Guide for Managing Controlled Software
Software refers to a collection of one or more computer programs or micro programs in either source code (programming statements) or object code (machine-readable instructions).
There are United State laws regulating technology, this includes software. Software falling within this category is consider controlled software. Unauthorized access, use for an unpermitted purpose, and or mismanagement of such software creates a risk for the information owner and reputational harm and legal complications for Purdue University. The Export Controls Office is here to help ensure the proper management of controlled software.
Purdue University must meet the regulation requirements to ensure compliance. Examples of regulations included, but are not limited to:
- International Traffic in Arms Regulations (ITAR)
- Export Administration Regulations (EAR)
- Department of Energy regulations (DOE)
- Nuclear Regulatory Commission (NRC)
The types of regulation requirements vary and require export control review. Examples software controls included, but are not limited to:
- Restrictions foreign entities or persons
- Software with distinct licensing requirements
- Distinct disposal requirements
- Software restriction for operation outside of the US
Note: Controlled software must not be installed until a full review has been conducted by Export Controls.
The following items could be required when working with Controlled Software, this would be performed by Export Controls.
- Take the appropriate export control Training
- Having a completed background check of individuals working with the software on file with Human Resources - see Purdue's Policy on Background Checks (VI.F.6)
- Note: Consistent with Purdue's Policy, if a pre-employment background check was not completed, one will be required before someone is authorized to work with controlled software
- Parties should be screened against U.S. Government Restricted Party Lists when applicable
- When necessary, a TCP or GGM will be created if the software has export controls
RSICC License Request
Purdue University, has created a process to request and install RSICC controlled software on a central service. The secure process allows us to compile with export regulations and RSICC licensing terms while safeguarding the installation of the software. See RSICC License Request.
Additional Information
- Export Classification
- Purdue IT Standards
- Purdue End User Security Guidelines
- Purdue Data Classification & Handling
- Media Disposal Guidelines
Need Help?
Contact the Purdue Export Controls team by email at exportcontrols@purdue.edu, by phone at (765) 494-6840, or in person on the 10th floor of Young Hall (155 S Grant St.).
- Export Controls
- Policy
- FAQs
- Foreign Talent Recruitment Program
- Definitions
- Controlled Unclassified Information (CUI) and Covered Defense Information (CDI)
- Training
- Publication and/or Dissemination Restrictions
- International Travel
- International Research Collaborations
- Working with Controlled Software
- Using Proprietary and/or Confidential Information
- Conducting Research Outside US
- Working with International Staff and Students
- Hosting International Visitors
- International Shipping
- Guidance Documents