Export Controls are federal laws that govern how technology, technical data, technical assistance, and items or materials (from software to satellites and more) are physically or electronically exported, shipped, transmitted, transferred, or shared from the U.S. to foreign countries, persons, or entities.
Michigan Engineering research primarily falls under the following two regulations:
Export Control Security Services – Shared Responsibilities
Roles and Responsibilities of Staff Members:
Michigan Engineering Data Security Analyst (DSA): Act as consultants for the IT staff who are responsible for creating TCP plans on behalf of researchers. They are available to answer questions and do security research as security subject matter experts during every stage of the TCP creation process. They coordinate any needed risk assessment with the ITS information assurance risk assessment team.
IT staff: Are the primary person responsible for assisting researchers in the TCP creation process and implementation. They participate in the submission of the TCP as needed and may request a risk assessment if needed.
Researchers: Are the business owners of the Technology Control Plan. Assist their supporting IT Staff in the creation of the Technology control and its research implementation. They sign off on TCPs, submit it to OVPR as part of their research administration process and ensure that it is followed by the research team.
Michigan Engineering DSA
2 Security Architect
Consultant
1 Discovery
Consultant
3 TCP Creation
Consult
4 TCP implementation
Consult
5 TCP Submission
Consult
6 RISK Assessment
Participate
IT Staff
Security Architect
Primary
Discovery
Primary
TCP Creation
Primary
TCP implementation
Primary
TCP Submission
Participate
RISK Assessment
Participate
Researchers
Security Architect
Participate
Discovery
Participate
TCP Creation
Participate
TCP implementation
Participate
TCP Submission
Primary
RISK Assessment
Participate
Research Security Services
Categories
Tasks
Shared Responsibilities Effort
MichEngin DSA
IT Staff
Researchers
PCI
Security Architect (ITS)
NA
NA
NA
Treasurer's Office
Consultant
Primary
NA
Risk Assessment
Consultant
Participate
NA
RTP
Consultant
Primary
NA
FISMA
SSP Discovery
Primary
Participant
Participant
Security Architect
Consultant
Primary
Participant
SSP Creation
Primary
Participant
Participant
SSP Implementation
Consultant
Primary
Participate
SSP Submission
Primary
Participant
Participant
RISK Assessment
IA Coordination / Participant
Primary
Participant
RTP
Consultant
Primary
Participant
CUI
SSP Discovery
Primary
Participant
Participant
Security Architect
Consultant
Primary
Participant
SSP Creation
Primary
Participant
Participant
SSP / ARC Implementation
Consultant
Support ARC and Researchers
Participant
SSP Submission
Primary
Participant
Participant
RISK Assessment
IA Coordination / Participatant
Primary
Participant
Export Control
TCP Discovery
Consultant
Primary
Participant
Security Architect
Consultant
Primary
Participant
TCP Creation
Consultant
Primary
Participant
TCP Implementation
Consultant
Primary
Participant
TCP Submission
Consultant
Participant
Primary
RISK Assessment
IA Coordination / Participatant
Primary
Participant
FAR 52.204-21
SSP Discovery
Primary
Participant
Participant
Security Architect
Consultant
Primary
Participant
SSP Creation
Consultant
Primary
Participant
SSP implementation
Consultant
Primary
Participant
SSP Submission
Consultant
Participant
Primary
RISK Assessment
IA Coordination / Participatant
Primary
Participant
HIPPA
SSP Discovery
Primary
Participant
Participant
Security Architect
Consultant
Primary
Participant
RISK Assessment
IA Coordination / Participatant
Primary
Participant
Michigan Medicine Corporate Compliance approval
Primary
Participant
Participant
3rd Party Vendor Security and Compliance
SSP Discovery
Primary
Participant
Participant
Security Architect
Consultant
Primary
Participant
PSSP Creation
Consultant
Primary
Participant
3rd Party Information Security Requirements (TPISR) (e.g., GM)