Guidelines for protecting Export Controlled Data
The following guidelines and resources are drawn from regulations related to export controls.
More information how export controls may affect your research is available on the University of Colorado Colorado Springs (UCCS) Office of Sponsored Programs and Research Integrity (OSPRI) website: //www.uccs.edu/osp/export-controls
UCCS IT Support for Export Controlled Technology
Export-controlled technology at UCCS will be maintained in accordance with the guidelines outlined in this document. Export-controlled software and data that is received by or brought to UCCS may only be kept on a secure encrypted system which has been configured by the Information Technology (IT) department and inspected by the Information Security Office (ISO). Any exceptions must be explicitly approved by the Information Security Officer and the Associate Vice Chancellor for Research and Faculty Development.
It is the responsibility of anyone having UCCS export controlled technology to follow the procedures outlined here, and in particular the following procedures must be followed.
- Anyone accessing export controlled data must receive Information Security Training on an annual basis.
- Any technology containing export controlled data will be registered with the ISO and will undergo a security risk assessment. Contact the ISO for more information on Registration and Support of Export Controlled Technology.
- The ISO will work with the OSPRI to ensure that the export controlled technology on campus meets the export control standards described on the OSPRI Export Control Information and Technology Control and Security page .
- If you have questions or concerns related to safeguarding Export Controlled Information, contact the Information Security Office (ISO) at firstname.lastname@example.org. All questions related to export control policies, procedures, regulations or technology control plans (TCPs) should be directed to the Office of Sponsored Programs and Research Integrity (OSPRI) at email@example.com.
- Assistance with Export Controlled data requires special procedures from the IT HelpDesk.
Important Export Controlled Information:
VPN and Federal Export Law
VPN Software provided by IT has export control restrictions that you are personally responsible for. Check out the following link for more information.
Other Export Controlled Software
Other software, such as SPSS (an IBM Product), and other common technology is also controlled and may require a license. Some software you use daily is rooted in encryption technology that may make it an export control violation to ship, hand-carry, or disseminate electronically to countries listed on the Commerce Control List (CCL) or to individuals listed on the Denied Parties List (DPL). A transfer without the required license is a crime.
More information and access to specific lists of parties-of-concern can be found at: https://www.bis.doc.gov/index.php/policy-guidance/lists-of-parties-of-concern.
Some common controlled product areas are shown here with links to more information: http://www.tradecontrols.com/geteccn.php.
If you have questions about the export control requirements of any software you are using, feel free to contact the Office of Sponsored Programs and Research Integrity (OSPRI) at UCCS via firstname.lastname@example.org.
Before traveling overseas with UCCS equipment including a laptop please visit the OSPRI International Travel and Export Controls travel page for important information.
Using cloud computing resources to store export controlled information may require an export license. To learn more about cloud computing and export controls please visit the OSPRI Cloud-Computing and Export Controls page.