Safeguarding Research in Canada: A Guide for University Policies and Practices

PDF version

The U15 Group of Canada’s most research intensive universities published the document Safeguarding Research in Canada: A Guide for University Policies and Practices. The document provides a collection of suggested institutional guidelines based on best policies and practices at the institutional level for safeguarding research from the potential risks in global research engagement.

The document reflects U15’s leadership and co-chairing of the Government of Canada – Universities Working Group with significant alignment with existing and forthcoming federal research security policies.


This document is a copy of the original document published by the U15. The original publication is available online at:

U15 Documents - U15 Group of Canadian Research Universities

Authors

Guidelines and assessment tools were developed by the U15 Group of Canadian Research Universities. One primary contact is identified here for ease of reference.

U15 Group of Canadian Research Universities
350 Albert Street, suite 1425
Ottawa, Ontario
K1R 1B1, CANADA
Tel: 613-695-7955

Permission to Reproduce

Except as otherwise specifically noted, the information in this publication may be reproduced, in part or in whole and by any means, without charge or further permission from the U15 and Universities Canada, provided that due diligence is exercised in ensuring the accuracy of the information reproduced; that the U15 and Universities Canada are identified as the source organizations; and that the reproduction is not represented as an official version of the information reproduced or as having been made in affiliation with, or with the endorsement of, the U15 or Universities Canada.

For permission to reproduce the information in this publication for commercial purposes contact Universities Canada using the information mentioned above.

© The U15 Group of Canadian Research Universities and Universities Canada, 2023.


 

Introduction

A defining characteristic of Canada’s university system is its openness to the world. Global engagement is indispensable to the success of our top research-intensive universities, their competitiveness on the world stage, and their ability to enhance the quality of life of Canadians through learning, discovery, and community service. As stated by the Chief Science Advisor of Canada in describing open science, the practice of sharing data, information tools, and research results while also eliminating barriers to collaboration, accelerates discovery and encourages transparency, scientific integrity and professional accountability.

A second defining characteristic of Canada’s leading universities is their commitment to ensuring the responsible conduct of research and research integrity. Over many years, Canadian universities have developed robust policies and practices that guide how research should be conducted throughout the life cycle of each project in keeping with the highest standards of honesty, fairness, trust, accountability, and openness. These university policies and practices operate within the context of federal guidelines such as the Tri-Agency Framework: Responsible Conduct of Research (2021) and the Tri-Council Policy Statement: Ethical Conduct for Research Involving Humans – TCPS 2 (2022) as well as other guidelines including those on animal care.

This global engagement and commitment to the responsible conduct of research enables Canadian researchers to make cutting-edge breakthroughs as they work in collaboration with others worldwide. It enables our universities to attract and educate many of the world’s best students. It enables Canada to recruit outstanding global experts to teach and conduct research. And it ensures that Canadian university students are enriched by engaging with classmates from a wide diversity of backgrounds. Welcoming talent from around the world, regardless of country of origin, is an essential element of Canada’s current and future success as an open, inclusive, and prosperous country. Ultimately, the global exchange of ideas is made possible by this global exchange of people.

In recent years, there has been concern that some foreign entities are seeking to exploit and misuse the very openness and inclusivity that drives our success and world-class performance. This concern led to the creation of the Government of Canada-Universities Working Group on Research Security in 2018 in order to advance open and collaborative research in a way that also safeguards research and maximizes benefits to Canadians. Achievements thus far through regular meetings of the Working Group include the development of the Safeguarding Your Research portal as well as the National Security Guidelines for Research Partnerships. In keeping with the shared responsibility for research security in which Canada’s national intelligence services keep Canadians informed about research risks, institutions have been building on their established policies and practices for supporting the responsible conduct of research by taking the next steps required to safeguard research.

Toward this end, universities have made significant investments in the development of sophisticated risk management frameworks and associated policies and practices, including the management of risk associated with international collaborations, research partnerships and the protection of research data, research results and intellectual property. To build on this work, this document provides a collection of suggested institutional guidelines based on leading policies and practices for safeguarding research from the potential risks in global research engagement. The described practices reflect the commitment of universities to collaborate on developing leading policies and practices through research offices, and on accessing shared technologies to help identify, assess, and mitigate threats to research security. The document should be viewed as an evergreen document that will be annually reviewed for updates, as developments and activities related to safeguarding research evolve.

