• Home
• Policies
• Technology Control Plans and Risk Mitigation Plans

Technology Control Plans and Risk Mitigation Plans

Northwestern's Export Control Policy sometimes requires a Technology Control Plan (TCP) or a Risk Mitigation Plan (RMP) to manage certain export control and research security risks for research activities at the university.

What is a TCP? A TCP is an internal written document that provides the policies and procedures to protect potentially controlled, sensitive, or proprietary information at Northwestern. TCPs help NU, PIs and research project participants stay compliant with federal export controls and research security regulations.

What is an RMP? An RMP is an internal written document that provides the policies and procedures to mitigate research security risks, when a sponsoring agency or the terms of a sponsored research agreement or award so require.  

When is a TCP or RMP required? A TCP or RMP may be required in the following instances:

• Compliance with federal sponsor requirements to preserve the fundamental research exclusion or to mitigate research security risks. Not all sponsored agreements require a TCP or RMP.
  • Resources: Guidance for Researchers, ECIC Research Security Website.
  • Resources: Federal Agency Risk Assessments and Research Security Website
• Working with controlled equipment, substance, or technology, to ensure adequate screening and export licensing determinations.
  • Resources: What is an export?, BIS - Deemed Exports, Restricted Party Screenings.
• Hosting a visitor from an entity on a US restricted list, to ensure the individual only works on fundamental research and to avoid exporting any items to a restricted entity.
  • Resources: Restricted Party Screenings, Visitor Screening Process.

What measures should I expect to find in a TCP or RMP? All plans require the PI and project participants to complete onboarding and certify that they will comply with the measures outlined in the plan. The plan will also be certified by the Department Chair, the Research Dean, and the ECIC office. TCP/RMP measures vary depending on the plan type. Some measures include, but are not limited to:

• Physical security of the lab or equipment.
• Information security measures.
• Sponsor notification or approval of foreign person participants, when applicable.
• Restricted party screenings of project participants and international collaborators.
• Reporting of international travel, when required by the federal agency sponsor.
• Conflict of interest disclosures through the COI Office.
• Export controls training available on MyHR Learn. 

Resources and Related Documentation

Northwestern Policy

Export Controls Compliance Policy

Policy on Discrimination, Harassment and Sexual Misconduct

Policy on Conflict of Interest in Research

ECIC Manual, Checklists, and Forms

Fundamental Research Guidance

CERES Export Control Ancillary Review Checklist for AWARDS

Export Controls & International Compliance Manual

ECIC Guidance

Export Controls Federal Regulations

Research Security Policies & Guidance

Foreign Talent Programs

Federal Agency Risk Matrices

ECIC Portal How-To-Guides

Visit our ECIC Portal Guidance site for updated ECIC Portal information.