Appendix B: Risk Classification and Examples

This appendix provides illustrative examples and reference tools to support consistent application of the SUNY I‑RISK framework. It is intended to assist campuses and SUNY System Administration in understanding how activities may be classified across the three risk tiers. The examples and criteria below do not replace the core guidance and are not intended to be exhaustive.

Three Risk Tiers (Reference Overview)

Tier 1 - Campus-Level Activity (Routine / Low Risk)

Tier 1 covers day-to-day academic, research, or administrative interactions that are routine in nature and do not involve sensitive subject matter or risk enhancing characteristics described in Tier 3.

Examples may include:

Attendance and/or presentations at open international conferences or symposia (in-person)
Serving on dissertation committees, PhD advising and mentoring.
Routine student study abroad and undergraduate student exchanges.
Student recruitment and admissions activities. Routine student and parent communications.
Faculty/staff travel or virtual meetings, communications, or interactions unrelated to senior government or political officials.[1]
Ongoing stewardship of partnerships with foreign public universities that do not involve restricted or sensitive research or data.

Process (reference):

No submission to SUNY System is required.
Activities are managed and recorded through existing campus travel, research, or international program approval and tracking processes.
If an activity changes in scope, subject matter, access, or participants, it should be reassessed under the framework.

Tier 2 - SUNY Awareness and Monitoring (Moderate Risk)

Tier 2 captures international engagements that exceed routine academic activity and warrant System level visibility, but that do not present unresolved security risks. Tier 2 is intended to support transparency, pattern analysis, and State reporting without introducing routine review or approval requirements.

Examples may include:

Formal meetings with national level diplomats, senior officials, or official missions
Meetings with foreign provincial or state level leaders
Initial or substantive discussions related to new or revised MOUs or other agreements involving academic programming or research conducted jointly with non-US based entities, regardless of country
Joint funding discussions with foreign public agencies that are not broadly available to U.S. institutions

Process (reference):

Campuses submit Tier 2 activities using the SUNY International Engagement Form or an approved equivalent process, where applicable.
Each submission populates the System level real time tracker for visibility, transparency, and aggregate analysis.
Tier 2 submissions are not intended to require active review. Campuses may proceed with the activity following local approval unless contacted by SUNY System for clarification or follow up.
Submissions are screened for proper categorization and may be sampled periodically or flagged if specific questions arise.

Campus prescreening (reference):

Campuses conduct local prescreening of Tier 2 submissions to ensure completeness and alignment with campus policies and applicable federal requirements.
Prescreening supports accuracy and consistency and does not, by itself, change Tier classification or introduce additional approval steps.

Approved alternative processes:

To reduce duplicative reporting and administrative burden, SUNY System may approve campus based Tier 2 tracking or approval mechanisms as functionally equivalent to submission through the SUNY International Engagement Form.
Approved alternatives must capture the required information elements, allow System level access for visibility and reporting, and support aggregate analysis and State reporting requirements.
Campuses seeking to rely on an approved alternative process coordinate with the SUNY Office of Global Affairs to ensure continued alignment with the I‑RISK framework.

Tier 3 — Elevated Risk / Risk Review Pathway

Tier 3 is a risk review pathway, not an automatic escalation. Tier 3 applies when activities involve designated countries of concern in combination with risk enhancing characteristics, or sensitive or dual use subject matter regardless of country.

Tier 3 indicators may include:

Engagements with sanctioned, state owned, military affiliated, or party-linked entities
Activities involving non‑public research, controlled data, or restricted facilities, including unpublished datasets, sensitive student or health data, restricted laboratory environments, proprietary software or models, or data subject to contractual, regulatory, or export control restrictions
Dual use or sensitive technologies identified under federal export control regimes
Closed door or nontransparent engagements
Known or suspected foreign intelligence, defense, or security ties
Funding from non‑transparent sources or activities in embargoed regions

Examples may include:

Collaboration with institutions known to be government controlled in defense related technical areas
Partnerships with defense adjacent institutes in designated countries
MOUs or agreements with state owned enterprises
Visit requests from military academies or intelligence linked delegations
Research or training collaborations involving controlled technical areas regardless of country
Dual degree or completion degree programs in sensitive or controlled technical fields

Campus Level Clearance within Tier 3 (Illustrative)

Engagements that involve a designated country may be reviewed and cleared at the campus level, without escalation to SUNY System, when all of the following conditions are met:

The activity is limited to open, fundamental academic work, such as teaching, scholarly exchange, or basic research that may be intended for publication or broad academic dissemination.
Based on reasonable institutional knowledge and available information, there is no indication that the foreign institution or individuals involved are acting on behalf of a foreign government, military, intelligence service, or political party.
The engagement does not involve access to controlled research, restricted facilities, non‑public datasets, or technologies subject to export control.
The interaction is routine and transparent, consistent with normal academic practice, and does not involve closed door meetings or special confidentiality obligations beyond standard academic norms.
There is no foreign government funding, direction, or sponsorship tied to the activity.
The engagement does not include meetings with senior government officials, diplomats, or political party representatives.

Campuses are expected to apply reasonable diligence in making these determinations and to document the basis for campus level clearance consistent with the exclusion discussed above. Records should be retained locally and made available to SUNY System upon request.

Risk Classification Framework (Reference Table)

Risk Tier	Criteria (Illustrative)	Examples	Required Action
Tier 1 Routine	No risk enhancing characteristics; open and transparent activity; no controlled access	Open academic conferences; routine study abroad; faculty travel for non‑sensitive collaboration	No System submission; campus level tracking
Tier 2 Moderate Risk	Formal government engagement; agreement discussions; non-open public funding	MOU renewal discussions; meetings with provincial officials; joint funding discussions	System submission for visibility
Tier 3 Elevated Risk	Designated countries with risk enhancing characteristics or sensitive subject matter	Defense adjacent partnerships; state owned entities; controlled research	Entry into risk review pathway

To send suggestions for questions to be added to the FAQ, or to report post-facto for those who missed submitting in advance or experienced unexpected interactions with government officials while on travel, please email IRISK@suny.edu.

[1] Interactions are in-person meetings, electronic remote communications, email, phone, videoconferencing, social platforms, data sharing sites. Senior government and political officials are individuals who serve a foreign government and have decision making authority over resources, access, or programs. Examples include national or provincial ministers or vice ministers, ambassadors, consuls general, heads of government agencies or commissions, senior military officials, and senior political party leaders.