Computer Repair Non Disclosure

Document Sample
Computer Repair Non Disclosure Powered By Docstoc
					TECHNOLOGY CONTROL PLAN (TCP)
              FOR

   FOREIGN NATIONAL VISITORS
1.0   FOREIGN NATIONAL PROCEDURE

      Disclosure of controlled technical data to Foreign National visitors to a U.S. company is
      considered an export under the Export Administration Regulations (EAR) and under the
      International Traffic in Arms Regulations (ITAR) 22 CFR 126.13(c) respectively. Such a
      release requires a Department of Commerce or Department of State License, Agreement, or
      Exception/exemption, and submission of a Technology Control Plan (TCP) and a Non-
      Disclosure Statement.


2.0   INTRODUCTION

      This Technology Control Plan delineates the controls established by L-3
      Communications/D.P. Associates, Inc. (hereinafter referred to as “L3/DPA”) to prevent the
      transfer of controlled technical information to Foreign National visitors.

      All L3/DPA management employees have been briefed in export control and licensing
      requirements.

      Foreign National visitors will not have access to any controlled technical data unless
      specifically authorized under an approved License, Exemption/Exception, or Agreement.


3.0   CONTROLLED TECHNICAL DATA

      Access to controlled technical data to include, but not limited to, materials under U.S.
      Government contract, on the Commerce Commodity List, or on the U.S. Munitions List is
      strictly prohibited. Information within the Public Domain may be accessed.

      In adherence to L3/DPA policy in meeting U.S. Department of State requirements, no
      employee or other person acting on behalf of L3/DPA shall, without prior approval, ship,
      mail, hand carry or transmit technical data out of the U.S. or within the U.S. with the
      knowledge or intent that the data will be shipped or transmitted to a Foreign National.
      Approval for export of all commodities, including technical information, is the
      responsibility of L3/DPA management implemented by the Export Compliance
      Coordinator (EO/ECC).

      Foreign Person visitors are not authorized access to any advanced technology materials
      under U.S. Government contracts or to any advanced technology material on the U.S.
      Munitions List not under U.S. Government contract unless approved under a specific
      export license.

      Technical data is information which is required for the design, development, production,
      manufacture, assembly operation, repair, testing, maintenance or modification of defense
      articles. This includes information in the form of blueprints, drawings, photographs, plans,
      instructions, and documentation; classified information relating to defense articles and
      defense services; software including, but not limited to, the system functional design, logic
      flow, algorithms, application programs, operating systems and support software for design,
      implementation, test, operation, diagnosis, and repair, directly related to defense articles.
3.1 Classified Technical Data

    Under the provisions of the National Industrial Security Program Operation Manual
    (NISPOM), Limited Access Authorization (LAA) to classified information is not
    provided to Foreign Persons, except under extraordinary circumstances. Foreign Persons,
    therefore, are normally prohibited access to facilities, documentation and records and
    design development and test areas where classified work is in process. Employees must
    understand that access to these areas is prohibited except as may be authorized by export
    licenses, Technical Assistance Agreements (TAA’s), and provisions.

    Foreign Persons will be allowed access to classified information only when the company
    has a license or agreement for the release of the technology. An assurance must also be
    received from the Foreign Government (through the applicable cognizant U.S.
    Government office) advising that the Foreign Person has been approved for access to
    classified information.

3.2 Unclassified Technical Data

    Unclassified data may be accessed by Foreign Persons to the extent necessary to fulfill
    their designated duties in accordance with the job description submitted with the Form
    DSP-5. The manager to whom the Foreign Person reports will control access to such
    data.

    Foreign Persons are not authorized access to any advanced technology materials under
    U.S. government contractor to any advanced technology material on the U.S. Munitions
    List unless approved under a specific export license.

3.3 Reviewing Requirements of All Technical Data

    All data will be reviewed by L3/DPA’s Export Control Officer and returned via
    government-to-government channels. Only materials in the English language will be
    transferred unless adequate translation services are available.

