures followed at SIT; (h) Monitors and interprets legislation; (i) Works with other on campus to facilitate understanding and compliance with export controls; 7 (j) Assists investigators, researchers and offices within SIT when research or research results are export controlled; (k) Seeks assistance from EO and SIT legal counsel when uncertain about classification and in filing license applications; (l) Develops a Technology Control Plan (“TCP”) for each export-controlled project consistent with these procedures to aid the principal investigator (“PI”) in meeting his/her export control responsibilities; (m) Conduct training for the university community and coordinate the maintenance of an export controls website, or the export controls section of the OSP website; and, (n) Liaison with EOs or UECOs of other universities who may be involved in multiinstitutional research projects ii. University Export Control Officer – responsibility monitoring The UECO reports to the EO: OSP/ED who shall monitor activities and performance by means of a monthly meeting and a quarterly report of activities in order to identify and assess potential areas in need of strengthening and improvement. 3. i. OFFICE OF SPONSORED PROGRAMS – assigned responsibilities The OSP provides assistance and expertise with export controls by working closely with the UECO and EO: OSP/ED in identifying export control issues and providing support for their solution. The OSP: (a) Provides assistance to PIs in reviewing the terms of a sponsorship agreement or grant to identify restrictions on publication and dissemination of the research results, and to negotiate such restrictions out of the agreement; (b) Completes Export Control Checklists (including pre-and postaward) for every project and sends them to the UECO for review if export controls issues are indicted or likely; (c) Is responsible for maintaining a centralized database of all documentation relating to a research project or education activity; and (d) Coordinates with the PIs and the UECO to ensure that foreign nationals will be isolated from participation in an export-controlled project in accordance with the TCP, unless the university applies for and obtains a license from the appropriate federal agency ii. OFFICE OF SPONSORED PROGRAMS – responsibility monitoring OSP reports to the EO:OSP/ED who shall monitor activities and performance by means of a monthly meeting that includes the Preaward and Postaward managers and the 8 UECO and a quarterly report of inter-related activities in order to identify and assess potential areas in need of strengthening and improvement. 4. i. KEY UNIVERSITY MANAGERS – assigned responsibilities Academic deans, directors, and department heads share the responsibility of overseeing export control compliance in their respective schools, departments, centers, or institutes and supporting the UECO in implementing procedures as deemed necessary by the UECO for export control compliance. Additionally, directors of other offices or units on campus including, but not limited to: Finance, Risk and Safety Oversight Task Force, Human Resources, International Programs, Academic Entrepreneurship, Travel and SERC (and other centers) share the responsibility of overseeing export control compliance in their units and supporting the UECO in implementing procedures as deemed necessary by the UECO for export control compliance. ii. KEY UNIVERSITY MANAGERS – responsibility monitoring The UECO shall establish a monitoring and visitation timeline in order to visit and audit key campus functional areas as to their respective oversight activities. The UECO will document discussion content as well as recommended improvements and follow-up on progress at the next visit. 5. i. PRINCIPAL INVESTIGATOR -- assigned responsibilities PIs have expert knowledge of the type of information and technology involved in a research project or other university activity, such as presenting at conferences, and discussing research findings in class with fellow researchers or collaborators. PIs must ensure that they do not disclose controlled information or transfer controlled articles or services to a foreign national without prior authorization as required. To meet his/her obligations, each PI: (a) Must understand his/her obligations under export controls, and participate in regular trainings to help her/her identify export control issues; (b) Must assist the UECO to classify the technology involved in the research or other university activity; (c) Identify foreign nationals that may be involved and, if export control is likely, initiate the process of clearing foreign national participation well in advance to ensure that a license is obtained in a timely manner, or implement proper measures to isolate foreign nationals from participation; 9 (d) Must if undertaking an export controlled project, brief the students and other researchers involved in the project of their obligations under export controls; and (e) Cooperate with the UECO in developing the TCP for which the PI has the responsibility to follow and implement. The TCP is located at Appendix C ii. PRINCIPAL INVESTIGATOR – responsibility monitoring The UECO shall establish a monitoring and visitation timeline in order to visit and audit individual PIs as to their respective oversight activities, including maintenance of any developed TCPs. The UECO will document discussion content as well as recommend improvement and follow-up on progress at the next scheduled meeting. Any serious breaches in protocol or deviations from the ECMP that are detected during the visit will be reported immediately to the EO: OSP/ED for implementation of a mitigation strategy. B. MAINTAINING AND DISTRIBUTING THE EMCP DESCRIPTION AND MANUAL An official electronic copy of the EMCP Program and Manual will be maintained in the Office of Sponsored Programs by the Executive Director/Empowered Official. The UECO has primary responsibility to ensure that the EMCP Program and Manual is updated and distributed annually every July. Also, the EMCP Program and Manual may be found posted on the OSP Website: http://www.stevens.edu/osp/export/start.html. Updates made prior to July will be distributed and posted as necessary. C. COMPLIANCE TRAINING Training is one of the critical elements of the university’s export management and compliance program. Because export control regulations change and technologies and their end-users are continually evolving, it is essential for the university to include a training component the Export Management and Compliance Program. The greatest risk of non-compliance of export laws and regulations occurs during casual conversations in person, on the telephone, or via email. Informed users minimize the likelihood that inadvertent violations of export laws and regulations will occur. Ambiguities can lead to confusion which could contribute to an export violation. An important component of the EMCP is the effective communication of policy and procedures to all employees. Anyone involved in export-related functions, including top management, faculty, staff, contractors, consultants, and even student workers should fully understand export compliance responsibilities as they might relate to their responsibilities. SIT will provide these employees with sufficient training in order to ensure they possess a working knowledge of current export control regulations as well as the specific requirements of the company’s 10 EMCP. By ensuring that function-specific elements are considered while developing the EMCP, SIT will develop and maintain a Program that is clearly understood by all employees. That understanding will include the awareness of the importance of their roles as it relates to the university and to the nation. The UECO will prepare updated training materials and will ensure that employees or students engaged in an export controlled project receive the appropriate briefing and will be required to take mandatory on-line training http://www.stevens.edu/osp/coi/citi.html