Research Administration Guidelines

RAG40 Guidelines for Ensuring Compliance with Export Control Policy RA40

Policy Status
Active
Subject Matter Expert
Export Compliance Officer, 814-867-5088, export@psu.edu
Policy Steward
Senior Vice President for Research and the Associate Vice President for Budget and Finance

Contents:


PURPOSE:

To establish procedures for University personnel to follow in ensuring their compliance with applicable U.S. export laws, regulations and guidelines when performing sponsored research at the University, as required under University Policy RA40.

DEFINITIONS:

EXPORT REVIEW – An internal review of a sponsored research project, at proposal and/or award stage, performed by an export compliance specialist in OSP, to ensure the University’s compliance with U.S. export laws, regulations and guidelines. An Export Review that is required at proposal stage must be completed prior to proposal submission. An Export Review that is required at award stage must be completed prior to award acceptance and prior to ANY expenditure of project award funds, including advanced funds.

INTERNAL APPROVAL FORM (IAF) – An electronic form that is completed and signed by all participating investigators and their respective academic or institute administrators, as a first step in the sponsored project proposal submission process. The form prompts the investigator(s) to disclose various project demographics, project related compliance requirements, as well as significant financial or business interests.

ONLINE EXPORT COMPLIANCE TRAINING (CITI Program) – As part of the University’s documentation of the U.S. Government’s recommended export compliance awareness training for faculty and staff, the University has adopted an online educational tool entitled “Collaborative Institutional Training Initiative (CITI).” Effective January 1, 2015, all project personnel who are included as signatories on a Technology Control Plan (TCP) shall be required to complete the relevant modules of the TCP Required Training for Export Control. Online Export Compliance Training must be completed prior to the full execution of the TCP, and is valid for a three (3) year period. The CITI Program can be accessed online at citi.psu.edu.

SECURITY MEETING– A security meeting is necessitated when the University agrees to accept a Controlled Project (as defined under Restricted/Controlled Projects herein). Such meetings are hosted by the Office of Sponsored Programs (OSP) and attended by project personnel, and including as necessary, the following administrative and compliance personnel -- University Export Compliance Officer, OSP Export Committee Chair, College/Unit/VPR Information Technology representatives, College Research Office representative, OSP contract negotiator and OSP Compliance Coordinator. Items discussed at a Security Meeting include an overview of the Project and details regarding the implementation and finalization of a Technology Control Plan (TCP).

TECHNOLOGY CONTROL PLAN (TCP) – A TCP is a detailed security plan required for all Controlled Projects that is necessitated by the scope of work, or by the terms and conditions of the agreement which may contain certain restrictions, such as foreign national participation, publication restrictions, receipt of export-controlled information, technical data or materials from a sponsor or third party, or the development and delivery of a prototype or other end-use hardware, software or material. Should foreign national participation be essential to the project, the University, under certain circumstances, may apply for a license to the U.S. Department of State. Security measures typically outlined in a TCP are:

  • Purpose of controls
  • Physical Security Provisions
  • Computer Security Provisions
  • Potential License Requirements
  • TCP Audit/Monitoring
  • Closeout and Disposition

Additional definitions related to Export Compliance can be found in University Policy ADG09.

GUIDELINES:

The University is committed to performing Fundamental Research (as defined in University Policy RA40) in an effort to provide the widest possible public dissemination of scientific learning and research results. As part of its regular review of sponsored research efforts, the Office of Sponsored Programs (OSP) staff will evaluate any export compliance concerns with proposed or awarded projects.

Some indicators that research may be impacted by U.S. export laws, regulations and guidelines and thus may require an Export Review include, but may not be limited to, the following:

  • Foreign Sponsors
  • Foreign Subrecipients or Consultants
  • Foreign Travel (including conference attendance and/or research collaboration)
  • Foreign Visitors
  • Foreign Deliverables (other than technical reports)
  • Anticipated or actual receipt of equipment, materials, data or software expressly identified as export controlled by the provider
  • Contractual provisions restricting publication and/or foreign national involvement

Proposals and Awards Through IAF System

As part of the IAF submission process, investigators will be asked to identify potential export compliance-related triggers. This will enable OSP to perform an Export Review to determine whether or not a project will be impacted by U.S. export laws, regulations and guidelines. The IAF system is designed to require the completion of various compliance questions, including those related to export controls, before the submission of a proposal and/or the acceptance of a subsequent award. It is important that faculty/staff who are completing the IAF answer all compliance related questions accurately to ensure that embedded technological controls in the IAF system function appropriately. In the event OSP or the University Export Compliance Office determines that any answers to the export control questions in any IAF submission are incorrect, OSP or the University Export Compliance Officer may require correction of the IAF by the appropriate person(s).