3.4 Licenses, Technical Assistance Agreements (TAAs), Exemptions, and Provisos

    It is the responsibility of all employees assigned to foreign projects to familiarize
    themselves with the Licenses, TAAs, and Provisos imposed by the Department of State
    and Department of Commerce. The Licenses and TAAs establish a baseline for technical
    data that can and/or cannot be released. The Provisos are restrictions associated with the
    Licenses and TAAs. Copies of the Licenses, TAAs, and Provisos are not to be made
    without approval from the Export Compliance Coordinator and Project Management.
    Copies of the Licenses, TAAs, and Provisos may not be given to Foreign Person Visitors.
    The Empowered Official or Export Compliance Coordinator is the only person
    authorized to interpret and revise these agreements.
4.0   SECURITY CONTROLS

  4.1 Foreign National Identification Badges

      Identification Badges (Visitors). Foreign Persons will be issued Foreign Visitor Escort
      Required badges. The Foreign Person will be issued the Foreign Visitor Escort Required
      badge and required to display the badge in a readily visible manner at all times while in
      the facility. The Foreign Visitor will not be permitted access to restricted areas without
      security approval and visual verification that the badge belongs to the holder. The
      Foreign Visitor will need to be escorted by an approved L3/DPA employee while
      accessing restricted areas. All visitors will be informed of the limitations and restrictions
      imposed on their badge. Foreign visitor badges will be maintained by L3/DPA security
      personnel and will be made available each morning during the visit period.

  4.2 Facility Access

      Access within L3/DPA facilities is limited in accordance with the visit objectives.
      Before a Foreign Person visits an L3/DPA facility, the L3/DPA sponsor must notify the
      Security and Export Control Departments (see Attachment C). A Visit Request notice
      should be made two weeks prior to the planned visit.

      While at L3/DPA facilities, Foreign Persons are required to adhere to security rules,
      policies, and procedures. Access is limited in strict accordance with export license
      provisions.

      Visits by foreign nationals that involve only commercial programs and related non-
      technical unclassified information will not require signing a Non-Disclosure Agreement.

      The hours of access will be the same as those established for normal L3/DPA working
      hours for employees – 8:00 am to 5:00 pm. Any departure from the established hours
      must be approved by the L3/DPA Project Manager.

      All Foreign Persons will be notified that the following items are unauthorized.

      a.   Recording Equipment
      b.   Cameras (to include any equipment with visual capabilities)
      c.   Computer Equipment **
      d.   Firearms
      e.   Explosives
      f.   Alcohol
      g.   Illegal Drugs

      ** Computer equipment is approved for use in designated areas. Computer usage outside
      these designated areas is approved on a case by case basis by the Export Control
      Compliance Coordinator and the Project Manager in coordination with L3/DPA Security.

      Upon entry and departure, a Foreign Person's hand carried items may be subject to search
      by the L3/DPA Security personnel along with the hand carried items of U.S. citizens.
4.3 Access Controls to Computer, Networks, and E-mail

    Access to L3/DPA’s computers is strictly prohibited.

    Access to the L-3 Communications Corporation Intranet is strictly prohibited.

    Access to e-mail is not permitted.

4.4 Additional Security Controls

    There is a Secure Area that is off limits to Foreign Nationals who visit or are employed
    by L3/DPA. An employee must have the consent of the Security Manager to access the
    Secure Area. Access to computers and other electronic equipment may be prohibited.

    If a visitor has come for a “classified” meeting or briefing, he/she must have provided a
    Visit Request to the Security Manager from his/her employer at least 24 hours before the
    meeting begins.

