CONTROL PROCEDURES FOR UNCLASSIFIED TECHNICAL DATA DISCLOSING MILITARILY CRITICAL TECHNOLOGY



Similar documents
The USA Patriot Act Government Briefing. Kirsten Tisdale, Chris Norman, Sharon Plater & Alexandra (Gina) Henley September 30, 2004

PRIVACY IMPACT ASSESSMENT (PIA) For the

Privacy Act of 1974; Department of Homeland Security <Component Name> - <SORN. AGENCY: Department of Homeland Security, Privacy Office.

SUMMARY: The Office of the Secretary of Defense proposes to. alter a system of records notice DPFPA 02, entitled Pentagon

PRIVACY IMPACT ASSESSMENT (PIA) For the

The United States Federal Trade Commission ("FTC") and the Office of the Data Protection Commissioner of Ireland (collectively, "the Participants"),

APPENDIX H SECURITY ADDENDUM

PRIVACY IMPACT ASSESSMENT (PIA) For the

SUMMARY: The National Guard Bureau proposes to add a new system. of records, INGB 005, entitled Special Investigation Reports

HIPAA BUSINESS ASSOCIATE AGREEMENT

Data Protection Policy

PRIVACY IMPACT ASSESSMENT (PIA) For the

How To Disclose Your Foreign Bank Accounts And Avoid Criminal Prosecution! FIVE STONE. tax advisers

BERKELEY COLLEGE DATA SECURITY POLICY

7.0 Information Security Protections The aggregation and analysis of large collections of data and the development

HIPAA Employee Training Guide. Revision Date: April 11, 2015

Report of the Information & Privacy Commissioner/Ontario. Review of the Canadian Institute for Health Information:

Directors and Officers Liability Insurance

FedRAMP Package Access Request Form For Review of FedRAMP Security Package

A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1

Information Security Policy. Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services

LICENSURE BY EXAMINATION APPLICATION

SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY

Privacy and Cloud Computing for Australian Government Agencies

HIPAA Privacy Summary for Self-insured Employer Groups

white paper Mitigate Risk in Handling ediscovery Data Subject to the U.S. Export Control Laws and Regulations

PRIVACY IMPACT ASSESSMENT (PIA) For the

STATE OF CONNECTICUT REGULATION of the DEPARTMENT OF CONSUMER PROTECTION (NAME OF AGENCY)

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc.

BUSINESS ASSOCIATE AGREEMENT ( BAA )

PRIVATE SCHOOL REGISTRATION FOR POSTSECONDARY DEGREE GRANTING EDUCATION INSTITUTIONS. Chapter 30

Department of Defense DIRECTIVE

EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy )

Privacy and Management of Health Information: Standards for CARNA s Regulated Members

United States Department of State Privacy Impact Assessment Risk Analysis and Management

a. A person whose sole function in the work is to perform labor under the supervision or direction of a building contractor.

CHAPTER 277 CERTIFICATION OF ALARM SYSTEM CONTRACTORS AND INSTALLERS (100C) Establishment of program. There is established within the fire

Department of Defense INSTRUCTION. Security of Unclassified DoD Information on Non-DoD Information Systems

Policies and Procedures SECTION:

INDIANA FALSE CLAIMS AND WHISTLEBLOWER PROTECTION ACT. IC Chapter 5.5. False Claims and Whistleblower Protection

SECURITY and MANAGEMENT CONTROL OUTSOURCING STANDARD For NON-CHANNELERS

Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information

POST-GOVERNMENT EMPLOYMENT ADVICE OPINION REQUEST

PRIVACY IMPACT ASSESSMENT (PIA) For the

MEMORANDUM OF UNDERSTANDING Between COMPANY And MISSOURI STATE UNIVERSITY

Business Associate Agreement

Nevada Registered Agent Association Proposed Changes to SB 39. February 3, 2015

How To Ensure Health Information Is Protected

ACKNOWLEDGMENT OF RECEIPT OF NOTICE OF PRIVACY PRACTICES

The Health Information Act. Use and Disclosure of Health Information for Research