The UECO will also maintain records of training or briefings provided. General export control information and presentations will be available for the university community online at the following link: http://www.stevens.edu/osp/export/start.html. Academic deans, directors, or department heads will assist the UECO in implementing the export control training sessions or briefings relative to their respective schools, departments, centers, or institutes. In addition, the directors of other offices or units on campus including, but not limited to : Finance, Risk and Safety Oversight Task Force, Human Resources, International Programs, Academic Entrepreneurship, Travel and Systems Engineering Research Center (SERC) will assist the UECO in implementing the export control training sessions or briefings relative to their units. D. EXPORT CONTROL ANALYSIS Export control analysis for sponsored research begins when a PI submits a proposal, receives an award, or changes the scope of an existing project. INITIAL REVIEW OSP performs the initial review by completing the Export Control Checklists in Appendices A and B. OSP will look for the following items as ‘red flags’ that might indicate possible export control issues: References to U.S. export regulations (beyond a mere statement to comply with the law); Restrictions on publication or dissemination of the research results; Pre-publication approval from the sponsor; Proprietary or trade secret claims on project results; Involvement of foreign sponsors or collaborators; Travel, shipping, or work performed outside the U.S.; Military applications of the project results; or 11 Funding from the Department of Defense, the Department of Energy, the Army, the Air Force, the Office of Naval Research, NASA, the National Reconnaissance Office, or other U.S. defense related agencies FINAL REVIEW If the initial review indicates a possible export controls issue, the project will be referred to the UECO for final review. Upon completing the final review, the UECO will advise the PI concerning the export controls which might apply to the project, the restrictions on access by foreign persons, and any other relevant requirements pursuant to ITAR and EAR. E. TECHNOLOGY CONTROL PLAN (TCP) DEVELOPMENT If the UECO determines a project is export controlled, the UECO will work with the PI to develop and implement a TCP to secure the controlled technology from access by unlicensed non-U.S. citizens. A sample TCP is included as part of this Program in Appendix C. http://www.stevens.edu/osp/export/start.html. The UECO will work with the PI to develop and complete the TCP as needed. TRAINING AND CERTIFICATION Before any individual may observe or access the controlled technology, he/she must be briefed on the procedures authorized under the TCP, certify his or her agreement to comply with all security measures outlined in the TCP. . Appendix D contains a template for the TCP and the briefing . If an award is received, regardless of the project’s nature, each PI will receive a PI Memo describing export controls. An example of the PI Memo is included as Appendix E. http://www.stevens.edu/osp/export/start.html. F. THE LICENSE PROCESS AND PROCEDURES All licenses for the export of controlled technology as described in the ITAR and EAR and as controlled by OFAC, will be the responsibility of the Empowered Official. The EO will advise the Provost of each circumstance that is determined to require a license. The EO has authority to represent the university before the export control regulators in matters related to registration, licensing, commodity jurisdiction requests, negotiations, or voluntary 12 disclosures. While certain oversight functions may be delegated, only the EO has the power to sign such paperwork and bind the university in any proceeding be DDTC, BIS, OFAC, or any other government agency with export control responsibilities. G. LICENSE EXCEPTION/EXEMPTION RELATED TO TRAVEL OUTSIDE THE U.S. Any travel or transmission to destinations outside the U.S. may trigger export control regulations. A license may be required depending on which items are taken, which countries are visited, or whether defense services are provided to a foreign person. However, an exception of exemption from license requirement may exist. A Licence Exception 1 may be available for EAR controlled items, technology, or software if the individual travelling outside the U.S. can certify that he/she meets the criteria of the available exception. An example of the Checklist for qualification is included in Appendix F. A License Exemption 2 may be available to ITAR controlled technical data transmitted outside the U.S. if the individual transmitting/sending the technical data can certify that he/she meets the criteria of the available exemption. An Example of the Checklist for qualification is included in Appendix G. Other exceptions and exemptions may be available. Anyone intending to travel or transmit controlled data outside the U.S. should first consult with the UECO. All exceptions or exemptions must be documented with the OSP and the record maintained for at least five years after the termination of the project or the travel return date. Certification forms are located on the OSP website at Appendix H. http://www.stevens.edu/osp/export/start.html. H. FOREIGN NATIONALS The presence of a large graduate student and postdoctoral fellow community of foreign nationals poses significant challenges for the institution as it regards compliance with export control regulations. While the university desires to provide the best educational and research experience for all faculty, students and other research-related employees; this must be balanced against the responsibility levied by the government as it pertains to protecting and managing the export of controlled technology. The UECO will be apprised by OSP of any circumstances where the potential exists for an export control issue. As previously described in Section III (A) (2) of this Program, the UECO will review 1 2 See 15 C.F.R. § 740.1 See 22 C.F.R § 125.4 13 the Checklists generated by the OSP Specialists in order to determine if a project is, or will be, restricted in such a way that the presence of foreign nationals is prohibited. If such a circumstance is indicated, the UECO will initiated a dialogue with the PI, or Project Manager, in order to ensure understanding that the project may not include any foreign nationals, to ensure a TCP is developed, and to ensure that all research personnel understand the issues of compartmentalizing the restricted research from other department/project activities. All communication, dialogue and exchanges with project personnel will be documented and maintained in the relevant project files. This documentation will be maintained for five years. I. MAINTENANCE OF RECORDS SIT’s policy is to maintain export-related records on both a project and an individual basis, depending on the circumstances. If there is a specific and discreet project to which the export activity can be related, then all export documentation relevant to that project will be maintained in the project file. However, it will be the case that some export-related documentation, such as analysis of whether the burden has been met to qualify for the FRE and the exemption certification for carrying laptops abroad, will be specific to individuals. Unless specified otherwise, all records shall be retained no less than five years after the project’s TCP or license termination date, whichever is later. If ITAR-controlled technical data is exported under an exemption, certain records of the transaction must be kept even beyond the standard five year period.3 Those records must include: A description of the unclassified technical data; The name of the recipient/end-user; The date/time of export; The method of transmission (e.g., email, fax, telephone, FedEx); and The exemption under which the export qualified Information which meets the criteria of being in the public domain, being educational information, or resulting from Fundamental Research is not subject to export controls under the ITAR as qualifies for an exception; however, it is SIT’s policy that all documentation for these analyses be maintained for five years after the analysis has been done. In the event of any audit, this demonstrates that an assessment was done to determine the designation of exemption or exception. 