4.5 Non-Disclosure Agreement Statement and Acknowledgement

    All Foreign Persons, to whom technical data will be disclosed under license of ODTC or
    other U.S. Government Agency, and the responsible manager will be required to sign the
    Non-disclosure Agreement Statement and the Technology Control Plan Briefing form. A
    signed and dated copy of the Non-disclosure Agreement statement will be maintained by
    the Export Compliance Coordinator or other empowered official or forwarded to the
    ODTC or to the appropriate U. S. Government Agency if required. All persons assigned
    to a project where Foreign Persons may have access to project information and the briefer
    will be required to sign the Technology Control Plan Briefing form.

4.6 Indoctrination of Employed Foreign Persons

    Sufficient control and supervision must be exercised with regard to technology transfer or
    release of technical experience. It is L3/DPA’s desire to retain technology and/or
    experience sensitive to its business operations. Procedures regarding the protection of
    sensitive data serve as additional safeguarding procedures, ensuring against inadvertent or
    intentional transmission of such information. All managers will ensure that employees
    within their respective areas of responsibility are properly instructed in the handling of
    sensitive data, and will further ensure that such information is disclosed only to persons
    for whom a strict "need-to-know" has been established. Foreign persons and L3/DPA
    employees having involvement with them must sign the Non-Disclosure Agreement
    (Attachment A) before being granted access to this information. They will also
    acknowledge in writing that they have read and understand the L3/DPA Technology
    Control Plan (Attachment B)

    Foreign Persons will be informed that an export license will be required from the U.S.
    Government before they have access to hardware or unclassified technical data
    concerning items on the U.S. Munitions List. They will be briefed in those areas of
    export control and export licensing, as set forth in the guidelines provided by the ODTC
and other U.S. agencies that are pertinent to their activities. Further, Foreign Persons will
be informed as to their responsibility to treat all technical information obtained during
their employment in accordance with L-3 Communications procedures for the protection
of sensitive data. Their acknowledgement of this will be the signed Non-Disclosure
Agreement and the signed Technology Control Plan Briefing forms that are on file with
the Export Compliance Official or other empowered official.

Foreign Persons will be made responsible for adherence to facility security rules, policies
and procedures relating to in-plant regulations for personnel. These individuals must sign
the Non-Disclosure Agreement (Attachment A) before being granted access to this
information. They will also acknowledge in writing that they have read and understand
the L3/DPA Technology Control Plan (Attachment B). The manager directly responsible
for the foreign person(s) is also required to sign the nondisclosure agreement.

All Foreign Persons will be briefed in those areas of export control and export licensing,
as set forth in the guidelines provided by the ODTC and other U.S. agencies, which are
pertinent to their activities. These individuals must sign the Non-Disclosure Agreement
(Attachment A) before being granted access to this information. They will also
acknowledge in writing that they have read and understand the L3/DPA Technology
Control Plan (Attachment B). The manager directly responsible for the foreign person(s)
is also required to sign the Nondisclosure Agreement.

Foreign Persons will be advised of the services provided by L3/DPA, i.e., international
mailing, international freight and courier shipments, facsimile machines, Automated
Information Systems (AIS), reproduction equipment, and classified storage containers, as
appropriate.


a. International Mailing. The Project Manager and the Empowered Official or Export
   Compliance Coordinator must review and inspect all international mailings and
   shipments to ensure that the data and/or equipment being shipped is in compliance
   with an authorized export license, exemption, or TAA. The Empowered Official or
   Export Compliance Coordinator will ensure that appropriate export documentation is
   executed and that the appropriate package markings are applied.

b. International Freight and Courier Shipment. International shipments, other than
   Government Bills of Lading, or administrative material with proper release approval
   will be submitted through the Empowered Official or Export Compliance
   Coordinator. The Empowered Official or Export Compliance Coordinator will verify
   the export license needed for the shipment and affix an authorization signature.
   Shipping and Receiving employees will then coordinate the shipping with the freight
   forwarded/carrier. Shipping and Receiving will maintain records of shipments
   exported.

