Safeguarding Research
Keeping global research vibrant and safe
Global understanding and collaboration are central to our ambition to improve life.
At University of Guelph our researchers are working with international colleagues to help solve worldwide challenges through ingenuity, innovation and partnerships.
Our research reputation is founded on open and collaborative partnerships with national and international partners in academic, government, industry and non-profit sectors. These play a key role in research advances and addressing social, technological and economic issues, and they require the research community to take steps to ensure their research is protected.
The Government of Canada has been collaborating with research institutions across the country to help raise the awareness of potential risks to their research and ensure that the research community is well-equipped to mitigate such risks, including the theft or misuse of knowledge and results.
COVID-19 intensified the focus on these threats due to the nature of the research and the transition to remote working. The following guidance is intended to equip all researchers with information and tools to make sure Canadian research and development benefits both those who perform it and Canadians more generally. Please check back as new resources are added and updated frequently.
Research Security at U of G
Dedicated Research Security resources have been established at U of G to develop and promote research security processes and practices focusing on the following areas:
- Education and awareness - advise the University community on potential current and emerging security risks associated with research in sensitive areas and/or related to research partnerships.
- Due diligence and risk assessments - provide support to the research community in the development of project-specific risk assessments and mitigation plans.
- Compliance – assist researchers with government and funding requirements.
Contact us: research.security@uoguelph.ca [1]
Why is protecting your research important?
Canada's impressive global research reputation is such that it can be a target for others to appropriate this research for their own advantage or gains. This includes research that could be applied to strategic, military or intelligence capabilities of other countries.
Government of Canada: Why safeguard your research? [2]
Who are you at risk from?
In building a secure research environment, it is important to assess the motivations of outside partners, to consider whether members of your own team or institution could be self-motivated or pressured by others to access or steal your research and to acknowledge that foreign countries may target certain types of research to advance their own objectives.
Government of Canada: Who are you at risk from? [3]
What are the risks?
If third parties obtain your research, risks include:
- the theft or misuse of research data
- the loss of intellectual property, patenting and potential revenue
- legal or administrative reprisal
- loss of potential future partnerships
- a tarnished reputation.
Good research security and cyber hygiene practices can minimize the risk of theft and ensure your research remains in your control (see Ccomputing and Communications Services (CCS), University of Guelph: Information Security [4]).
It is also important to be aware of the potential commercial applications of your research (see Research [5] Innovation Office [6]) and to be aware of legal requirements such as export controls and working with controlled goods [7].
Government of Canada: What are the risks? [8]
Government of Canada: Case Studies: Scenarios [9]
What areas of research are most vulnerable?
Research with significant commercial potential, national security impacts or sensitive data with ethical or privacy concerns may be particularly vulnerable. There is more information about this in the following section.
Uncertainty and disruption caused by COVID-19 creates a research environment that is susceptible to threats. This applies specifically to COVID-19 research, but also to the fact that a great deal of research activities are now being conducted remotely. CCS has provided resources [10] to assist people to work remotely in a secure manner.
Canada's cyber security has witnessed a heightened level of risk during the pandemic and the Cyber Centre issues frequent cyber threat alerts and advisories [11].
Government of Canada: Coronavirus disease (COVID-19): Remote Working Remotely [12]
Public Health Agency of Canada, Government of Canada: Canadian Biosafety Guideline – Dual-Use in Life Science Research [13]
Federal and Provincial Research Security Requirements
Below is the summary of the Research Security Requirements:
Research Security Forms
Funding Source | Research Security Form | When Is It Required? | Who Needs To Complete It? | Where to Start? |
---|---|---|---|---|
FEDERAL | Sensitive Technology Research and Affiliations of Concern (STRAC) Attestation [14] | Required if your research project is aiming to advance a Sensitive Technology Research Area. [15] | All named researchers need to complete it and then merge it into one PDF. * | U of G Guide to STRAC Policy [16] |
FEDERAL | National Security Guidelines for Research Partnerships (NSGRP) Risk Assessment Form (RAF) [17] | Required if your research project involves a private-sector partner. | The PI in consultation with co-PI(s) needs to complete it. | U of G Guide for Completing the NSGRP RAF [18] |
PROVINCIAL | Application Attestation [19] | Always required. | All named researchers need to complete it and collate them in a zip folder. * | U of G Guide to MCU’s Research Security Requirements [20] |
PROVINCIAL | Mitigating Economic and Geopolitical Risk (MEGR) Checklist [21] | Always required. | The PI in consultation with co-PI(s) needs to complete it. | U of G Guide to MCU’s Research Security Requirements [20] |
*For Federal and Provincial funding, a named researcher is anyone who is mentioned in the proposal as having an active
role in the project, including Applicant, Co-applicant and collaborators. If STRAC applies to a particular project, no one
involved in the research may have an affiliation with a Named Research Organization for the duration of the project even
if an attestation is not required.
