Do you need a Technology Control Plan?

Everything you need to know about

Technology Control Plans

A Technology Control Plan (TCP) is a customized document that outlines the appropriate access and handling procedures to protect export-controlled items and certain types of Controlled Unclassified Information (CUI).


Identifies the individual responsible for maintaining and monitoring compliance with the TCP and lists all individuals with access to the controlled items.
Describes all controlled items and identifies aspects of a project deemed fundamental research (and thus exempt from controls).
Defines physical and IT security measures to restrict access to controlled items.

Report a Concern

Northeastern University strongly encourages any member of the community to report unethical or questionable conduct including concerns about research misconduct.

To report a concern, you may email Research Compliance or contact the EthicsPoint confidential and anonymous reporting hotline.

Do I need a TCP?

  • Covered Defense Information (Type of CUI)
  • Military Defense Research (ITAR)
  • Atomic Energy Act Data (DOE)

TCP Always Required

Research Compliance will work with you to develop a TCP.

  • Dual-Use Research (EAR)
  • Dissemination Restrictions
  • Distribution Statement B-F

TCP May Be Required

Consult with Research Compliance.

  • Other categories of CUI (e.g., privacy, tax, transportation)
  • Commercial and Civilian Research (EAR99)

TCP Unlikely

Research Compliance can provide guidance on handling and project-specific considerations.

What about trade secrets?

TCPs are not required by law to protect trade secrets. However, contracts may stipulate protections for certain items and information.

Consult with Research Compliance for more information.


Last Updated on November 5, 2021