You are here

Technology Control Plans & Licenses

If export control regulations apply to a research project, the principal investigator is expected to work with the Export Control Program (ECP) to develop an appropriate management plan. The ECP uses the following to manage export controlled technology and to reduce the potential for violations of export control regulations:

  • Technology Control Plans
  • Federal export licenses
  • Export license exceptions or exemptions

Always work with the U-M Export Control Program to confirm whether you need a Technology Control Plan, a federal export control license or if a license exception or exemption might apply. 

Technology Control Plans

A Technology Control Plan (TCP) is the university's internal management plan for how export controlled technology will be secured and managed. A TCP specifies the security measures that will be used by the research team from the point that the technology is delivered to or generated by U-M to the return or disposal of the technology when the project is completed.

“Technology” includes, but is not limited to, certain types of export controlled:

  • Equipment (including systems and components)
  • Software (source/object code)
  • Materials and substances
  • Services (e.g., training, instruction)
  • Data or information about an item or material
  • Funds (e.g., payments

​TCP's are created and stored within the eResearch Proposal Management (eRPM) system. To request a TCP, please contact [email protected].

Security Measures

Receipt and Transmission Security - Description of methods for securing export controlled technology during receipt, transmission or transport.

Physical Security - Describe methods to:

  • Physically secure space in which export controlled technology (physical items and hard copy documents) are housed
  • Physically secure space in which computers used to receive, process, and store export controlled electronic information are housed
  • Restrict access to spaces to only authorized persons

​IT Security - This includes methods for securing electronic export controlled information:

  • Access controls (e.g., user ID/password authentication, firewall, encryption)
  • Storage and transmission
  • Device configuration and management

Use this Guidance for the TCP Security Checklist, as an aid to complete the TCP smartform in eRPM.

Download the Excel TCP Security Checklist, to help you complete the IT Security section of the TCP smartform in eRPM.

Conversation Security - Provide a detailed description on how to prevent conversations regarding export controlled technology from being overheard by an unauthorized person.

Marking of export controlled technology - Properly mark/label export controlled technology. For more information see the Examples of Markings for Export Controlled Information, Materials and Equipment.

Disposing of export controlled technology - How the export controlled technology will be securely disposed of, or returned upon completion or termination of the project.

Personnel Certification

The TCP lists the principal investigator, information technology (IT) manager, department chair, the dean of the U-M school, college, or organization, and any participating investigators on the project. 

  • All research participants (scientific or administrative) must identify and verify their citizenship
  • All participating personnel will be checked against international export sanction lists
  • All participating personnel must complete export controls training

TCP Review Process

The U-M Export Controls Review Committee (ECRC), reviews Technology Control Plans on a case-by-case basis. Once the research team has completed the TCP, the TCP is sent to the ECRC for review and approval. Once approved by the ECRC, the TCP is sent to the research team for signatures.

Annual TCP Reviews 

Active Technology Control Plans are reviewed annually. The TCP Annual Review is a rolling process where a Qualtrics form is sent to the PI of any TCP that has been untouched for more than 12 months. If there are changes to the TCP, then a TCP Amendment will be processed.

Federal Export Licenses

A federal license may be required to export (i.e., physically or electronically ship, transmit, transfer, or share) ITAR or EAR controlled items from the U.S. to foreign countries, persons, or entities. In general, a license application:

  • Lists the items/information being exported
  • Identifies the use of the item or information
  • Identifies who will use the item(s) or information
  • Identifies the individuals or entities in the chain of custody prior to the item(s) or information reaching its destination or the end user
  • Indicates the value of the item(s) or information

The license represents approval from the regulatory agencies to export the specific items. A license can be revoked if the individual is found in violation of the export controls regulations.

Plan ahead if you need to apply for a license; it takes time to complete the detailed application. Upon application submission, it may take 14 – 60 days to receive a license from a regulatory agency. 

Export License Exemptions and Exceptions

Your export controlled technology may qualify for a license exception or exemption under the federal export control regulations. There are a variety of license exceptions and exemptions available in the federal regulations, each of which has its own set of requirements. If you can satisfy those requirements, your technology may qualify for a license exception or exemption and you may be able to export the controlled technology without the need to apply for an export license.

 

References and Resources

Questions?

Questions?  Contact the Export Controls Office at:  [email protected]