3 See 22 C.F.R §§ 122.5 and 123.26 14 BIS has specific record-keeping requirements.4 Generally, records required to be kept by EAR must be kept for a period of five years from the project’s termination date. However, if BIS or any other government agency makes a requires for such records following a voluntary selfdisclosure, the records must be maintained until the agency concerned provides written authorization concerning the records’ release. Responsibility for records: Office of Sponsored Programs EAR Annual Certifications for travelling abroad with a laptop EAR Temporary Export of Beta-Test Software EAR Temporary exhibitions, demonstrations, replacement parts and broadcast material EAR baggage Fundamental Research Decision Matrix Checklist for consideration of information in the public domain OSP Routing Form License Applications License Approvals Documentation of any investigations or correspondence with a government agency Proposal memo PI memo UECO recordkeeping includes: Project Technology Control Plans Log of all random-sample reviews of existing TCPs Confirmation and record of all training presentations All documentation generated by the UECO in pursuit of that individual’s designated duties Documentation of all conversations and meetings with PIs and other research-related personnel regarding export control responsibilities PI “Shipment of U.S. Origin Items to Foreign Recipient” Copies of shipping documents, i.e. fed ex bill of lading, etc. TCPs SIT Internal Auditing Documentation of any investigations of alleged violations 4 See 15 C.F.R.§ 762.6 15 SIT Legal Counsel Documentation of any legal action, including but not limited to, filings, notices, settlements J. MONITORING AND AUDITING In order to maintain SIT’s export compliance program in good order and to ensure consistent adherence to U.S. export laws, the UECO may conduct internal reviews of TCPs at any time and as needed. In any event, the UECO will conduct a 10% random-sample review of current, unexpired TCPs each fiscal year. This is in addition to the monitoring and visitation timelines already discussed in Section III (A)(2)(i) The purpose of the review is: Identify possible violations; and Identify deficiencies in training, procedures, etc., that can be corrected K. DETECTING AND REPORTING VIOLATIONS It will be the policy of SIT to voluntarily self-disclose violations as required and identified. All federal agencies have dramatically increased the investigation in and successful prosecution of export regulation violations. The penalties for these violations can be very severe, including personal liability, monetary fines, and imprisonment. However, government agencies assign great weight to voluntary self-disclosures as a mitigating factor. Any individual who suspects a violation has occurred must immediately notify the Empowered Official in the OSP, and only the Empowered Official. The EO will notify the Vice-Provost of Research and send an initial notification about the suspected violation to the appropriate government agency.5 The initial notification advisement will contain: Precise description of the nature and extent of the violations; Exact circumstances surrounding the violations(s); Complete identities and addresses of all individuals and organizations, involved in the questioned activities; Export license numbers, if applicable; USML or CCL identifications Description of any corrective actions already undertaken; and Name and address of the person(s) making the disclosure and a point of contact 5 For EAR violations, see 15 C.F.R. § 764.5. For ITAR violations, see 22 C.F.R. § 127.12 (c). 16 The Vice-Provost will authorize a member of the SIT Internal Audit function to conduct an internal review of the suspected violation by gathering information about the circumstances, personnel, items, and communications involved. Once the review is complete, the circumstances will be reviewed with the EO, General Counsel and the Vice-Provost and the EO will provide the government agency with a supplementary letter that contains a narrative account of the institution’s findings. Once the agency has been notified, about either the initial advisement or the results of the subsequent discoveries, the EO will follow the government agency’s instructions. L. CORRECTIVE AND DISCIPLINARY ACTIONS Recognizing the seriousness of non-compliance with export controls, SIT will address noncompliance in accordance with the SIT Faculty Handbook at section entitled “Dismissal, Suspension, or Other Sanctions.” Further, all SIT employees responsible for export control compliance or participating in export-controlled projects must be aware of the substantial criminal and civil penalties imposed for violation of the export regulations including personal liability, monetary fines and imprisonment. M. EMPLOYEE PROTECTION In accordance with University Policy entitled “Conscientious Employee Disclosure Policy,” no individual shall be punished solely because he or she reported what was reasonably believed to be an act of wrongdoing or export control violation. However, a SIT employee will be subject to disciplinary action if the employee knowingly fabricated, knowingly distorted, or knowingly exaggerated the report. APPENDIX MATERIAL FOR “Export Control Management Program” follows: A. B. C. D. E. F. G. H. OSP Preaward Checklist OSP Postaward Checklist Technology Control Plan UECO template for TCP briefing and certification PI memo - issued for every SIT award EAR exception checklist-TMP laptops etc (and annual) ITAR exemption checklist – Checklist for consideration of information in the public domain Various other checklists and certifications 17 Appendix A PROPOSAL PROCESSING Export Control Review (This form must be completed and kept on file for 5 years from the date of completion) A. Using Visual compliance, proposal specialist will run a Restricted Party Screening check of PIs and Co-PIs, including consultants or other key individuals pertinent to the proposal. A screening of subcontractors will be done at the award stage. Choose appropriate category in the drop-down menu under Comments and add the OSP proposal number. Reviewer will initially screen at “Fuzzy Level 2.” If there is a ‘hit,’ reviewer will then run an “Exact” screen. If there is a ‘hit’ on an “Exact” screen, print, and take to UECO for further review and determination. YES NO TBD/UNK A.1. A Restricted Party Screening has been completed on the pertinent individuals as mentioned above in “A.” NOTE TO FILE: Names of everyone screened: B. Proposal specialist will review the information in the proposal packet as well as guidelines/RFP/BAA or other solicitation or program announcement for export control issues and indicate appropriate response to each question. The section/instruction in the program guideline that elicits a “YES” response should be marked for additional review by the UECO. If nothing is found in the program guideline, mark “NO” as the response to the question. YES NO TBD/UNK B.1. Is there a reference to the export regulations beyond a mere adherence to the law, i.e., does it say the project/research is export controlled? B.2. Is there a requirement that the sponsor must approve foreign nationals on the project, or that no foreign nationals are allowed? B.3. Does the research project have an obvious military nature/does it include research for homeland security? B.4. Does the sponsor have to APPROVE PI’s publication? (Sponsor review of publications is OK – approval is not as the FRE is lost) B.5. Is there a foreign sponsor or foreign collaborator(s)? B.6. Will items/technology be shipped/transmitted outside