Applicable Funding Programs
Funding Program |
STRAC Attestation |
NSGRP RAF |
Application Attestation |
MEGR |
---|---|---|---|---|
NSERC (all) | X | |||
NSERC Alliance | X | X | ||
SSHRC (all) | X | |||
SSHRC CBRF | X | X | ||
CIHR (all) | X | |||
CIHR Project Grant | X | X | ||
TIPS | X | |||
CFI Exceptional Opportunities Fund | X | X | ||
CFI Northern Fund | X | X | ||
CFI IF (with match funding from ORF-RI-LIF) | X | X | X | X |
CFI JELF (unaffiliated) (with match funding from ORF-RI-SIF | X | X | X | X |
CFI JELF (affiliated) (with match funding from ORF-RI-SIF) | X | X | ||
MCU ORF | X | X | ||
MCU ERA | X | X |
Federal – Sensitive Technology Research and Affiliations of Concern (STRAC) Policy
Applies to NSERC, SSHRC, CIHR, CFI and TIPS
On January 16, 2024 the Ministers of Innovation, Science and Industry; Health; and Public Safety, Democratic Institutions and Governmental Affairs announced the Sensitive Technology Research and Affiliations of Concern (STRAC) policy [22]. This policy follows their joint statement in February, 2023 [23] announcing forthcoming new research security guidelines and is intended to be risk targeted. The policy applies to federal funding that opens May 1, 2024 and onwards through NSERC, SSHRC, CIHR, CFI as well as TIPS programs such as CRC and NFRF. It is not currently being applied to Tri-agency scholarships, or fellowships.
This policy is based on two lists available at the links below. The lists will be regularly updated.
- A list of sensitive research areas [24].
- A list of named research organizations [25] (NROs) with which affiliation will not be permitted for research in sensitive research areas. Subsidiaries to NROs are to be included.
If a research proposal involves a sensitive research area, all researchers named in that proposal are required to provide an attestation stating they have no affiliation with a named research organization. Attestations will be completed by individual researchers using the Attestation for Research Aiming to Advance Sensitive Technology Research Areas form [14].
Affiliation with a named research organization will render researchers ineligible for funding in sensitive research areas. This will be an eligibility requirement and one tool to assess national security concerns; however, projects may still be denied funding if there is deemed to be a national security risk (e.g. partners not on the list but deemed to be high risk).
Access the Tri-agency guidance on STRAC [26] and the CFI Research Security [27] page for more information.
Access the U of G Guide to the STRAC Policy [28] for additional resources.
Federal – National Security Guidelines for Research Partnerships (NSGRP)
Applies to NSERC Alliance, CIHR Project Grant Program, SSHRC CBRF, CFI and OMAFRA
The National Security Guidelines for Research Partnerships (NSGRP) [29], established by the Government of Canada, integrates national security considerations into the development, evaluation, and funding of research partnerships. The Guidelines are aimed to better position researchers, research organizations and Government funders to undertake consistent, risk-targeted due diligence of potential risks to research security.
The Guidelines currently apply to NSERC Alliance grants where there is a private sector partner. As this policy evolves, these Guidelines will apply to other federal partnership programs.