Department of Defense MANUAL

Approved By: Agency Name Management

OFFICIAL. NCC Records Management and Disposal Policy

Enclosure. Dear Vendor,

BUSINESS ASSOCIATE CONTRACTUAL ADDENDUM

INSURANCE REGULATION 115 LIFE SETTLEMENTS

Outside Director and Proxy Holder Training: Module 1: Intro to DSS and Foreign Ownership, Control, or Influence (FOCI) Defense Security Service

PRIVACY IMPACT ASSESSMENT (PIA) For the

HIPAA Happenings in Hospital Systems. Donna J Brock, RHIT System HIM Audit & Privacy Coordinator

AN ACT IN THE COUNCIL OF THE DISTRICT OF COLUMBIA

PRIVACY IMPACT ASSESSMENT (PIA) For the

HIPAA PRIVACY AND SECURITY AWARENESS

Use & Disclosure of Protected Health Information by Business Associates

INSIDER TRADING POLICY

H. R SEC DIRECTORATE FOR INFORMATION ANALYSIS AND INFRA STRUCTURE PROTECTION.

Infinedi HIPAA Business Associate Agreement RECITALS SAMPLE

8 THINGS YOU MUST KNOW BEFORE THE IRS CALLS YOU

Standards of. Conduct. Important Phone Number for Reporting Violations

HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY

PRIVACY IMPACT ASSESSMENT (PIA) For the

The Law of the City of Moscow. No. 30 dated the 30 th of June On the Chamber of Control and Accounts of Moscow

Business Associate Agreement

Health Information Privacy Refresher Training. March 2013

MDA Small Business Industry Day

Criminals; Rehabilitation CHAPTER 364 CRIMINAL OFFENDERS; REHABILITATION

Last Approval Date: May Page 1 of 12 I. PURPOSE

CONTRACTORS STATE LICENSE BOARD Blanket Performance and Payment Bond Approved Final Text

BUCKS COUNTY DEPARTMENT OF HEALTH RULES AND REGULATIONS FOR CONDUCTING AND OPERATING FOOD FACILITIES

Transcription:

(Example) CONTROL PROCEDURES FOR UNCLASSIFIED TECHNICAL DATA DISCLOSING MILITARILY CRITICAL TECHNOLOGY

TITLE: Unclassified Technical Data Control Procedures PROC. NUMBER: ISSUE NUMBER: ISSUE DATE: PURPOSE To define the responsibility for requesting and administering company certifications, data requests and data handling for Unclassified Technical Data (UTD) disclosing Military Critical Technology (MCT), obtained as a result of Certification under the U.S.-Canada Joint Certification Program. GENERAL In 1985, the United States and Canada signed a Memorandum of Understanding (MOU) that established the U.S.-Canada Joint Certification Program. As stated in the MOU s Joint Terms of Reference for the Joint Certification Program, the program was established to certify contractors of each country for access, on an equally favourable basis, to unclassified technical data disclosing critical technology. This information is controlled in the U.S. by DoD Directive 5230.25 and, in Canada, by the Technical Data Control Regulations (TDCR). Under each Nations laws, the U.S. Department of Defense and Canada s Department of National Defence may withhold such technical data from public disclosure. To meet the provisions of the U.S. Department of Defense Directive 5230.25 and the Canadian Department of National Defence Technical Data Control Regulations, so that (company name) may have access to certain sensitive information necessary for our business operations, the procedures outlined in this document must be followed. Use and disclosure of unclassified technical data obtained by (company name) under these procedures must be restricted to the purpose identified to the government agency when the data release was requested. If additional uses are identified after receipt of the data, prior approval must be obtained from the appropriate government agency by (company name) using the Supplementary Data Request procedures identified in this document. 2