the U.S.? B.7. Will the PI travel to a conference outside the U.S, or is the project outside the U.S.? (It might be the case that the answer to this is unknown at this time) B.8. If “YES to B.7. above, is travel to Cuba, Iran, North Korea, Sudan, or Syria? B.9. If “NO/TBD/UNK” to B.8 above, PI will get export control memo from Postaward at award & no further review needed B.10. If “YES” to both B.7. and B.8 above, the UECO MUST review If “YES” to any question above, Preaward Manager will make a notation of the possible export issues in the “Export Control” section of the Routing Form. If travel/shipping/transmitting outside the U.S. is indicated, the Preaward Manager will note country (if known). Reviewer should consider content and implications of any “YES” responses and notify UECO if warranted. COMMENTS/NOTES: Preaward reviewer: Date: 18 Proposal #: Appendix B POSTAWARD PROCESSING Export Control Review Checklist for Postaward Negotiators (This form must be completed and kept on file for five years from the date of completion) Principal Investigator: Sponsor Name: Project Title: A. Does the Statement of Work or Agreement contain any language, including a Federal Acquisition Regulation (FAR) clause that: YES NO TBD/UNK A.1. Gives the sponsor the right to approve/disapprove publications (excluding reasonable reviews for possible patents and/or sponsor proprietary information)? A.2. References U.S. export regulations or security restrictions (beyond a mere statement to comply with the law)? A.3. Prohibits the involvement of non-U.S. persons or persons from certain countries or requires prior approval from the Sponsor? A.4. Prohibits access to project materials/data/information by non-U.S. citizens? A.5. Allows the Sponsor to claim resulting information as proprietary or trade secret? A.6. Restricts the dissemination of research results? If “YES” is indicated for any questions A.1.-A.6., the fundamental research exclusion may be lost. Please review for export control issues and check with the UECO if you have questions. Include any comments in the “COMMENTS” box below and/or attach any relevant emails YES NO TBD/UNK B. Does the project involve travel outside the U.S.? (All PIs receive the PI Memo that references export issues related to travel, but if the destination country is Cuba, Sudan, Iran, North Korea, or Syria, check with the UECO) C. Does the PI plan to ship or take project equipment/technology outside the U.S.? (If “YES,” contact the UECO – a license may be required) COMMENTS/NOTES: Postaward reviewer: Date: Award #: 1. Use this form for: 1) New awards, 2) Amendments with change in SOW or new task order, 3) Teaming Agreements & MOU’s with foreign entity; and 4) Action on awards without an existing Checklist. 2. Form not needed for actions on awards with existing checklist UNLESS circumstances change within the project description and execution that would indicate export controls might be applicable. 19 Appendix C Project Technology Control Plan (TCP) Template (This form must be completed and kept on file for 5 years from the date of completion) This project/activity involves the use of Export-Controlled Information (ECI). As a result, the project/activity comes under the purview of either the State Department’s International Traffic in Arms Regulations (ITAR) at http://pmddtc.state.gov/regulations_laws/itar_official.html , or the Department of Commerce’s Export Administration Regulations (EAR) http://www.access.gpo.gov/bis/ear/ear_data.html. Links to information about EAR and ITAR regulations can also be found on Stevens’ Office of Sponsored Programs (OSP) website It is unlawful under the EAR or ITAR to send or take Export-Controlled items or information out of the U.S. This includes disclosing information orally or visually, or transferring export-controlled items or information to a foreign person inside or outside the U.S. without proper authorization. Under the ITAR or the EAR, an export license may be required for foreign nationals to access Export-Controlled Information. A foreign person is a person who is not a U.S. citizen or permanent resident alien of the U.S. The law makes no exceptions for foreign graduate students. Pertinent technical information, data, materials, software, or hardware, i.e.; technology generated from this project, must be secured from use and / or observation by unlicensed non-U.S. citizens. Security measures will be appropriate to the classification involved. In order to prevent unauthorized exportation of protected items / products, information, or technology deemed to be sensitive to national security or economic interests; a Technology Control Plan (TCP) may be required. If so, this is a basic template for minimum elements of a TCP. 20 Technology Control Plan (TCP) In accordance with Export Control Regulations (EAR and ITAR), a Technology / Export Control Plan (TCP) is required in order to prevent unauthorized exportation of protected items / products, information, or technology deemed to be sensitive to national security or economic interests. This is a basic template for minimum elements of a TCP. Date: Title of Sponsored Project or Activity: Responsible Individual (Project Manager, Principal Investigator (PI): Stevens’ lab address: Stevens’ phone number: Stevens’ email address: Technical Description of Item, Technology, Equipment, Software to be transferred: 1. Physical Security Plan: (Project data and/or materials must be physically shielded from observation by unauthorized individuals by operating in secured laboratory spaces, or during secure time blocks when observation by unauthorized persons is prevented. This would pertain to laboratory management of “work in progress.”) (a) LOCATION (in the block provided below, describe the physical location of each sensitive technology and include building names and room numbers. A diagram of the location is requested) (b) PHYSICAL SECURITY (in the block provided below, provide a detailed description of your physical security plan designed to protect your item/technology from unauthorized access, i.e., secure doors, limited access, security badges, CCTV, etc.) (c) PERIMETER SECURITY PROVISIONS (in the block provided below, describe perimeter security features of the location of the protected technology or item) 2. Information Security Plan: (Appropriate measures must be taken to secure controlled electronic information, including User ID’s, password control, SSL or other approved encryption technology. Database access must be managed via a Virtual Private Network (VPN), allowing only authorized persons to access and transmit data over the internet, using 128-ibt Secure Sockets Layer (SSL) or other advanced, federal approved encryption technology.) 21 (a) STRUCTURE OF IT SECURITY (in the block provided below, describe the information technology (IT) setup or system at each technology or item location) (b) IT SECURITY PLAN (in the block provided below, describe in detail your security plan, i.e., password access, firewall protection plans, encryption, etc) (c) VERIFICATION OF TECHNOLOGY - ITEM AUTHORIZATION (in the block provided below, describe how you are going to manage security on export controlled materials in the case of terminated employees, individuals working on new projects, etc.) (d) CONVERSATION SECURITY (in the block provided below, describe how discussions about the project or work product are limited to the identified contributing investigators and are held only in areas where unauthorized personnel are not present. Discussions with third party subcontractors are only to be conducted under signed agreements that full respect the non-U.S. citizen limitations for such disclosures. Describe your plan for protection export controlled information in conversations) 3. Item Security Plan: (a) ITEM MARKING (in the block provided below, describe how export controlled information will be clearly identified and marked as such) (b) ITEM STORAGE (in the block provided below, describe item storage. Are soft and hard copy data, notebooks, reports and research materials stored in locked cabinets; preferably in room with key-controlled access? How will equipment or internal components and associated operating manuals and schematic diagrams containing “export controlled” technology to be physically secured from unauthorized access?) 