An integral component of the risk assessment process is the Risk Assessment Form. Researchers complete the form by conducting open-source due diligence, by working with internal resources and services within their institutions, and by consulting with their partner organization(s), where appropriate, to validate their responses. Following that, the completed form is submitted alongside their research partnership grant application. As with all other application documentation and information that is provided by the applicant, the Risk Assessment Form is only used for its intended purpose – to collect information on and assess risks related to the research partnership.
For each research partnership application submitted with a Risk Assessment Form, the risk assessment process is conducted in three steps:
Step 1: Administrative validation by the Granting Agency
First, the Risk Assessment Form is administratively reviewed by the granting agency to ensure that all the questions and components on the form have been completed by the applicant. This review also includes a risk validation assessment using open-source due diligence methods, based on the National Security Guidelines for Research Partnerships and guidance from Canada’s national security departments and agencies. As part of the administrative review process, applications with possible or identified risks are referred to the granting agency’s internal Risk Assessment Committee, which discusses each application on a case-by-case basis and determines whether additional assessment and advice is required from the national security departments and agencies.
After completing the administrative review, the granting agency proceeds with the merit assessment of the funding application using its established mechanisms of peer review. The Risk Assessment Form is not shared with peer reviewers.
In cases where the funding organization’s internal risk assessment identifies a need for a national security assessment to inform the funding decision, they will refer the relevant application documents to Public Safety Canada. This referral usually occurs after a successful merit assessment, but prior to the funding organization making a funding decision.
If the Policy on Sensitive Technology Research and Affiliations of Concern (STRAC) also applies and the grant application is identified as aiming to advance a Sensitive Technology Research Area, any attestation forms submitted with the application will also be shared with Public Safety Canada for validation, in parallel to the national security assessment.
Step 2: Referral of applications to Public Safety Canada
Upon receipt of a funding application from a granting agency, Public Safety Canada conducts an initial review, to determine which security agency is responsible for leading the national security assessment of the proposed research partnership project. The lead security agency may be Public Safety Canada, the Canadian Security Intelligence Service, or the Communications Security Establishment.
- Public Safety Canada coordinates national security-related activities across relevant federal departments and agencies. The department’s mandate is to keep Canadians safe from a range of risks such as natural disasters, crime, and terrorism. As part of Public Safety Canada’s mandate, the Minister of Public Safety is responsible for policy leadership in the areas of national security and economic-based threats to national security. This includes leading the coordination of the federal security and intelligence community in safeguarding Canada’s world-leading research ecosystem, as well as intellectual property businesses.
- Canadian Security Intelligence Service is an intelligence agency that investigates activities suspected of constituting a threat to the security of Canada and Canadians. Canadian Security Intelligence Service’s priorities include threats that can jeopardize Canada’s economic, national, and research security.
- Communications Security Establishment is the national signals intelligence agency for foreign intelligence and the technical authority for cybersecurity and information assurance.
The lead security agency, under their respective authorities and mandate, conducts a national security assessment and provides it to Public Safety Canada. Once the assessment is completed, Public Safety Canada may further consult other relevant departments such as Global Affairs Canada to take into account other relevant considerations related to the science, economic benefits, or global implications of the funding application, before returning the assessment results and any additional advice to the granting agency.
Step 3: Funding decision
The granting agency considers the national security assessment and advice received from Public Safety Canada, alongside the result of the merit assessment, to make a funding decision for each application. The granting agency then notifies the applicant of its funding decision.
The applicant is provided a decision letter that includes information on the results of the merit assessment and information on the national security assessment of their application (where applicable). The Government of Canada is committed to ensuring transparency across all funding decisions while also building the science and research community’s level of risk awareness. Where applicable, applicants that were denied funding will be offered the opportunity to request a meeting with representatives from the respective granting agency and the Research Security Centre to discuss the results of their application’s national security assessment.
If an applicant receives funding for their proposed research project, they must implement the risk mitigation plan outlined in their application, for the duration of the project. Dependent on the advice provided by the national security departments and agencies, the granting agency may require the implementation of additional mitigation measures as a condition of funding.