Export Control FAQs

My research is being conducted with collaborators outside of USU. What procedures do I need to think about?

Please ensure that you are aware and working with your collaborators to inform them of the USU research COVID-19 response and are communicating and potentially making alternate plans or placing a study hold on research procedures. Ensure that you understand differences in operations that your collaborators may also be facing and required to comply with for their respective campuses or other non-USU locations.

Do I need to notify the DRIC if I plan to postpone activities under a TCP?

If your project is not feasible to conduct remotely and/or you voluntarily and/or must postpone activities, you are required to notify the DRIC through submission of an email to DRIC staff indicating you have decided to initiate a study hold. This email notification must describe the status of the study and the communication process that was used to inform the study team of the voluntary hold and any necessary security parameters that will be put into place to protect the project. The DRIC may also direct you to take additional security measures in the event of a study hold.

How does COVID-19 affect research data access and security?

We recognize the importance of working remotely during this time and in many cases remote activity does not pose research data security concerns. However, research personnel must consider whether or not appropriate data security and confidentiality measures can be implemented for work to be conducted from off-campus locations. Please remember that data security changes deviating from a currently approved protocol or data security plan must be approved prior to generating, relocating, accessing, or storing the data. In addition, changes may also require notification and/or amendments to sponsor agreements. In particular, research personnel must be aware of the types of data involved in their export-controlled determination and TCPs.

  • Data that is highly confidential, restricted, or sensitive and protection of the data is required by international, federal, state, university, or sponsor requirements needs particular care during these times. Please remember, the loss of confidentiality, integrity, or inappropriate access could have severe adverse impact on the University, research area, or project.
  • Emailing research data may not be appropriate or secure depending on the type of data and security requirements involved, and in some cases may be a violation of federal law. In particular, do not transmit ITAR-controlled data via normal email.
  • Appropriate IT security and confidentiality measures consistent with your Export Controlled determination or Technology Control Plan (TCP), sponsor/contract requirements, and Utah State University’s policy #4107: Research Data are required. Research personnel must consider and double-check protocols, TCPs, grant or contractual obligations related to data security, storage, and confidentiality measures prior to allowing work from off-campus locations or taking physical/electronic data off campus. Please check with Sponsored Program Office and/or Export Control Officer as appropriate to the type of research you are conducting. Some examples include but are not limited to:
    • ITAR and Covered Defense Information (CDI)
    • Some Controlled Unclassified Information (CUI)
    • NIST/DFARS clause applicable data
  • Please reference IT guidance information regarding working remotely and utilizing resources such as IVC, Webex, VPN, and other cloud-based services.
    • It is also important to note that in some cases VPN and remote access of research data from or to a country with U.S. embargoes, sanctions, or restrictions should not occur. Please contact Export Control Officer if you believe this may occur.
  • We emphatically ask that research personnel seek DRIC and IT support before attempting changes or upgrades if any restricted, controlled, or sensitive research data is involved: https://dps.usu.edu/emergency/covid-19/working-remotely

What type of security measures should I ensure if I have export-controlled research, a determination, or a TCP?

Research personnel should double-check their determinations, TCPs, security requirements, and any applicable sponsor requirements to ensure they understand and can meet all compliance requirements.

Please remember that all physical and data security changes deviating from a currently approved protocol, TCP, or data security plan must be approved by the DRIC prior to generating, relocating, accessing, or storing the data or items/equipment. In addition, changes may also require notification and/or amendments to sponsor agreements.

Data/information/items that are highly confidential, restricted, or sensitive and protection of the data/information/items is required by international, federal, state, university, or sponsor requirements needs particular care during these times. Please remember, the loss of confidentiality, integrity, or inappropriate access could have severe adverse impact on the University, research area, project, or funding. This will often be the case with research protocols involving export control determinations or TCPs.

What if my project is currently being reviewed by the Export Compliance Program?

DRIC staff will continue the review of research projects through their normal review activities and through the regular first-in-first-out order as closely as possible. Please understand, at this time, priorities will be placed on items associated with ongoing research and projects, TCPs or determinations having been submitted for review that are impacted by the current COVID-19 outbreak.

If you have a new project, TCP, or determination moving through the review process, DRIC staff will be communicating with you further via email or phone if they believe remote activities are reasonable based on the current project and research requirements.

Do I need to change my protocol to accommodate remote activity? If so, and I'm under a determination or TCP is this required to be reviewed by the Export Compliance Program?

In many cases, PIs may not be able to complete required research activities remotely when a TCP is involved. Please ensure you are communicating with DRIC staff prior to implementing any changes to your activities under the determination or TCP to ensure U.S. export control regulations and/or sponsor requirements are not violated.

PIs should also monitor the COVID-19 Research Operations at USU as well as the Coronavirus (COVID019) Information updates and as it relates to USU operations, as needed. As a reminder, all changes to a currently approved technology control plan (TCP) or determination must be reviewed and approved by the Export Compliance Program prior to implementation.

My personnel and I are currently working on research under an export control determination or technology control plan (TCP), but is this recommended?

We urge USU research teams to make the necessary plans to move research activities to work remotely. Alternatively, the PI may decide to initiate a study hold on all research activities that cannot be performed securely from off-campus locations and are not essential to completion of the project until further notice. Off-campus work locations must meet the same physical and electronic security standards as the original work locations outlined in the determination or TCP.

PIs may choose to complete study tasks remotely if feasible for the study and if appropriate security measures are implemented. It is important to note that many projects involving a TCP and some EC determinations may not be appropriate for remote work or access of information. Any plans to work remotely must be approved by the DRIC prior to initiating the change.

Is USU's Division of Research Integrity & Compliance (DRIC) and the Export Compliance Program operating as usual?

The DRIC Office is fully functional and all DRIC staff are operating remotely at normal capacity.

Review priority will be given to all inquiries, requests, applications, and change requests related to impacts of COVID-19. Communications about projects affected by COVID-19 should be sent via email to the general email (compliance@usu.edu) with your project title included in the email subject line. This will assist DRIC staff in identifying and tracking immediate requests. Subject Line Example: Review request –Project Title–COVID-19