4. Project Personnel: (clearly identify every person –including their national citizenship – who has authorized access to the controlled technology or item. Attach an additional sheet if needed) (a) Name and citizenship: (b) Name and citizenship: (c) Name and citizenship (d) Name and citizenship: (e) Name and citizenship: 22 5. Personnel Screening Procedures: (at a minimum you must review entities and denied parties lists published by the government. This can be done for you by the Empowered Official in the Office of Sponsored Programs at 201.216.8762.) (a) BACKGROUND CHECKS (in the block provided below, describe the types of background checks performed on persons with access to technologies or items, i.e., criminal, driver’s license, etc.) (b) THIRD PARTY CONTRACTORS (in the block provided below, describe security screening procedures for temporary employment agencies or contractors, etc.) 6. Training and awareness program (a) FOREIGN NATIONALS (in the block provided below, describe schedules and training for informing foreign national employees of technology access limitations) (b) U.S. EMPLOYEES (in the bloc provided below, describe training for U.S. employees with access to controlled technology areas) (c) SHIPPING ABROAD (in the bloc provided below, describe training for U.S. employees when items are shipped abroad. This includes notification to foreign recipient regarding potential re-export by means of SIT form entitled “Shipment of U.S. Origin Items to Foreign Recipient.” 7. Self-Evaluation Program (a) SELF-EVALUATION SCHEDULE (in the block provided below, describe how often you plan to review and evaluate your TCP) (b) AUDIT CHECKLIST (in the block provided below, provide a checklist for items reviewed during the selfevaluation audits) (c) ACTION ITEM AND CORRECTIVE PROCEEDURES (in the block provided below, describe your process to address finding in your self-evaluation audits) 23 Certification on the Handling of Export-Controlled Information and Adherence to the Technology Control Plan (applies to all project personnel identified in the TCP) I understand I may be held personally liable for violations of the ITAR or EAR. I am aware that I should exercise care in using and sharing Export-Controlled Information with others. Controlled Information must be handled in accordance to the security plans and/or controls specified in the Technology Control Plan and only shared with authorized Project Personnel. In the absence of that clearance, Project Personnel should not leave Export-Controlled Information unattended. I understand both civil and criminal penalties may be imposed for unlawful export and disclosure of Export-Controlled Information up to and including incarceration. All fines and penalties are cumulative. I acknowledge that I have read the Stevens Technology Control Plan relating to this project and have discussed the procedures with my supervisor. I further acknowledge that I understand the procedures and agree to comply with the requirements. If I am serving as the PI, I agree to update this plan as required and as additional personnel are added to this project 1. Signature: Printed Name: Date: Title: 2. Signature: Printed Name: Title Date: 3. Signature: Printed Name: Date: Title: 4. Signature: Printed Name: Date: Title: 5. Signature of UECO: Printed Name: Date: Title: 6. Signature of SIT Empowered Official Date: Printed Name: Title: A. Retain copy for lab and department files after obtaining signature of Empowered Official B. Copy for Empowered Official 24 Appendix D1 Briefing and Certification on the Handling of Export-Controlled Information - Part II (This form must be completed and kept on file for 5 years from the date of completion) This project involves the use of export controlled information. As a result, the technology falls under the jurisdiction of either the International Traffic in Arms Regulations (ITAR) in the Department of State, or the Export Administration Regulations (EAR) in the Department of Commerce. It is unlawful under the ITAR to send or take export controlled information out of the U.S.; disclose, orally or visually, or transfer export controlled information to a foreign person inside or outside the U.S. without proper authorization. Under the ITAR or the EAR, a license may be required for foreign nationals to access export controlled information. A foreign person is a person who is not a U.S. citizen or permanent resident alien of the U.S. The law makes no exceptions for foreign graduate students. In general, export controlled information means activities, items, and information related to the design, development, engineering, manufacture, production, assembly, testing, repair, maintenance, operation, modification, demilitarization, destruction, processing, or use of items with a capacity for military application utility. Export controlled information does not include basic marketing information on function or purpose; generally system description; or information concerning general scientific, mathematical, or engineering principles commonly taught in schools, colleges and universities or information in the public domain. It does not matter if the actual intended end use of export controlled information is military or civil in nature. Researchers may be held personally liable for violations of the ITAR and EAR. As a result, you should exercise care in using and sharing export controlled information with others. Technical information, data, materials, software, or hardware, i.e.; technology generated from this project, must be secured from use and observation by unlicensed non-U.S. citizens. Both civil and criminal penalties may be imposed for unlawful export and disclosure of export controlled information up to and including incarceration. Security measure will be appropriate to the classification involved. Examples of security measured are (but not limited to): Physical Security – how will controlled technology be physically shielded from observation unauthorized individuals? Information Security – how will electronic controlled technology be protected? Item Security – how will items of controlled technology be stored and who will have access? Project Personnel – how will authorized personnel be identified? Personnel Screening Security – how will denied parties and third party contractors be screened? Conversations – how will discussions about the project or work products be limited to contributing investigators? Security Training – how will training be handled for authorized personnel regarding maintenance of security measures? Program Evaluation – how will evaluation of current security measures and programs be handled? Principal Investigator: Department/Institute/Center: Research Project Title: OSP Account Number: Sponsor Name: CERTIFICATION: I hereby certify that I have read and understand this Briefing, and that I understand and agree to follow the procedures outlined in the TCP. I understand that I could be held personally liable if I unlawfully disclose, regardless of form or format, export controlled information to unauthorized persons. Signature: Date: 25 Appendix F1 Temporary Imports, Exports, and Re-exports (TMP) (Laptops, PDAs, cell phones and digital storage devices) ONE-TIME SHIPMENT (This form must be completed and kept on file for 5 years from the date of completion) GENERAL –The Export Administration Regulations (EAR) at 740.9 provide a license exception for temporary 6 import, export and re-export of certain items. If needed, the Office of Sponsored Programs will provide a detailed analysis of the circumstances in order to determine if this exception applies; however, there are some situations that can be quickly assessed by means of the following