The Government of Ontario is taking active steps to ensure that the benefit of research undertaken in Ontario universities, colleges, academic hospitals, and research institutes through its funding programs is safeguarded to protect Ontario’s long-term economic security and interests against risks that could result in the loss or misuse of publicly funded knowledge. The Ministry of Colleges of Universities (MCU), in partnership with the Ministry of the Solicitor General, will undertake a review of submitted proposals to assess associated potential economic and geopolitical risks and reserves the right to seek additional information to support the applicant’s responses.
Institutions are expected to assess applications submitted for funding for potential economic and geopolitical risks using institutional resources, policies, and processes to help researchers identify and mitigate economic and geopolitical risks. Failure to disclose recent and/ongoing collaborations with foreign institutions and commercial entities or positions on various international committees and boards may impact funding decisions.
Relevant Research Security forms and guidelines are available at:
- Research Security Guidelines and FAQs
- Mitigating Economic and Geopolitical Risk Checklist
- Application Attestation Form
To MCU’s Research Security forms are required for all funding programs including the Ontario Research Fund and Early Researcher Awards.
The following is a step-by-step guide to completing MCU’s Research Security requirements with recommendations and guidelines from internal and external resources.
Application Attestation Form
All named researchers in an application including the principal investigator (PI) are required to complete and sign the Application Attestation Form.
Named Researchers:
- Researchers who participate in a research project and whose names and roles are stated in the Ministry research funding program application.
- They include a principal investigator (PI) and co-investigators in the project.
- They do not include project members that may participate in the project, but are not named in the application (e.g., technicians, post-docs, students, etc.).
The Research Security Guidelines and FAQs provides guidelines and definitions to assist researchers in completing the Attestation, please review them in detail. Below is some additional guidance to complement the Guidelines.
‘Public Profile Link from the Institution’ refers to your Faculty Profile Page at your institution.
In addition to the Named Research Organizations, ‘problematic entity’ includes:
- Institutes rated as High or Very High Risk in the Australian Strategic Policy Institute (ASPI) China Defense Universities Tracker
- US Department of Defense Entity List
- Sanctioned entities
- If you are unsure if an entity would be considered problematic, please contact research.security@uoguelph for further guidance.
If selecting Option B, ‘Insert details on the Collaboration, funding or in-kind support with any Named Research Organizations’ include:
- Nature of the collaboration
- Duration, specifically noting if it has ended
- If funding or in-kind support was received
The PI must complete and sign their own Application Attestation Form (see the Application Attestation Form instructions for details) and have all the named researchers identified in Step 1 complete an Attestation Form as well.
To assist with communicating this requirement to researchers who may be unfamiliar with the Application Attestation Form, we have created an email template (see below) with some optional wording that you can use to communicate the requirement, however, please present it in whatever way you feel is most appropriate in your context.
The PI is responsible for collecting all completed Attestations and submitting them in a zipped file to Research Services as part of the application.
The PI should review the completed and signed Application Attestation Forms from all other named researchers in the application. If any named researcher, including the PI, has selected “Option B” in the Application Attestation Form, the PI must address the related risks in the risk mitigation section of Mitigating Economic and Geopolitical Risk (MEGR) Checklist (see Steps 3 and 4 below for more information).
Mitigating Economic and Geopolitical Risk Checklist
The Principal Investigator of the project (the "PI") is required to complete the Mitigating Economic and Geopolitical Risk Checklist (MEGR).
In addition the Research Security Guidelines and FAQs, the information below is taken from:
- Universities Canada and U15 - Mitigating Economic and/or Geopolitical Risks in Sensitive Research Projects
- Internal University of Guelph Policies and Practices
The PI is required to gain an overall understanding of all named researchers involved in the project before completing the Checklist. In this section, the PI is asked to provide information on whether the PI and/or any Named Researchers:
- Currently hold any position or role, whether paid or voluntary, at any foreign government, foreign academic or research institutions, Canadian military/defense entity, foreign military/defense entity, any foreign private enterprise and/or foreign community organizations?
AND whether the PI and/or any Named Researchers:
- Currently in receipt of funding or in-kind support from any foreign government, foreign academic or research institutions, Canadian military/defense entity, foreign military/defense entity, any foreign private enterprise and/or foreign community organizations?
