Technology Control Plan
The Office of Export and Secure Research Compliance (OESRC) supports Virginia Tech's commitment to complying with U.S. laws and regulations applicable to export and trade sanctions. OESRC works with the Office of Sponsored Programs (OSP) and other university departments to ensure compliance with regulations promulgated by the regulatory agencies, including but not limited to the Department of State, Department of Commerce, and the Department of the Treasury.
If an export assessment determines that an activity is subject to these regulations, OESRC will assist the affected party in setting up security measures and protocols needed to ensure compliance with export and sanction regulations through the establishment of a Technology Control Plan (TCP) or other certification document.
The Technology Control Plan details the export control classification, restriction on release of information, physical and information security protocols, project personnel requirements, annual certification, and closeout procedure.
OESRC will monitor project related activity throughout the life of the TCP and the Principal Investigator or TCP Custodian will be required to disposition all controlled items before closeout of the TCP.
Physical and Information Security Protocols
For general best security practices, please view our current Technology Control Plan Guidelines (requires Virginia Tech login).
Information Security protocols have been developed to comply with DoD Instruction 8582.01.
Existing personnel on a TCP can ensure best practices are being followed by Requesting a Lab Visit. OESRC will then come help you with your security protocols.
All personnel assigned to a restricted research project must meet the following:
- Sign Attachment A to the TCP
Completion Instructions are available for download here.
- Online screening by OESRC for nationality and restricted parties or embargoed organizations.
- Attend Restricted Research Training
- Guidelines for Graduate Students Engaging in Restricted or Classified Research: Handling of Exams, Theses and Dissertations
See additional Memo from Dean DePauw and Dr. Walters Re: Public Accessibility of Theses and Dissertations.
- Establish a compliant solution with respect to email
Email Notice 2/4/2013:
Virginia Tech has migrated to Google Apps for Education as its main email solution, while continuing to maintain the Virginia Tech Exchange Server. Google does not restrict information transiting its servers to U.S. only servers managed by U.S. Persons. As such, Google Mail service is not adequate for and cannot be used by Virginia Tech personnel to transmit or receive export controlled information.
Upon learning that Google Mail would not be export compliant, OESRC and the OVPR IT group approached Network Infrastructure & Services (NI&S) and Identity Management Services (IMS) to develop a compliant solution for restricted research personnel. Together these organizations have developed the following solution for ensuring Virginia Tech remains in compliance with all applicable laws and regulations governing export controls.
To solve this problem, Virginia Tech will retain the Microsoft Exchange Server for transmission and receipt of emails containing export controlled information. All individuals on restricted research projects will be required to use the Exchange server for export controlled email communications or make other arrangements for the transmission of controlled information in conjunction with OESRC. To create an exchange account, see http://answers.vt.edu/kb/entry/3730/.
If you plan to use email to send or receive export controlled data, please contact OESRC@vt.edu, so we can ensure your account is properly set up.