c. Facsimile. The Project Manager, the Empowered Official or Export Compliance
   Coordinator, or the Security Manager must review any information requiring
   facsimile transmission by a Foreign Person. All material approved for transmission
   must be project specific.
      d. Access to Local Area Networks (LANs) and Automated Information Systems (AISs).
         Access to the L3/DPA LAN is not authorized. If a computer is provided, it will be a
         standalone system only. Classified processing is not authorized without prior
         approval.

      e. Reproduction. Any material that needs to be reproduced must be project specific.
         Reproduction of classified information is not authorized without the prior L3/DPA
         Security approval.

      f. Classified Storage Containers. Classified storage containers will only be provided on
         a case by case basis. The combination will be placed in an envelope, sealed and
         stored in an L3/DPA GSA-approved container.

      g. Foreign Persons will be advised that L3/DPA will review all material before it is
         returned via government-to-government channels. Only materials in the English
         language will be transferred unless adequate translation services are available.

      h. Security Violations. There may be sanctions imposed by L3/DPA for deliberate
         violations of security procedures. Disciplinary actions that have been approved by
         the U.S. Government will be followed.

  4.7 Termination of Foreign Person

      Foreign Person employees will be out-processed by the Human Resources (H.R.)
      Department to ensure all material has been collected and proper disposition has been
      made. H.R. will notify the Empowered Official prior to the termination of a foreign
      person.

      Upon employment termination, the foreign person will be required to execute a statement
      regarding L3/DPA equipment and written matter (Employee Proprietary Information and
      Innovation Agreement (SLC-8836 (6-97)). This statement will certify that the foreign
      person has not given or disclosed to any unauthorized person any documents, reports or
      other data that is considered to be sensitive information.


5.0   EXPORT

  5.1 Export License Requirements

      Foreign Person will be informed that an export license will be required from the U.S.
      Government before they will be allowed access to hardware or technical data concerning
      items on the U.S. Munitions List. Access is requested by submission of Form DSP-5 to
      the U.S. State Department. Access to hardware or data is specifically limited to what the
      approved export license allows. Foreign Persons have a responsibility to treat all
      technical information obtained during their visit in accordance with L3/DPA procedures
      for the protection of sensitive data.
       All Foreign Persons will be briefed in those areas of export control and export licensing,
       as set forth in the guidelines provided by the Office of Defense Trade Controls and other
       U.S. agencies which are pertinent to their activities.

       No employee, or other person acting on behalf of L3/DPA will, without prior approval,
       ship, mail, hand carry, or transmit technical data out of the U.S. or within the U.S., with
       the knowledge or intent that the data will be shipped or transmitted from the U.S. to a
       foreign destination.

  5.2 Examples of Export Violations

       a.   Export or Import without a License
       b.   Failure to file a shipper's export declaration
       c.   Export to an unauthorized consignee
       d.   Hand carrying technical data or hardware overseas without appropriate
            documentation

  5.3 Possible Penalties

       a. General Violation - Fine of not more than five times the value of the export involved
          or $50,000, whichever is the greater;
       b. Willful Violation – Fine of not more than five times the value of the export involved
          or $1,000,000, whichever is the greater;
       c. Individuals shall be fined not more than $500,000 for each violation;
       d. Seizure of Forfeiture of Goods;
       e. Imprisonment;
       f. Loss of Export privileges;
       g. Employment Termination;
       h. Loss of patent rights.


6.0   SUMMARY

      L3/DPA mandates that sufficient control and supervision will exist in regard to all Foreign
      National visitors as related to controlled technical data transfer or release of technical
      know-how.

      L3/DPA Policies, as well as L-3 Corporate Policies 307 Security and Information Asset
      Protection, 401 Corporate Information Network Security, 707 Export/Import Controls and
      Compliance direct the L3/DPA to protect its private and sensitive information, including
      controlled technical data, and/or software, which will serve as additional safeguards,
      assuring against inadvertent or intentional transmission of that information.

      All L3/DPA employees are responsible for ensuring that Foreign National visitors do not
      access controlled technical data.