checklist. This checklist (which also serves as a certification) summarizes the requirements for an export license exception for temporary export or overseas re-transfer of items or software. The checklist applies to all property, whether SIT-owned or not, whose shipment, hand-carry or re-transfer is under SIT’s direction. Before shipping, hand-carrying or retransferring any items or software abroad, you will need to file a certification to document this license exception; however, for frequent shipments of hand-carried SIT laptops, PDAs, cell phones or digital storage devices, an Annual Certification is available. This certification/checklist needs to be filed with SIT’s Office of Sponsored Programs by means of completing the certification/checklist shown below. Although there are other circumstances covered in 740.9 that could provide a temporary exception, the most common situation is when a Stevens’ faculty, staff or student takes a laptop, PDA, cell phone or jump drive out of the country while engaged in Stevens’ business. This assessment provides confirmation to the government that we have engaged in an analysis to determine our compliance responsibility regarding export control regulation. TOOLS OF THE TRADE 7 (laptops, PDAs, cell phones, digital storage devices) 1. Is the item considered a tool of the trade? 2. The exporter of this item must be a U.S. person. 3. Does this qualify as a temporary shipment? 4. Is the item being exported/carried to the Sudan, Cuba, Syria, North Korea, or Iran 8 YES NO Will this be the case? Tools of the trade must remain under the ‘effective control’ 9 of the exporter or exporter’s employee. Will this be the case? 6. Tools of the trade must accompany (either hand-carried or as checked baggage) a traveler who is a permissible user of this provision, or be shipped or transmitted to an eligible user of this provision by a method reasonably calculated to assure delivery to the permissible user of this provision. Will this be the case? EXPORTER NAME AND DATE: 5. Traveler’s name/country(ies) visited/dates: Temporary – must be returned to the country from which [items] were exported or re-exported as soon as practicable but…no later than one year from the date of export or re-export. EAR 740.9 7 Tools of the Trade – Usual and reasonable kinds and quantities of tools of trade for use in a lawful enterprise or undertaking of the exporter. 740.9(2)(i)(A) 8 U.S. person – any individual who is a citizen of the US, a permanent resident alien of the US, or a protected individual as defined by 8USC1324b 9 Effective control – retain physical possession of the item, or secure the item in such an environment as a hotel safe, a bonded warehouse, or a locked or guarded exhibition facility 772.1 6 26 Appendix F2 Temporary Imports, Exports, and Re-exports (TMP) (Laptops, PDAs, cell phones and digital storage devices) ANNUAL CERTIFICATION (This form must be completed and kept on file for 5 years fm the date of completion) GENERAL –The Export Administration Regulations (EAR) at 740.9 provide a license exception for temporary 10 import, export and re-export of certain items. If needed, the Office of Sponsored Programs will provide a detailed analysis of the circumstances in order to determine if this exception applies; however, there are some situations that can be quickly assessed by means of the following checklist. This checklist (which also serves as a certification) summarizes the requirements for an export license exception for temporary export or overseas re-transfer of items or software. The checklist applies to all property, whether SIT-owned or not, whose shipment, hand-carry or re-transfer is under SIT’s direction. Before shipping, hand-carrying or retransferring any items or software abroad, you will need to file a certification to document this license exception; however, for frequent shipments of hand-carried SIT laptops, PDAs, cell phones or digital storage devices, an Annual Certification is available. This certification/checklist needs to be filed with SIT’s Office of Sponsored Programs by means of completing the certification/checklist shown below. Although there are other circumstances covered in 740.9 that could provide a temporary exception, the most common situation is when a Stevens’ faculty, staff or student takes a laptop, PDA, cell phone or jump drive out of the country while engaged in Stevens’ business. The following items are specific to Annual Certifications for this TMP EAR exception: Certification is done on the device, not the person; thus, the laptop (etc.) certified is the only one for which the exception applies Annual Certification is done every year at the beginning of the Fall semester The carrier/exporter should always carry only a ‘clean’ device This assessment provides confirmation to the government that we have engaged in an analysis to determine our compliance responsibility regarding export control regulation. TOOLS OF THE TRADE 11 (laptops, PDAs, cell phones, digital storage devices) 1. Is the item considered a tool of the trade? 2. The exporter of this item must be a U.S. person. 3. Does this qualify as a temporary shipment? 4. Is the item being exported/carried to the Sudan, Cuba, Syria, North Korea, or Iran 5. Tools of the trade must remain under the ‘effective control’ 13 of the exporter or exporter’s employee. Will this be the case? Tools of the trade must accompany (either hand-carried or as checked baggage) a traveler who is a permissible user of this provision, or be shipped or transmitted to an eligible user of this provision by a method reasonably calculated to assure delivery to the permissible user of this provision. Will this be the case? Provide SIT inventory/tag number 6. 7. 12 YES NO Will this be the case? EXPORTER NAME AND DATE: Traveler’s name/country(ies) visited/dates: Temporary – must be returned to the country from which [items] were exported or re-exported as soon as practicable but…no later than one year from the date of export or re-export. EAR 15 CFR 740.9(1) 11 Tools of the Trade – Usual and reasonable kinds and quantities of tools of trade for use in a lawful enterprise or undertaking of the exporter. 740.9(2)(i)(A) 12 U.S. person – any individual who is a citizen of the US, a permanent resident alien of the US, or a protected individual as defined by 8USC1324b 13 Effective control – retain physical possession of the item, or secure the item in such an environment as a hotel safe, a bonded warehouse, or a locked or guarded exhibition facility 772.1 10 27 Appendix G Checklist for Consideration of Information in the Public Domain (This form must be completed and kept on file for 5 years from the date of completion) The submitter should use this checklist when engaging in an assessment of whether research can qualify for a basic exclusion/exemption/or exception because it might be in the ‘public domain.’ Public domain means information which is published and which is generally accessible or available to the public: CHECK AS MANY ITEMS AS APPLY YES NO Project title (and account number if known): 1. through sales at newsstands and bookstores 2. through subscriptions which are available without restriction to any individual who desires to obtain or purchase the published information 3. through second class mailing privileges granted by the U. S. Government 4. at libraries open to the public or from which the public can obtain documents 5. through patents available at any patent office 6. through unlimited distribution at a conference, meeting, seminar, trade show or exhibition, generally accessible to the public, in the U.S 7. through public release (i.e., unlimited distribution) in any form (e.g., not necessarily in published form) after approval by the cognizant U.S. government department or agency 14 8. through fundamental research in science and engineering at accredited institutions of higher learning in the U.S. where the resulting information is ordinarily published and shared broadly in the scientific community. Fundamental research is defined to mean basic and applied research in science and engineering where the resulting information is published and shared broadly within the scientific community, as distinguished from research the results of which are restricted for proprietary reasons or specific U.S. Government access and dissemination controls. University research will not be considered fundamental research if: (i) the University or its researchers accept other restrictions on publication of scientific and technical information resulting from the project or activity, or (ii) the research is funded by the U.S. Government and specific access and dissemination controls protecting information resulting from the research are applicable This assessment should be forwarded or shared with the appropriate Specialist in the Office of Sponsored Programs in order to substantiate the record-keeping responsibility and to confirm the exemption/exclusion/exception from export control licensure. 