Maintaining Export Compliance during COVID-19 Emergency

As a reminder, federal regulations require that Export Controlled Information not be shared with foreign persons in the U.S. or abroad without first determining if an export license is required and if necessary obtaining one from the U.S. government.  To comply with this requirement, and make the risk associated with export controlled activity manageable, the university implements TCPs that describe and document the steps necessary to protect export controlled information.  A few requirements to highlight are below:

  • Access to Export Controlled Information is restricted to authorized personnel only.  Authorized personnel are listed in Exhibit A of your TCP.
  • Export Controlled Information must only be received, stored, processed or generated from authorized TCP Systems.  TCPs with Controlled Unclassified Information “CUI” requiring NIST 800-171 controls list specific authorized devices in Exhibit B.  If you need help obtaining an authorized TCP System, remotely accessing Export Controlled Information on an authorized TCP System or updating your TCP, contact the Office of Secure Research and your local IT team.  Specific college contact information is below:
  • Export Controlled Hardware and Information should only be stored in authorized locationsidentified in your TCP(s), see Section I and/or Exhibit B.  If there is a need to move Export Controlled Hardware or Information to a location not currently authorized in your TCP, contact the Office of Secure Research.  We recognize that most personnel are now working remotely and likely had to leave campus workspaces on short notice.
  • When remotely accessing Export Controlled Information remember that it must be kept under a minimum of one layer of protection at all times.  Be aware of your surroundings while working remotely to ensure that Export Controlled Information is not improperly released by closing blinds, shutting doors, etc.  More guidance is contained in the Guidelines on Remote Access to Export Controlled Information Covered by a Technology Control Plan (TCP).  If you are unable to find a location where you can ensure that Export Controlled Information is not improperly accessed, or are concerned that Export Controlled Information or items are not properly secured on campus, please contact the Office of Secure Research immediately.
  • If you are currently located outside of the U.S. or intend to travel internationally (when able to under university policy and U.S. government rules) and need to access Export Controlled Information, please notify the Office of Secure Research.
  • As always, if you know or suspect that a violation of the TCP, the Ohio State Export Control Policy or export control regulations may have occurred, please contact the Office of Secure Research immediately.  We will work to ensure that no unauthorized access is ongoing, implement remedial measures and notify federal agencies as necessary and appropriate.
  • Copies of your TCP(s) can be accessed by the Principal Investigator (PI) via the PI Portal at https://go.osu.edu/piportal.  Contact your PI or the Office of Secure Research for a copy of your TCP.

We understand that unique situations exist – please contact us if you have any questions or concerns regarding protecting the export controlled information covered by your TCP(s) or if you need to make any changes (including adding or removing authorized users and/or changing authorized work locations), please contact the Office of Secure Research at exportcontrol@osu.edu.