Researchers applying to NSERC Alliance must complete a National Security Guidelines for Research Partnerships’ Risk Assessment Form [30] (NSGRP RAF). This completed form is a component of the Alliance application package.
Access the Tri-agency guidance on the NSGRP RAF [31] and the CFI Research Security [27] page for more information.
Access the U of G Guide for Completing the NSGRP RAF [32] for additional resources.
Provincial – Mitigating Economic and/or Geopolitical Risk (MEGR)
Applies to all Ontario Research Fund (ORF) Programs and the Early Research Awards (ERA)
The Ministry of Colleges and Universities (MCU) requires all applicants to its programs to complete a mitigating economic and geopolitical checklist. The checklist is based on a tool developed by the U15 Group of Canadian Research Universities and Universities Canada in collaboration with the Government of Canada-Universities Working Group: Mitigating economic and/or geopolitical risks in sensitive research projects, A TOOL FOR UNIVERSITY RESEARCH [33]. While the Tool for University Research focuses on ‘sensitive’ projects (i.e., those in emerging technologies with potential military application or in areas where significant political, social or economic interests exist), MCU requires a completed checklist for all projects, regardless of risk profile.
The Tool is meant as one helpful resource to assist with risk mitigation. This University of Guelph guide for applicants is a supplement to A Tool for University Research, designed to clarify internal processes, and connect researchers to internal resources as relevant.
Access the U of G Guide to Ministry of Colleges and Universities Research Security Requirement [20].
Additional Guides and Resources
Safeguarding Science Workshops
Public Safety Canada’s Research Security Centre offers webinars on a rolling basis covering topics such as Safeguarding Science, Dual-Use Technologies, International Student Immigration Process, Canada’s Export and Brokering Controls and Sanctions 101. The webinars are intended for, but not limited to, researchers, research staff including technicians, postdoctoral fellow and students, research security professionals, research administrators, information technology and information management staff, security personnel, biosafety and radiological safety officers, human resources personnel, supply chain personnel and senior management.
See Safeguarding Science Initiative (publicsafety.gc.ca) [34] to view and sign up for upcoming webinars.
Understanding Research Security: An Overview
Government of Canada (GoC) Resources
- GoC: Safeguarding Your Research website [35]
- Public Safety Canada: Building Security Awareness in the Academic Community [36]
- CSIS: Primer on foreign interference and how it relates to academia and research [37]
- CSIS: Protect Your Research – Regional Factsheets [38]
- CSIS: Safeguarding Your Research [39]
- CSIS: Research security, protecting Canadian data, science and technology [42]
Videos and Training Available Online
- Video: Chief Science Advisor of Canada: Why Research Security Matters [43]
- Video: CSIS – Safeguarding Your Research [44]
- Training: Research Security Training courses [45]
- Training: Guidance on Conducting Open Source Due Diligence [45]
Protecting Your Research: Due Diligence and Risk Assessments
Risk Assessments
- U of G: Guide to Developing a Risk Mitigation Plan [46]
- U15: Mitigating Economic and/or Geopolitical Risks in Sensitive Research [47]
Partnerships
- GoC: National Security Guidelines for Research Partnerships [48]
- GoC: National Security Guidelines for Research Partnerships’ Risk Assessment Form [49]
IT & Cyber Security
- U of G: IT Resources for Secure Remote Working [10]
- U of G: Information Security Resources [4]
Data Management
- U of G: Research Data Management [50]
Travel Security
- U of G: Safe Travel Information [51]
- U15: Travel Security Guide for Researchers and Staff [52]
- CSIS: Far From Home – A Travel Security Guide [53]
Export Controls
- U of G: Export controls and working with controlled goods [54]
Applying for Funding with a Research Security Component
Internal Guidelines and Resources
- U of G: Guide to Completing the National Security Guidelines for Research Partnerships’ Risk Assessment Form [32]
- U of G: Guide to the Sensitive Technology Research and Affiliations of Concern (STRAC) Policy [16]
- U of G: Guide to Developing a Risk Mitigation Plan [46]
- U of G: Guide to Ministry of Colleges and Universities Research Security Requirements [20]
External Guidelines and Resources