      Any deviation or waiver from or exception to this procedure requires the prior approval of
      the L3/DPA President.
7.0     DEFINITIONS

Department of Commerce - Export Administration Regulations (EAR):

Export – EAR 15 CFR Part 732 (b)(ii) defines “export” to include the release of controlled
technical data (technical data) or software to a Foreign National and considers such release to be
a “deemed export” to the home country of the Foreign National. (Home country is defined as
country of birth or all countries where the Foreign National claims citizenship.)

What is an Export?

      a. Sending or taking a defense article out of the U.S. in any manner, except by mere travel
         outside the U.S. by a person whose personal knowledge includes technical data: or

      b. Transferring registration or control to a Foreign Person of any aircraft, vessel, or satellite
         covered by the U.S. Munitions List, whether in the U.S. or abroad; or

      c. Disclosing (including oral or visual disclosure) or transferring in the U.S. any defense
         article to an embassy, any agency or subdivision of a foreign government (e.g.,
         diplomatic mission); or

      d. Disclosing (including oral or visual disclosure) or transferring technical data to a Foreign
         Person, whether in the U.S. or abroad; or

      e. Performing a defense service on behalf of, or for the benefit of, a foreign person, whether
         in the U.S. or abroad.

Foreign National/Foreign Person – A Foreign Person means any natural person who is not a
lawful permanent resident defined by 8 U.S.C. 1101(a)(20) or who is a protected individual as
defined by 8 U.S.C. 1324b(a)(3). It also means any foreign corporation, business association,
partnership, trust, society or any other entity or group that is not incorporated or organized to do
business in the United States, as well as international organizations, foreign governments and
any agency or subdivision of foreign governments (e.g., diplomatic missions).


Technical Data – As used in 15 CFR Part 779 of the EAR, the term “technical data” includes
both “controlled technical data” (that is, information necessary for the development, production,
or use of a product) and software. Information can take the form of “technical data” or
“technical assistance”. Technical assistance can be instruction, skills training, working
knowledge, and consulting services and may involve transfer of technical data. Technical data
includes blueprints, plans, diagrams, models, formulae, tables, engineering designs and
specifications, and manuals and instructions written or recorded on other media or devices such
as disk, tape, and read-only memories.

Technical data is:

      a. Information which is required for the design, development, production, manufacture,
         assembly operation, repair, testing, maintenance or modification of defense articles. This
       includes information in the form of blueprints, drawings, photographs, plans, instructions,
       and documentation.**

   b. Classified information relating to defense articles and defense services.

   c. Software including, but not limited to, the system functional design, logic flow,
      algorithms, application programs, operating systems and support software for design,
      implementation, test, operation, diagnosis, and repair, directly related to defense articles.
      **

Department of State -- International Traffic in Arms Regulations (ITAR)

Definition of Defense Service - ITAR 22 CFR 120.9: (1) The furnishing of assistance
(including training) to foreign persons, whether in the United States or abroad, in the design,
development, engineering, manufacture, production, assembly, testing, repair, maintenance,
modification, operation, demilitarization, destruction, processing, or use of defense articles; or
(2) The furnishing to foreign persons of any technical data controlled under this subchapter;
whether in the United States or abroad; or (3) Military training of foreign units and forces,
regular and irregular, including formal and informal instruction of foreign persons in the US or
abroad or by correspondence courses, technical, educational, or information publications and
media of all kinds, training, and orientation, training exercise and military advice.

Definition of Technical Data - ITAR 22 CFR 120.10: (1) Information other than Software as
defined in ITAR 120.10(d), which is required for the design, development, production,
manufacture, assembly, operation, repair, testing, maintenance, or modification of defense
articles. This includes information in the form of blueprints, drawings, photographs, plans,
instructions, and documentation; (2) classified information relating to defense articles and
defense services; (3) information covered by an invention secrecy order; and (4) software as
defined in ITAR 22 CFR 121.8(f) of this subchapter directly related to defense articles. This
definition does not include information concerning scientific, mathematical, or engineering
principles commonly taught in schools, colleges, and universities or information in the public
domain as defined in ITAR 22 CFR Section 120.11. It also does not include basic marketing
information on function or purpose or general system descriptions of defense articles .