The following leading practices provide guidelines for institutions to consider in developing their local best practices, given their context.

top of page


Values Underpinning the Leading Practices

These values underpin our collective approach to developing leading practices for safeguarding research at Canadian institutions.

  1. Integrity: as a core principle for researchers and institutions.
  2. Respect: for academic freedom, open-science and diverse and inclusive campus environments.
  3. Trust: across funders, partners, governments, and universities.
  4. Resilience: in developing policies and practices to safeguard research and advance research activity.
  5. Compliance: with all relevant laws, regulations, and ethical standards related to research security.

top of page


Principles for Safeguarding Research at Canadian Universities

Suggested leading practices for safeguarding research for the benefit of Canada are guided by the following principles:

  1. Transparency: Transparent within the institution, with our federal and provincial/territorial governments, and with our broader communities.
  2. Predictability: Provide predictability for researchers, research administrators, as well as our governments and the larger society.
  3. Engagement and inclusivity: Engagement across the university, with particular attention towards upholding principles of diversity, equity, and inclusivity.
  4. Protection of researchers, their research and research spaces: Support researchers in protecting their research from foreign interference, espionage, intellectual property theft or unauthorized knowledge transfer.
  5. Consistency: Consistency in risk assessment of research projects on national security grounds.
  6. Breadth and depth of perspectives: Ensure there is broad disciplinary expertise and intricate knowledge of national security risks leveraged for accurate risk assessment and mitigation.
  7. Shared Responsibility: Safeguarding research is everybody’s responsibility, from the federal government to administrative offices to faculty members.

top of page


Suggested Leading Practices to Safeguarding Research at Canada’s Universities

1. Governance and Risk Frameworks

Governance and risk assessment frameworks can be used to guide the integration of risk mitigation strategies into existing policies and procedures. They also identify where best practices can be incorporated into each universities’ strategies to safeguard research.

1.1. Institutional Research Safeguarding within the Responsible Conduct of Research

Practice

Develop an institutional governance and risk framework for safeguarding research that complements federal government guidelines, and, where appropriate, those of provinces/territories. In doing so, institutions should seek to provide to researchers clarity and consistency on the expectations among any government requirements, the National Security Guidelines risk assessment process and other guidelines and/or criteria that are developed by governmental or institutional authorities.

Outcomes

  • University researchers are supported in understanding services to safeguard and in following granting agency and other sponsor’s procedures.
  • Greater transparency, predictability, and equity in the safeguarding research process.
  • Strengthened institutional policies and practices on research security.

Actions

  • When developing the governance and risk framework, it is recommended that universities consult and engage relevant academic and administrative stakeholders and accountable authorities in the university. Toward this end, promising approaches include:
    • Building collaborations that may include representation from key researchers, faculties, departments, centres and institutes and administrative support units, such as campus security, information technology services, global engagement, graduate and postdoctoral studies, commercialization, entrepreneurship, innovation and partnership offices and procurement, to inform the development of institutional practices that are governed by institutional principles, policies and practices.
    • Developing institutional risk assessment and mitigation approaches for possible adaptation in specific research activities. These could range from actions such as declarations of conflicts of interest to other appropriate means of assessing and forming appropriate partnerships/collaborations, etc.
  • Ensure the university benefits from membership in relevant associations such as U15 Canada and Universities Canada to ensure effective communication with federal governments, and where appropriate, provincial-territorial governments.
  • As appropriate establish open and frequent communication with Provincial and Federal governments (i.e., Innovation, Science and Economic Development Canada (ISED), Public Safety Canada, Tri-Agencies and provincial associations), funding agencies (i.e., MITACS and Genome Canada) and consortia across the sector (i.e., Universities Canada and U15 Canada).

1.2. Government Engagement Strategy

Practice

Engage with governments, when necessary and as appropriate, at both the federal and provincial/territorial levels, to consult on and implement the National Security Guidelines for Research Partnerships and other governmental safeguarding research guidelines, regulations, principles and policies.