In addition to the IAF, OSP may deem it necessary to contact faculty or staff to request additional information or to require the completion of additional forms. It is the responsibility of faculty and/or staff to promptly and accurately provide such additional information and/or to complete any and all forms requested by OSP in order to enable an effective Export Review. Failure to timely respond to requests for information and/or to provide necessary documentation to enable completion of any export review may delay submission of proposals and/or acceptance of awards.

Non-Disclosure Agreements (NDA), Data Use Agreements (DUA), Memorandums of Understanding, and other non-financial agreements (non-IAF reviews)

Not all documents and transactions reviewed and processed by OSP are initiated through the IAF system. As part of OSP’s review of such documents and transactions, certain information, documentation or forms may be required in order for OSP to perform a review to determine whether or not a particular agreement or transaction will be impacted by U.S. export laws, regulations and guidelines.

OSP may deem it necessary to contact faculty or staff to request additional information or documentation or to require the completion of additional forms. It is the responsibility of faculty and/or staff to promptly and accurately complete any and all forms provided by OSP in order to complete an effective Export Review.

Restricted/Controlled Projects

In the event that a particular sponsored research project does not meet the definition of Fundamental Research (making the project a “Controlled Project”), certain procedures must be followed to mitigate the export compliance risks from acceptance of a Controlled Project and to document the University’s compliance with U.S. export laws, regulations and guidelines. These procedures may include, but are not limited to, the implementation of a Technology Control Plan (TCP) or other internal security provisions, completion of Online Export Compliance Training, attendance of a Security Meeting, as well as activities related to the ongoing review and monitoring of the Controlled Project. It is the responsibility of Principal Investigator for any Controlled Projects to promptly and accurately provide any additional information and/or to complete any and all forms requested by OSP in order to enable the development of any necessary internal security procedures. Failure to timely respond to requests for information and/or to provide necessary documentation to enable timely completion of such mitigation efforts may delay the final acceptance of the grant, contract or award.

Principal Investigators are responsible for the operation of their projects in conformity with any such established security procedures.

FURTHER INFORMATION:

For questions, additional detail, or to request changes to this Guideline, please contact the Office of Sponsored Programs at export-osp@psu.edu. Please also refer to University Policy RA40 Compliance with Federal Export Regulations for Sponsored Research Efforts.

CROSS REFERENCES:

Other Policies should also be referenced, especially the following:

AD88 Code of Responsible Conduct-

AD89 University Export Compliance Policy

ADG09 Export Compliance Definitions, Procedures and Implementation Guidelines

RA40 Compliance with Federal Export Regulations for Sponsored Research Efforts


Revision History:

  • July 12, 2023 - Editorial changes:
    • References to the Corporate Controller changed to the Associate Vice President for Budget and Finance
    • References to the Office of the Corporate Controller changed to the Office of Budget and Finance
  • February 26, 2016 - Renumbered from RAG11 to RAG40. This is a comprehensive rewrite of the previous version to reflect current practice
  • October 9, 2012 - This guideline has been revised to reflect the current process for export review for sponsored research at Penn State.
  • January 1, 2010 - Editorial changes to position titles
  • November 8, 2006 - Editorial changes to position titles
  • November 26, 2003 - Editorial change: The link to complete text of ITAR and the USML, as well as the link to the complete text of the EAR and the CCL, have changed.
  • January 23, 2003 - Editorial change: The ITAR reference in the Code of Federal Regulations was changed from 120-130 to 120-125; The Commerce Control List (CCL) has a new web address.
  • April 17, 2002 - New Policy Guideline (RAG11)
Date Approved
Date Published
Effective Date