Definition of Software - ITAR 22 CFR 121.8(f) Software includes, but is not limited to, the
system functional design., logic flow, algorithms, application programs, operating systems, and
support software for the design, implementation, test, operation, diagnosis, or repair.

Technology Control Plan (TCP) – A Technology Control Plan is required to control access by
Foreign Nationals assigned to, or employed by, a U.S. company. The TCP shall contain specific
procedures to control access to classified information, controlled technical data and general
procedures supporting visitation.

A Technology Control Plan must contain either a Non-Disclosure Statement or a Non-Access
Statement.
                             IMPORT/ EXPORT CONTROL
                            NON-DISCLOSURE AGREEMENT STATEMENT

“I, ___________________________, acknowledge and understand that any technical data
related to defense articles on the U.S. Munitions List, to which I have access or which is
disclosed to me in the course of my association with L3/D.P. Associates Inc., is subject to export
control under the International Traffic in Arms Regulation (Title 22, Code of Federal
Regulations, Parts 120 - 130). I hereby certify that such data will not be further disclosed,
exported or transferred in any manner to any foreign national person or any foreign country
without prior written approval of the Office of Defense Trade Controls, U.S. Department of
State.”


___________________________          _______________________________
SIGNATURE                             RESPONSIBLE MANAGER




__________________________
WITNESS



__________________________
Date




ATTACHMENT A
                               IMPORT/ EXPORT CONTROL
                             TECHNOLOGY CONTROL PLAN (TCP) BRIEFING


This is to acknowledge that I, __________________________, have read the L3/D.P. Associates
Inc. Technology Control Plan, and, if deemed necessary, have discussed the procedure with
_____________________________ and that I understand the procedures and agree to comply
(Company Point of Contact)

with its requirements.



_____________________________  _____________________________
SIGNATURE                  RESPONSIBLE MANAGER



_____________________________           _____________________________
DATE                                        DATE

_____________________________           _____________________________
Witness                                      DATE




ATTACHMENT B
                                    FOREIGN VISITOR REQUEST FORM
         This original form must be completed by the Host Employee in accordance with L3/DPA Technology Control Plan and should be submitted to
                                                    Security Department/FSO two (2) weeks prior to visit.

       (Please print or type)
                                                                                       U.S. Resident
                                                                                           Alien
                                                                                     (Green Card Holder)
                                                                                      YES        NO
           VISITOR NAME                               NATIONALITY                                                        COMPANY




                                                                                                            Host Employee/Escort(s)
             Date(s) of Visit                            Area(s) to be visited                             Name & Extension Number


Export License Required Yes_____                     No______                                 Control No.


VISITORS MUST BE CONTINUALLY ESCORTED AND ANY DISCLOSURE OF EXPORT
CONTROLLED INFORMATION MUST BE CONSISTENT WITH THE EXPORT LICENSE
Is this contact under the direction and supervision of the US Gov't?
If yes, under what project?
Purpose of Visit:                           Please describe the scope of technology to be transferred.
___ Technical Disclosure
___ Non-tech. Discussions
___ Courtesy Call
___ Supplier Sales Presentation
___ Supplier Services



Host Employee Responsibility Statement
I have read and understood and I will observe the provisions of the Technology Control Plan.

Host Employee Signature: _________________________________________               Date: __________________________

                                                                     Restrictions/Limitations
Export Compliance Coordinator Approval


                                                                     Restrictions/Limitations
Security Management Approval

                                        Send completed form to DPA.ExportControl@L-3com.com
       ATTACHMENT C

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:134
posted:1/11/2011
language:English
pages:13
Description: Computer Repair Non Disclosure document sample