We recommend including this question in your communication with the Named Researchers when you ask them to complete the Application Attestation Form (this has been included in MCU's Research Security Requirements Email Template).
| Checklist | Added Context |
|---|---|
| Verified all research team members’ professional history and assessed alignment with the research priorities for the project. | Will you conduct appropriate reference checks and due diligence on all members of the team? Are their credentials, publications and affiliations in line with what they told you? |
| Assessed existing or potential Conflicts of Interest or historical or existing Collaborations that would impede Collaboration with any research team member in the project. |
Ask yourself, “Could critics use the interests or affiliations of my team members to discredit our findings, regardless of the quality of the research itself?” Additional Resources: |
| Discussed and agreed on clear goals and measures of success for the project. |
Have you developed and discussed “S.M.A.R.T.” goals (goals that are specific, measurable, achievable, relevant, time-bound) with your team to help ensure alignment and avoid disagreements once the project is underway? Additional Resources: |
| Discussed project risks internally and planned for their mitigation, involving external team members as appropriate. |
Brainstorm potential project risks with your team and fill out a risk register. Additional Resources: |
| Assessed whether the practices of Collaboration for e.g., the project’s collaborator(s) and/or collaborating institution(s) are consistent with the applicant’s standards on ethics and research conduct. |
Ask yourself whether all aspects of the project, regardless of where the work is or was performed, would pass ethics review at your institution. Additional Resources:
|
| Checklist | Added Context |
|---|---|
| Ensured the motivations of all partners are clear and aligned with the goals of the research team, including any expectations about intellectual property. |
Ask the partner directly what they expect from the research team during the project and what they hope to get out of the project at the end. |
| Assessed if the partner’s governance structure is transparent and whether the ultimate beneficiary of their collaboration on your project is clear. |
Looking on the partner’s website, can you easily identify who leads the partner organization and any linkages to government, other organizations and/or other actors? What information gaps exist? Additional Resources:
|
| Assessed the reputational risk associated with involving the partner. |
Ask yourself, “Could critics use the involvement of the partner to discredit our findings, regardless of the quality of the research itself?” Additional Resources:
|
| Explored if other academics have had positive experiences collaborating with this partner. |
By reaching out to researchers across your institution and at other institutions, you can gather valuable information on past experiences and solutions to address concerns. |
| Assessed whether the practices and contributions of partner(s) are consistent with the applicant’s standards on ethics and research conduct. |
Ask yourself whether any contributions (data, background IP, etc.) are consistent with your values and if you believe they would pass ethical review at your institution. |
| Checklist | Added Context |
|---|---|
| Verified all team members have completed cyber hygiene and data management training. |
Additional Resources:
|
| Assessed if data management and cybersecurity measures needed to adequately protect research integrity are in place across all partners. |
Have you reviewed U of G Resources – CCS’ Cybersecurity Resources and the Library’s Research Data Management Resources? Additional Resources: |
| Focused on addressing divergent cybersecurity and data management practices and decided on a mutually acceptable approach to securing your research project. |
When reflecting on existing divergences, ask yourself, “Given the sensitivity of the research topic and data, what is the level of risk associated with a breach and what is the probability it may occur?” |
| If professional or personal international travel is expected during the project, agreed to a protocol for device management. |
If travelling to a higher risk country, have you considered how you will handle your devices while traveling? If unsure what the risks are and/or how to mitigate them please contact research.security@uoguelph.ca for more information. Additional Resources: |
| Checklist | Added Context |
|---|---|
| Agreed to a plan regarding how and when project details will be shared including through publications, conferences, teaching, mass media, social media and personal communications. |
Keep in mind that premature disclosure can preclude certain types of IP protections. Additional Resources: |
| Assessed the potential value of any project-related IP and how to protect it. |
Ask yourself, “What types of IP could be generated through this research project? What do we need to do to preserve the value of this IP?” |
| Ensured all collaborators and partners have agreed on how to handle IP. |
The University of Guelph endeavors to include representations and warranties by the partner that mitigate risk related to intellectual property in its research contracts at the time of award in accordance with the funding agency and with the U of G’s intellectual property policies. |
| Discussed how restrictions on academic freedom or commercial interests may impact the research project and the communication of research results. |