Outcomes

  • Greater collaboration between government and universities on risk mitigation issues, best practices, and information sharing.
  • Greater consistency, efficiency and understanding of research partnership and mitigating decisions undertaken in various institutions.
  • More comprehensive understanding regarding the role and application of dual-use or sensitive technologies and export control regulations.

Actions

1.3. Existing Institutional Risk Framework/Policies/Guidelines

Practice

Review existing institutional guidelines or policies to consider where explicit consideration of safeguarding research is acceptable and warranted.

Outcomes

  • An understanding of how safeguarding research policies and practices fit within the overall conduct of responsible research.

Actions

  • Identify any gaps or issues relating to appropriately safeguarding research in the context of established policies and practices for the responsible conduct of research and address them to ensure an overall coherent and consistent institutional approach to research management.
  • As appropriate develop risk frameworks for managing risks to research, including foreign interference threats to people, information, systems, and assets.

1.4. Ground Research Security in the Principles of Equity, Diversity, and Inclusion and Mitigate the Effects of Racial and Ethnic Profiling on the Academic Community

Practice

As part of their initiatives to combat racism and ethnic profiling, institutions have an important role to play in ensuring that efforts to support research security include specific anti-racism action and the support of racialized researchers.

Advocate for and support inclusive research environments, policies and practices, so that researchers are enabled to pursue appropriate international scientific inquiry without fear of prejudice, profiling, or persecution.

Outcomes

  • Universities offer an enriching and safe climate for all researchers.
  • International and domestic students feel welcomed in their pursuit of their studies in Canada and do not have to fear reprisal at home or abroad.
  • Universities safeguard research while upholding principles of equity, diversity and anti-racism.

Actions

  • Identify mechanisms to maintain the spirit of international collaboration, while safeguarding foreign and domestic researchers.
  • Be vigilant that research security training and messaging work within an anti-racist and inclusive framework while emphasizing the importance of a secure international and collaborative scientific community.

top of page


2. Due Diligence, Risk Assessment and Management

The activities related to due diligence, risk assessment, and risk management should guide the university in identifying, assessing, and mitigating risk and ensure university stakeholders understand their role in informed decision making and help guide practices.

2.1. Due Diligence, Risk Assessments and Management Related to Corporate Partners

Practice

Provide assistance to researchers in their risk assessments of partners, provide clarification of at-risk activities (e.g., dual-use, sensitive, or strategic technologies), and assist in preparing and actioning risk mitigation plans.

Outcomes

  • Researchers are well supported in the development of risk assessments and mitigation plans by their various universities.
  • Becoming aware of research security issues related to the commercialization processes and protecting researchers’ intellectual property.
  • International research partners are re-assured of a safeguarded research environment.
  • Professional reputations of the researcher and the institution are upheld.

Actions

  • Conduct discussions with researchers to collaboratively develop risk assessments and mitigation strategies. Where desirable and feasible, provide engagement formats of various kinds, including one-on-one, to facilitate better learning outcomes and more robust risk mitigation strategies. Discussions with affected researchers could also facilitate sharing of best practices of risk assessment, particularly across research teams.
  • Consider providing an appropriate reporting framework for possible foreign interference incidents.
  • Continually monitor unintended consequences of risk assessments faced by researchers, such as a reluctance to pursue funding opportunities, with special attention to issues related to diversity, equity, inclusion and self-censorship.
  • Develop risk mitigation strategies to support safeguarding the results, methodologies, and data as products of research at the institution within an open science context.
  • Develop approval, audit, and continuous evaluation of due diligence processes.
  • Enact continuous learning and improvement in the processes of risk assessments.

2.2. Mapping Key Partnership Networks and Supporting Alternative Funding Sources

Practice

When appropriate, research offices should work with researchers to diversify funding sources, including through government support, especially for those working in sensitive research areas that are affected by the national security guidelines.

Outcomes

  • Researchers have a diversity of funding partners that support their research ambitions.
  • Leading-edge research and innovation are sustainably funded over the long term.
  • Institutions continue to draw top talent through funding opportunities.

