International Travel

International Travel Policies & FAQ

Interim Policy for International Travel Safety and Compliance

Export Control - International Travel & Activities

FAQs - International Travel

Travel Authorization Process

All University of Arizona personnel and students traveling internationally on University business are required to complete a Travel Authorization form, register each trip in the University International Travel Registry, and receive approval prior to travel. 

Please use the following security protocols and review available resources before traveling abroad for any official University of Arizona business. Travel outside the U.S. or its territories with electronic devices presents risks, including:

  1. Loss, theft, or seizure of devices, data, and login credentials
  2. Device infiltration or malware compromising sensitive information
  3. Violations of federal regulations.

To reduce the potential for data and identity theft, the University recommends that individuals traveling abroad take a loaner or “clean” laptop/device, ensure that other devices do not carry university data or login information to access that data, and follow the Security Guidelines for International TravelColleges are responsible for developing procedures to provide loaner devices.

Please be aware that transporting certain equipment, materials, and software may require an export license which can take up to two months to process and even longer if your plans include travel to a Heightened Risk or Highly Sanctioned country. Export Control will obtain the necessary approvals to facilitate your travel.

Before traveling abroad with a University and/or personal electronic device, refer to this chart for guidance.
 

International Destinations

 

Data Transported or Accessed

 

Device Requirements and Recommendations

All Countries

Export-controlled data

REQUIRED: Do NOT travel with or access export-controlled data on any device; Check with Export Control for guidance and export authorizations.

Lower Risk  Countries (examples:, European Union, United Kingdom, Australia, Japan, Canada, not on the lists below)

University data (excluding export controlled data or HIPAA/PHI data)

REQUIRED:  Laptops/devices cannot have export controlled or HIPAA/PHI data. 

 

RECOMMENDED:  Follow the Security Guidelines for International Travel and be aware of the risks connecting to public wifi sources.  

 

Contact the Export Control Program or HIPAA Privacy Program for guidance/questions. 

Other Heightened Risk Countries

Research data

 

HIPAA/PHI data

REQUIRED: Laptops cannot have research data. Travel with a clean laptop.

Do not access or store university data with personal devices.

 

Check with HIPAA Privacy Program for guidance or exceptions.

 

Other University data (i.e., not  research data or export controlled)

RECOMMENDED: Laptop without university data, and no use of personal device to access university data.

Highly Sanctioned Countries

Any university data, including stored credentials to university systems

REQUIRED: Laptops cannot have data. Travel with a loaner or clean laptop.

 

Do not access or store university data with personal devices.

 

A federal license is likely required; contact Export Control for assistance.

Thank you for your diligence in ensuring your work is secure and compliant with U.S. export control laws and regulations. Contact Export Control with any questions.


Duo Restricted in Embargoed Countries

The UA agreement with Duo does not allow UA users to access or use Duo's services in a U.S. embargoed country without U.S. government authorization. In addition, there are export control regulations that impact the use of Duo in embargoed countries. Cuba, Syria, and Iran are the comprehensively embargoed countries. There is an OFAC General License D-1 Iran that covers the use of Duo in Iran. No additional paperwork is required.

To access or use Duo's services in Cuba requires signed documentation prior to travel. The Consumer Communications Devices ("CCD") license exception form should be signed by the traveler and sent to Export Control for signature (export@arizona.edu). The form will be returned and should be kept with the traveler during the trip. Documentation must be kept for five years.   

License Exceptions Forms

License exception forms may be needed when taking items or equipment abroad.

TMP License Exception Form  If a Commerce license is required, this form should be used in lieu of a license (applicable for most countries) if the traveler is taking University owned equipment, such as a laptop. This exception is not applicable for anything ITAR controlled; a license from State would be required. 

BAG License Exception Form  If a Commerce license is required, this form should be used in lieu of a license (applicable for most countries) if the traveler is taking a personal laptop or other equipment that contains University of Arizona project data. This exception is not applicable for anything ITAR controlled; a license from State would be required. 

CCD License Exception Form  License exception CCD authorizes the export or reexport of commodities and software controlled under the Export Administration Regulations (EAR) to Cuba or Sudan under specific conditions. Only certain commodities and software are authorized. 

Accessing Data While Abroad Accessing export-controlled data abroad is considered an export, including opening an encrypted email with ITAR or export controlled data or accessing the data even on the University server through the VPN. University personnel must coordinate in advance with Export Control if they need to access export-controlled data abroad. A license or license exemption is required in most cases. However, there are some countries where a license or license exemption would not be granted.

Related Files