TCP Management
Managing Technology Control Plans for ITAR compliance
What is a Technology Control Plan?
A Technology Control Plan (TCP) is a documented set of security measures designed to prevent unauthorized access to ITAR-controlled technical data. TCPs are required when working with foreign nationals or when technical data could be accessed by non-U.S. persons.
When TCPs Are Required
- Foreign national employees accessing ITAR data
- ITAR work performed at facilities with foreign nationals
- Cloud storage of ITAR technical data
- ITAR projects with international partners
- Research involving ITAR technologies
TCP Components
Physical Security
- Controlled access areas
- Visitor escort requirements
- Secure storage for physical documents
- Access logs and badging
IT Security
- Segregated networks for ITAR data
- Encryption requirements
- Access control lists
- Audit logging
Personnel Controls
- U.S. person verification
- Security clearance tracking
- Training requirements
- Non-disclosure agreements
Procedural Controls
- Data handling procedures
- Incident response plans
- Regular compliance audits
- Violation reporting
Managing TCPs in Arcliance
- Navigate to Technical Data Security
Go to Technical Data Security > Control Plans
- Create New TCP
Define the scope, covered projects, and security measures.
- Assign Assets
Link technical data assets, repositories, and projects to the TCP.
- Define Access List
Specify who is authorized to access covered data.
- Schedule Reviews
Set up periodic TCP review reminders.
TCP Status Tracking
ACTIVETCP is current and operational
REVIEW DUEPeriodic review required
EXPIREDTCP requires immediate update
ARCHIVEDNo longer active, retained for records