Actions

  • Assess and evaluate alternative funding sources.
  • Conduct a mapping exercise of key partner networks to understand institutional and contractual linkages and identify alternative funding sources.
  • Advocate for expanded government funding sources for sensitive research.

2.3. Assessing University-Specific Priority Areas

Understanding vulnerabilities will allow prioritization of areas which may require further protections, particularly with respect to cybersecurity and the strengthening of data management protocols.

Practice

Ensure your institution is aware of the sensitive areas of science and technology identified by government that are potentially vulnerable to foreign exploitation.

Outcomes

  • Institutional infrastructure and resources are better protected.
  • Researchers are more aware of current threats and how to protect their resources.

Actions

  • Conduct an analysis of sensitive research activities to identify priority areas and potential vulnerabilities and partners that render them sensitive areas.
  • Consult with researchers and managers of research facilities to consider vulnerabilities and to identify and eliminate security gaps to build institutional resilience.
  • Engage with information technology services and researchers to construct mitigation strategies for critical areas.
  • Engage with researchers and managers working in sensitive research areas or higher risk partnerships about potential threats and the implementation of risk mitigation plans.

2.4. Institutional International Partnerships

Practice

Work with international offices, where relevant, to align formal institutional international partnerships in sensitive research areas with safeguarding research principles, taking into account the Government of Canada’s list of prohibited entities that pose a risk to national security.

Outcomes

  • Researchers are more aware of potential international partnership risks.
  • University staff are better equipped to understand, undertake risk assessments and develop risk mitigation strategies related to sensitive research involved with international partnerships.

Actions

  • International engagements in areas of sensitive research should be consistent with the Government of Canada’s list of prohibited entities that pose a risk to national security in sensitive areas of technology, rendering them vulnerable to research threats.
  • Develop risk assessment and mitigation strategies for international institutional partnerships in areas of sensitive research.
  • Develop processes for conducting internal risk assessments, where possible, of international institutional MOUs and for screening various new international partnerships in sensitive research areas.
  • Provide useful and relevant information to researchers and units that guides international engagements in sensitive research areas.
  • Develop criteria and training for the consideration of current and potential international partnerships in sensitive research areas.
  • Engage with Canadian institutions to share best practices, perspectives, and processes on international partnerships and support consistency in approaches across the sector.
  • Continue to strengthen internal links among institutional units which engage in international partnerships, including offices that deal with research and international activities.

2.5. Procurement – Risk / Benefit Analysis of U.S.A. funding

The United States’ John S. McCain National Defense Authorization Act Section 889(a)(b), public law 115- 232, impact current and future U.S. federally funded research grants and contracts.

Section 889(a)(1)(B) prohibits executive agencies from entering into, or extending or renewing, a contract with an entity that uses any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system, on or after August 13, 2020, unless an exception applies, or a waiver is granted.

If an institution has any equipment that is banned, it will prohibit researchers from applying for U.S. federal contracts.

Practice

Institutions should consider conducting a risk/benefit analysis of potential responses by the institution to the McCain Act to best support researchers.

Outcomes

  • A well-developed institutional strategy to address the provisions of the McCain Act.

Actions

  • Inform and support applicants and grant holders about restrictions.
  • Develop various processes with procurement, research finance, and research legal counsel to ensure continued compliance with the McCain Act and appropriate language in service contracts.
  • Conduct a risk/benefit analysis of potential institutional responses to the McCain Act and develop a response with a researcher focused solution.
  • Engage with U.S. partners through relevant consortia such as U15 Canada and Universities Canada to monitor and better understand emerging requirements.

top of page


3. Communication, Education and Knowledge Sharing

Safeguarding research is a sensitive topic. Universities should be proactive and thoughtful about their communications at all levels within their organizations to ensure a culture of resilience and avoid undue negative impacts on any of their members.

3.1. Website as a Resource Hub for Institutional Activities and Supports

Practice

Universities should consider ways such as accessible websites to bring together supports and services to the broader community on how to understand safeguarding research issues, safeguarding research principles and up-to-date guidelines.

Outcomes

  • University community members better understand safeguarding research.
  • University community members are updated regularly as guidelines change.
  • University community members are provided with consistent and transparent information.