* NOTE * Employees are advised that illicit use or disclosure of this data, especially unauthorized export, may result in criminal prosecution of the individual(s) responsible, including officers of the company. As well, serious penalties for the company may result, such as revocation of certifications and exclusion from the export process. PROCEDURES 1.0 Certification Procedures Certification, as required, shall be sought for each of (company name) scope of activities, i.e., current and planned products and services, which fall within the definition of military critical technology. Each physically separate facility or division shall apply separately for certification. Certification submission requests shall be completed by the Custodian (Technical Data Librarian/Facility Security Officer/Project Administrator) using form DD 2345 Military Critical Technical Data Agreement, and shall be signed by the (Vice-President Contracts and Pricing/Delegated Company Official) prior to submittal to the U.S.-Canada Joint Certification Office in Battle Creek, Michigan. Additional certifications may be required to permit (company name) to obtain unclassified technical data for a proposal or a contract. As soon as such a need becomes apparent, the Custodian should be advised of the new scope of activity requirement so that the Custodian can determine if an amendment to the existing certification is required in the area identified as Description Of Relevant Business Activity on the form DD 2345. The Custodian shall be responsible for administering and maintaining a record of both submitted and approved certifications and their respective scopes of activity. The Custodian shall also be responsible for requesting renewal of those certifications that are required at the end of the five year period. 2.0 Data Request Procedures As the need arises for (company name) to obtain unclassified technical data for a proposal or contract, the Custodian shall be advised of the data required and the purpose(s) for which the data will be used. 3

The Custodian shall complete the appropriate Data Request and submit it to the government agency which owns or controls the data required. As a minimum, the Data Request should include the following: - A copy of the companies DD 2345; - Detailed information on the data required; - A statement of the intended data use. The request should be made on company letterhead. The Custodian shall be responsible for maintaining a record of both submitted and approved requests for unclassified technical data. Data Requests are reviewed by the government agency which owns or controls the unclassified technical data. Release approvals may be accompanied by additional controls or measures specified by the government agency to safeguard the data. Such additional controls or measures shall be implemented by (company name), and may be subject to audit by the government agency which demanded them, or, by the government Industrial Security Program officials. 3.0 Supplementary Data Requests Should additional business uses be discovered for specific unclassified technical data, after release to (company name), employees shall advise the Custodian so that a Supplementary Data Request can be submitted to the government agency which owns or controls the data. Employees shall not use the unclassified technical data for any other purpose other than that for which the data were released to (company name). 4.0 Data Release Procedures The Custodian shall receive the unclassified technical data when it is released by the government agency. Receipt shall be recorded and restrictive markings shall be checked and recorded by the Custodian prior to release of the data to the division of project which has the primary need for the data. If the unclassified technical data has not been marked as such by the government agency prior to release to (company name), the Custodian shall mark the data appropriately on receipt. 4

The Custodian shall release the data to the appropriate division s or project s data handling facility (e.g., Engineering Data Records, Program Data Bank, System Administrator). Any additional controls or restrictions imposed by the releasing agency shall be highlighted by the Custodian to the division or project receiving the data. *WARNING* Technical Data received through the Joint Certification Program cannot be released to any employee of the company who is not a Canadian or U.S. Citizen or an officially designated Permanent Resident of Canada or an Intending Citizen of the United States. 5.0 Data Handling Responsibility The receiving division or project is responsible for implementation and maintenance of the controls and measures appropriate to safeguarding the specific data, as well as any additional controls and measures imposed by the releasing agency. Each employee who uses the unclassified technical data, received through this program, is responsible for its care while in its immediate charge, and for its safe return when use is finished. 6.0 Use and Disclosure of Unclassified Technical Data Employees shall use unclassified technical data only for the purpose for which it was released to (company name). Such purpose is recorded on the Data Request. If additional uses for the data are identified after receipt by (company name), a Supplementary Data Request must be made and agency approval granted prior to any such additional use of the data. Unclassified technical data shall be disclosed by (company name) only for the purpose specified in the Data Request. Such disclosures would include, for example, proposals or contractually -deliverable data. No disclosure of unclassified technical data is permitted other than for the reasons identified to the government agency in the Data Request. Casual requests for unclassified technical data from companies or individuals shall be denied. (Company name) may direct such companies or individuals to the government agency which owns or controls the data and/or to the U.S.-Canada Joint Certification Office. 5

*WARNING* Violators of Export Control Laws are subject to criminal prosecution. 7.0 Disposal of Unclassified Technical Data Disposal of unclassified technical data is the responsibility of the division or project that had primary need for the data. Disposal methods may include, for example, return to the government agency or shredding by (company name). Disposal conditions will vary depending on its sensitivity. Employees should contact the Custodian for guidance regarding disposal requirements for the specific data involved. 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information