22 CFR 125.4(b)(13) – Technical data approved for public release (i.e., unlimited distribution) by the cognizant U.S. Government department or agency or Office of Freedom of Information and Security Review. The exemption is applicable to information approved by the cognizant U.S. Government department or agency for public release in any form. It does not require that the information be published in order to qualify for the exemption 14 28 Appendix H1 Checklist for Determining “Fundamental Research” (This form must be completed and kept on file for 5 years from the date of completion) The submitter should use this checklist when engaging in an assessment of whether research qualifies as “fundamental research” according to the description at 15 CFR 734.8. The intent behind this description is to identify as “fundamental research” basic and applied research in science and engineering, where the resulting information is ordinarily published and shared broadly within the scientific community. Such research can be distinguished from proprietary research and from industrial development, design, production, and product utilization, the results of which ordinarily are restricted for proprietary reasons or specific national security reasons as defined in 734.11(b). NOTE: the provisions of this checklist do NOT apply to encryption software controlled under http://www.bis.doc.gov/ ” reasons or to mass market encryption software with symmetric key length exceed 640bits Introductory statement: Research conducted by scientists, engineers, or students at a university normally will be considered fundamental research, as described in the following. NOTE: ‘University’ means any accredited institution of higher education located in the U.S. Project title (and account number if known): PLEASE RESPOND TO ALL OF THE FOLLOWING QUESTIONS YES NO 1. If the sponsor imposes prepublication review is it solely for the opportunity to ensure the publication would not inadvertently divulge proprietary information the sponsor has furnished to the researcher(s)? 2. If the sponsor imposes prepublication review is it solely to ensure that publication would not compromise patent rights, and involves no more than a temporary delay in publication of the research results? 15 3. Does the sponsor of the research have the right to disapprove, or withhold from publication some, or all, of the information provided by the researchers and proposed for publication or other dissemination? 4. Does the sponsor of the research impose other restrictions on publication, or other release, of scientific and technical information resulting from the project or activity? 16 5. Is the sponsor of the research the U.S. Government who has imposed specific national security controls as generally described and covered in 734.11? 6. Does the research qualify as “educational information” as described in 734.9? This assessment should be forwarded or shared with the appropriate Specialist in the Office of Sponsored Programs in order to substantiate the record-keeping responsibility and to confirm the exemption/exclusion/exception from export control licensure. Stevens’ Policy entitled “Openness in Research” defines a ‘short delay’ as a period not to exceed 90 days. NOTE: Even if restrictions have been imposed by the sponsor that would prevent the research as being described as ‘fundamental research,’ all “scientific and technical information resulting from the research will nonetheless qualify as fundamental research once all such restrictions have expired or been removed.” 735.8(b)(5). It is further noted that this release shall also apply to research funded by the U.S. government as referenced in #5. 15 16 29 Appendix H2 Export Controls QUICK DECISION MATRIX- Do export controls apply? (This form must be completed and kept on file for 5 years from the date of completion) This Decision Matrix provides a quick way to determine if your research might involve the application of export control oversight and possibly licensure. Complete the matrix and contact the Office of Sponsored Programs if you have any questions or need additional information or assistance. Export controls are extremely complex and under constant revision by the federal government. Our failure as an institution to heed the requirements of assessment and record-keeping carry significant penalties. YES NO Project title (and account number if known): 1. Is the Principal Investigator in charge of the research a U.S. Person? 17 2. Will any of the research be exported? 18 3. Is any of the research controlled on either ITAR or EAR? 4. Can any of the research be considered a ‘deemed export?’ 19 5. If the research will be shared or exported, do you have any reason to believe the technology will support the design, development, production, stockpiling or use of a nuclear explosive device, chemical or biological weapons or missiles? 6. Are you aware of any restrictive terms and conditions in the award document that will impose publication restrictions beyond a brief review? 7. Are you aware of any award terms and conditions that require sponsor review and approval prior to publication or presentation? 8. Have you previously signed a non-disclosure or confidentiality agreement that involved sharing proprietary information? 9. Can the research meet the definition of information in the public domain? 10. Can the research meet the definition of ‘basic research?” 20 “U.S. Person” means a person who is a lawful permanent resident as defined by * USC 1101 or who is a protected individual as defined by 8 USC 1324. “Export” means an actual shipment or transmission of items subject to the EAR or ITAR out of the United States, or release of technology or software subject to the EAR to a foreign national; disclosing (including oral or visual disclosure) or transferring technical data to a foreign person; and release of export-controlled technology and source code through transmission via email, fax, design and verbal correspondence 19 “Deemed Export” means the transfer, release or disclosure to foreign person in the United States of technical data about controlled commodities 17 18 “Basic Research” means a systemic study directed toward greater knowledge or understanding of the fundamental aspects of phenomena and observable facts without specific applications towards processes or products in mind. It does not include “Applied Research” (i.e., s systemic study to gain knowledge or understanding necessary to determine the means by which a recognized and specific need may be met. It is a systematic application of knowledge toward the production of useful materials, devices and systems or methods, including design, development and improvement of prototypes and new processes to meet specific requirements) 20 30 Appendix H3 Temporary Imports, Exports, and Re-exports TMP) (Export of Beta-test Software) (This form must be completed and kept on file for 5 years from the date of completion) GENERAL –The Export Administration Regulations (EAR) at 740.9 provide a license exception for temporary 21 import, export and re-export of certain items. If needed, the Office of Sponsored Programs will provide a detailed analysis of the circumstances in order to determine if this exception applies; however, there are some situations that can be quickly assessed by means of the following checklist. The provisions of this exception authorize exports and re-exports to eligible countries of beta-test software intended for distribution to the general public This certification/checklist needs to be filed with SIT’s Office of Sponsored Programs by means of completing the certification/checklist shown below. This assessment provides confirmation to the government that we have engaged in an analysis to determine our compliance responsibility regarding export control regulation. Beta-test Software 740.9(c) 1. 