Actions

  • Develop and include training materials that focus on safeguarding research and cybersecurity/digital-hygiene best practices.
  • Regularly update the portal with relevant information, such as risk mitigation forms, event dates for workshops, information sessions, and training.
  • Seek feedback from the community to continually improve the portal.

3.2. Learnings from other Canadian organizations

Practice

Engagement with partners within your region, province-territories and across Canada (such as through U15 Canada and Universities Canada) on best safeguarding research practices, leading to sharing of best practices and approaches across Canada.

Outcomes

  • Greater knowledge and faster implementation of best practices at institutions across regions, provinces and Canada, relevant to the context of the institution.
  • Greater knowledge and faster implementation of best practices.
  • Increased collaboration on strategies to anticipate and mitigate risks related to the safeguarding of research.
  • Amplification of the key messaging of the institution to achieve greater impact on best practices across the institution.

Actions

  • Engage with other provincial institutions to bring together staff leading safeguarding research work, such as research security officers, to share protocols and practices.
  • Develop formal and informal networking groups within provinces and across the country, such as expert briefing series, working groups and communities-of-practices amongst research security officers to enable understanding of various approaches and harmonization where possible.
  • Continually refine safeguarding research principles based on useful common practices.

3.3. Learnings from other jurisdictions

Practice

Engage with international partners on best safeguarding research practices, leading to greater awareness of international best practices.

Outcomes

  • Greater understanding of practices across key international partners.
  • The creation of a global network of trust and best practice sharing.

Actions

  • Through relevant consortia such as U15 Canada and Universities Canada, engage with university counterparts in peer-countries and peer-institutions to understand their protocols and current practices.
  • Continually refine safeguarding research principles based on useful common practices.

3.4. Host regular major events to hear community-wide views

Practice

Invite key stakeholders (i.e., provincial and federal officials, funding agencies, researchers, research security experts) to discuss issues relating to safeguarding research and help raise our level of common and mutual understanding.

Outcomes

  • An enhanced shared and mutual understanding of the key issues as the landscape evolves.

Actions

  • Engage with researchers, research security experts, cybersecurity experts, peer-institutions, and government to convene meetings and workshops.
  • Convene regular opportunities for networking.

top of page


4. Network and Device Security

A university’s vulnerability to cyber-attacks is influenced by their range of activities, size, and complexity. With the shift toward digital in research, education, and communication there is an increased need for attention to cybersecurity.

Practice

Continually monitor institution networks and devices to ensure they are secure and reduce the probability of cyberattacks, hacking, and network manipulation.

Outcomes

  • Reduced probability of cyberattacks, hacking, and network manipulation.

Actions

  • Develop guidance for the secure use of portable storage devices.
  • Make cybersecurity training available for all researchers and promote uptake.
  • Support greater security of research computing and storage assets on appropriate infrastructure.
  • Consider implementing a travel device loaner program, particularly for travel to higher-risk countries.

top of page


5. Research Security and Campus Security Services

Understanding vulnerabilities of research spaces and laboratories is important, allowing researchers and other staff to understand which areas may require further protections, particularly with respect to cybersecurity and the strengthening of data management and protocols. This includes an understanding of on-campus physical and digital security resources.

Practice

Consider a whole institution approach by mobilizing campus partners to understand vulnerabilities and assess and mitigate risks to research spaces.

Outcomes

  • Greater understanding and cooperation may lead to harmonization between research offices, campus security teams, and university management on risk mitigation strategies.
  • More comprehensive understanding regarding the role of campus security and IT teams in the delivery of Research Security mandate within universities.
  • Consideration of enhanced protection of research facilities, research spaces and laboratories.

Actions

  • Conduct an analysis of research premises to identify priority areas and potential vulnerabilities within research spaces and IT systems. Engage with research leaders, safety offices, plant operations, information technology and campus security services campus security teams to:
    • Establish efficient access control measures to research facilities, research spaces and laboratories in areas related to sensitive research.
    • Assess the requirement for potential additional security measures in sensitive labs and research spaces.
    • Construct mitigation strategies for the protection of sensitive research areas.

top of page