University-Wide Visitor Policy
The purpose of the policy is to 1) enhance the safety of Visitors and the entire campus community; 2) protect and promote the University’s mission, vision, and values; 3) enhance the development of intellectual property and compliance with applicable U.S. regulations and laws that prohibit transactions with restricted entities; and 4) support IT security and services and other mission-critical infrastructure.
The University of Kansas and all of its controlled affiliated units.
The University of Kansas (KU) is committed to maintaining an open and free academic environment that supports both domestic and international collaborations. In the event such collaborations result in a Visitor to campus, there may be applicable state or federal laws and regulations that apply. To support the University’s interests in collaboration, while complying with laws and regulations, the University sets forth this policy.
Definition of Visitor (also found in the definitions section)
Individual(s) (international or domestic) who: 1) are not otherwise employed by or have a current formal affiliate status, that are coming to campus, either in person or by way of telecommunication, to conduct business; and 2) who have access to KU intellectual property, research data, research facilities, network access, or access to secure physical spaces. Business includes but may not be limited to: vendors or contractors visiting campus, those conducting collaborative research; providing instruction that is supervised by appropriate KU personnel, or observing KU instruction, administration, or research. KUL and KUMC inter-campus collaborations/activities may subject existing employees, formal affiliates, or students to Visitor status when visiting other campuses.
Scope of Policy
This policy applies to all KU personnel, including personnel of controlled affiliated units, who coordinate, invite, or host individuals from other universities, institutions, and businesses to visit any KU campus. This policy applies to both domestic and international Visitors and other individuals collaborating with KU employees (faculty and staff) who have access to KU intellectual property, research data, research facilities, network access, or access to secure physical spaces. For KUMC, access to any of these items may also be subject to The University of Kansas Health System’s policies.
KU requires that each campus institute processes for Visitors to undergo appropriate due diligence checks to comply with export compliance laws and other regulatory requirements, and execute certain agreements as necessary related to protecting intellectual property (e.g., technology control plans (TCPs), nondisclosure agreements (NDA’s), related training).
Additionally, KU will require each campus to institute procedures and processes for training requirements, badging or other identification, vetting for provision of network access, licensing (where applicable), and liability coverage as necessary for the type of Visitor.
Each campus will ensure the following issues are addressed in their procedures and processes:
- Any Visitor provided access to restricted spaces, such as labs or offices protected by lock or key card access, must have appropriate permissions (e.g., temporary badges, name tags, chaperones), and the hosting unit must maintain a Visitor(s) roster and record for the intent and duration of the visit.
- Visitors to campus may be required to complete compliance certifications in the form of trainings or attestations, based on the nature of their visit. The hosting unit of the Visitor is responsible for identifying the necessary trainings and ensuring the Visitor is compliant. Examples may include Environmental Health and Safety, Information Security, HIPAA training if accessing protected health information, lab, or other safety trainings. Depending on access requested, training at KUMC may also be subject to The University of Kansas Health System’s training requirements.
III. Export Control
- This policy is intended to improve compliance with U.S. law, regulatory requirements, and university-wide risk management. U.S. regulations and laws require KU to evaluate collaborative efforts for potential export control issues, the necessity for an export license, and to certify those findings. This policy helps fulfill KU’s compliance requirements as mandated by federal laws and regulations including the Export Administration Regulations (EAR), the International Traffic in Arms Regulations (ITAR), Office of Foreign Assets and Control (OFAC), and all other applicable export and import regulations, in the U.S. and abroad (related Export Compliance materials can be found at https://gos.ku.edu/research-and-contract-compliance).
- In order to comply with export control rules, each campus, at a minimum, must conduct for each Visitor (as defined by this policy), as well as for any other individual given access to information that would not be considered fundamental research, a “due diligence” screening and for KUMC may be subject to relevant University of Kansas Health System policies.
- Units conducting their own due diligence screenings are to contact the Office of Global Risk and Security (GRS) (firstname.lastname@example.org) any time there is an alert; in some cases these alerts can be deconflicted and cleared through further review to authorize the visit.
IV. Insurance Coverage, Licensing, etc.
- The hosting unit may require appropriate qualifications for Visitors, pertinent to the purpose of their visit (e.g., insurance coverages, licenses, certifications). The hosting unit is to manage all required documentation.
V. Network and Data Access
- While many visitors may not need or request network access, in the event a Visitor does require access, existing network access policies and procedures are to be followed.
- If a Visitor is to have access to restricted data, the hosting unit must receive appropriate authorization(s) specific to the type of data. Data access may be governed by network access standards and/or export control laws.
Prospective students visiting campuses.
Individuals attending events open to the public (e.g., sporting, musical, and theatrical events), who will be in public spaces, or who will not be accessing otherwise restricted spaces or information.
This policy is not intended to replace existing security/compliance procedures already in place at the various campuses.
Failure to comply with this policy may result in the loss of privileges for hosting or otherwise collaborating with Visitors. Additionally, violations of U.S. laws and regulations could lead to disciplinary actions by the University as well as penalties imposed by federal and state authorities.
Export. Any oral, written, electronic or visual disclosure, shipment, transfer or transmission outside of the U.S. to anyone, including a U.S. citizen, of any commodity, technology (information, technical data, or assistance), or software/codes.
Fundamental research. Basic and applied research in science and engineering, the results of which ordinarily are published and shared broadly within the scientific community, as distinguished from proprietary research and from Industrial development, design, production, and product utilization, the results of which ordinarily are restricted for proprietary or national security reason. Fundamental research does not have specific national security controls such as prepublication review with approval, restrictions on pre-publication dissemination, or restrictions on participation by non-U.S. citizens or others.
Visitor. Individual(s) (international or domestic) who: 1) are not otherwise employed by or have a current formal affiliate status, that are coming to campus, either in person or by way of telecommunication, to conduct business; and 2) who have access to KU intellectual property, research data, research facilities, network access, or access to secure physical spaces. Business includes but may not be limited to: vendors or contractors visiting campus, those conducting collaborative research; providing instruction that is supervised by appropriate KU personnel, or observing KU instruction, administration, or research. KUL and KUMC inter-campus collaborations/activities may subject existing employees, formal affiliates, or students to Visitor status when visiting other campuses.
06/01/2023: Updated Global Operations and Security to Global Risk and Security.
08/26/2022: Fixed broken links to Due Dilligence and Export Compliance Materials.
11/29/2021: Updated links to KUMC Educational Experience.
06/23/2021: New Policy published in the Policy Library.
06/16/2021: Policy approved by the Chancellor.