2. This exception does not apply to beta-test software being exported or re-exported to Cuba, Iran, or Sudan. Will this export/re-export involve any of these countries? The exporter of this item must be a U.S. person. 22 Will this be the case? 3. Does this qualify as a temporary shipment? 4. Does the exporter intend to market the software to the general public after completion of the beta-testing? 5. Importer Statement – prior to exporting or re-exporting any eligible software under this paragraph, the exporter or re-exporter must obtain the following statement from the testing consignee, which may be included in a contract, non-disclosure agreement, or other document that identifies the importer, the software to be exported, the country of destination, and the testing consignee. YES NO “We certify that this beta test software will only be used for beta testing purposes, and will not be rented, leased, sold, sublicensed, assigned, or otherwise transferred. Further, we certify that we will not transfer or re-export any product, process, or service that is the direct product of the beta test software.” 6. 7. Will this be done? All exported beta test software must be destroyed abroad or returned to the exporter within 30 days of the end of the beta test period or within 30 days of completion of the consignee’s role in the test. Will this be done? Notification of beta test encryption software – encryption software eligible under this license exception, must, by the time of export or re-export be reported by means of an email to BIS at crypt@bis.doc.gov and to the END Encryption Request Coordinator at enc@nsa.gov. Will this be done? EXPORTER NAME AND DATE: 8. Describe how the requirements shown at #6 in this checklist will be met. Temporary – must be returned to the country from which [items] were exported or re-exported as soon as practicable but…no later than one year from the date of export or re-export. EAR 15 CFR 740.9(1) 22 U.S. person – any individual who is a citizen of the US, a permanent resident alien of the US, or a protected individual as defined by 8USC1324b 21 31 Appendix H4 Temporary Imports, Exports, and Re-exports TMP) (Exhibitions, Demonstrations, Replacement Parts and Broadcast Material) (This form must be completed and kept on file for 5 years from the date of completion) GENERAL –The Export Administration Regulations (EAR) at 740.9 provide a license exception for temporary 23 import, export and re-export of certain items. If needed, the Office of Sponsored Programs will provide a detailed analysis of the circumstances in order to determine if this exception applies; however, there are some situations that can be quickly assessed by means of the following checklist. The provisions of this exception authorize exports and re-exports to eligible countries of beta-test software intended for distribution to the general public This certification/checklist needs to be filed with SIT’s Office of Sponsored Programs by means of completing the certification/checklist shown below. This assessment provides confirmation to the government that we have engaged in an analysis to determine our compliance responsibility regarding export control regulation. Exhibitions/Demonstrations/Replacement Parts YES NO 1. 2. 3. 4. 5. This exception does not apply to replacement part kits exported to Cuba, Iran or Sudan. Will this export/re-export involve any of these countries? The exporter of this item must be a U.S. person. 24 Will this be the case? Replacement part kits must remain under the effective control 25 of the exporter or an employee of the exporter and all part in the kit are returned, except that one-for-one replacements may be made. Will this be the case? Material exported for exhibition and demonstration may not be shipped to Cuba, Iran, North Korea, Sudan or Syria. Will any material shipped for this exhibition or demonstration be sent to these countries? Material may not be exhibited or demonstrated at any one site more than 120 days after installation and debugging. Will the exhibition exceed this length of time? EXPORTER NAME AND DATE: Describe any special circumstances Temporary – must be returned to the country from which [items] were exported or re-exported as soon as practicable but…no later than one year from the date of export or re-export. EAR 15 CFR 740.9(1) 24 U.S. person – any individual who is a citizen of the US, a permanent resident alien of the US, or a protected individual as defined by 8USC1324b 25 Effective control – retain physical possession of the item, or secure the item in such an environment as a hotel safe, a bonded warehouse, or a locked or guarded exhibition facility 772.1 23 32 Appendix H5 Baggage(BAG) (This form must be completed and kept on file for 5 years from the date of completion) GENERAL – This license exception authorized individuals leaving the U.S. either temporarily (i.e., traveling) or longer-term (i.e., moving) to take to any destination, as personal baggage the classes of commodities, software and technology described in this section. BAGGAGE 26 1. The exporter of this item must be a U.S. person. 2. Commodities or software qualified under this exception must be for personal use. Will this be the case? Commodities or software exported or re-exported qualifying for this exception must be brought back to the U.S. unless they are consumed. Will this be the case? Commodities or software exported or re-exported and qualifying for this exception must be owned by the exporter. Will this be the case Commodities or software exported or re-exported and qualifying for this exception must be necessary and appropriate for the use of the U.S. person; not intended for sale or other disposal; and not exported under a bill of lading as cargo. Will this be the case? Individuals departing the U.S. may ship unaccompanied baggage on a carrier other than that on which the individual departs. Unaccompanied shipments under this License Exception shall be clearly marked “BAGGAGE.” Will this be the case? Will the unaccompanied shipment be for chemical and/or biological weapons, missile technology, national security, encryption items or nuclear nonproliferation items; or will these same items be shipped unaccompanied to Country Groups D:1; D:2; D:3; D:4; or E:1? 3. 4. 5. 6. 7. 8. 9. YES NO YES N/A Will this be the case? A U.S. citizen or permanent resident alien of the U.S. may use this license exception to export or re-export encryption commodities and software to any destination not in Country Group E:1 (i.e., North Korea, Iran, Cuba, Syria, or Sudan) that are subject to EI controls on the Commerce Control List. Does this apply to this shipment? An exporter other than a U.S. citizen or permanent resident alien of the U.S. who is not a national of Country E:1 (i.e., North Korea, Iran, Cuba, Syria, or Sudan) may also use this license exception to export or re-export encryption commodities and software to any destination not in Country Group E:1. Does this apply to this shipment? EXPORTER NAME AND DATE: Traveler’s name/country(ies) visited/dates: U.S. person – any individual who is a citizen of the US, a permanent resident alien of the US, or a protected individual as defined by 8USC1324b 26 33 34