Ask yourself, “Do the restrictions imposed on communicating results have potentially harmful impacts on the integrity of our research or our ability to publish results?” |
| Ensured all collaborators and partners are comfortable with the likely uses of any research results. |
Brainstorm with your team the likely uses of the results of the project, then ask members if they remain comfortable proceeding with the project. |
| Ensured all mechanisms exist that guarantee that any graduate students involved in the project are able to use the results to complete their studies. |
As noted above, the University of Guelph, endeavors to include representations and warranties by the partner that mitigate risk related to intellectual property in its research contracts at the time of award in accordance with the funding agency and with the U of G’s intellectual property policies. This will also protect students’ ability to use the results to complete their studies. |
| Checklist | Added Context |
|---|---|
| Reviewed government travel advisories and register travel to any countries associated with the research project. |
The Government of Canada’s travel advisories provide relevant security information for regions around the world and enable you to register your travel before leaving. |
| Assessed any potential risks to team members in regard to human rights, particularly minority rights, in any country where travel is required for the project. |
Consult Government of Canada’s travel.gc.ca website, including the Travel Health and Safety webpage and the Lesbian, gay, bisexual, transgender, queer and two-spirit Canadians abroad webpage to identify potential risks. The Travel Advice and Advisories webpage also offers region-specific information regarding ethnic tensions and other threats to members of other minority groups. |
| Reviewed your cyber hygiene before travel. |
Review the Canadian Centre for Cyber Security’s guidance on mobile devices and business travellers as part of your preparations. Additional Resources: |
| Reviewed the Travel security guide for university researchers and staff. |
The guide provides a checklist of security steps that can be taken before, during and after travel. |
The PI is required to provide detailed information on the risks identified through the Checklist, PI and/or co-investigator Involvement with Foreign Entities and Attestations. Additionally, the PI should comment on the nature and sensitivity of the research.
The nature of the research
The criteria below should be used in assessing if the nature and/or usability of your research project could attract the interest of foreign governments, militaries, their proxies, and other organizations who may seek to exploit research partnerships to access research information, research knowledge, and the resulting intellectual property and technology to facilitate unauthorized knowledge transfer.
- Critical Minerals List
- Critical Infrastructure
- Personal data that could be sensitive
- Large datasets
- Export Control List
- Sensitive technology research area (or dual-use)*
*Research areas that are sensitive or dual-use, in that they have military, intelligence, or dual military/civilian applications, are more likely to present national security risks.
Collaborations, affiliations, and partnerships
Disclosure is a key component of the Risk Identification section. The PI should disclose the following:
- If any named researcher, including the PI, selected Option B in the Attestation OR has any conflicts of interest or collaborations (including co-publications) in the past 2 years with entities that could potentially pose a Research Security risk (i.e. entities included on the Named Research Organizations list, Australian Strategic Policy Institute’s China Defense Universities tracker and the US Department of Defense list). The disclosure should include the nature of the collaboration and whether it has concluded or is ongoing.
- If any partner requires additional research security considerations then the associated risk should be disclosed, in particular consider the following:
- Could the partner be subject to foreign government influence, interference or control?
- Is the partner demonstrating a lack of transparency or unethical behaviour?
- Are there any individuals with conflict of interests from the partner organization?
- If any vendor has any Research Security concerns (i.e if the vendor has connections to a sanctioned entity, etc.)
**If you are unsure if a collaboration, partnership or vendor could pose a Research Security risk then contact research.security@uoguelph.ca who can help you with Partner and Researcher Due Diligence Assessments and Vendor Checks.
For each potential risk identified, outline the approach being taken to develop a risk mitigation proposal. In that proposal, outline any specific actions that will be taken to reduce or remove the risk entirely, timelines for implementation, and how to monitor effectiveness.
If any named researcher, including the PI, has selected “Option B” in the Application Attestation Form, the PI must address the related risks in the risk mitigation section of this Checklist.
See U of G’s Guide to Developing a Risk Mitigation Plan which is intended to assist Researchers in the development of Risk Mitigation plans drawing on guidelines from:
- ISED’s Mitigating Your Research Security Risks
- Universities Canada and U15 - Mitigating Economic and/or Geopolitical Risks in Sensitive Research Projects
- Universities Canada and U15 – Protecting Your Research During Travel
- General risk mitigation strategies in place at the University level as well as common examples of strategies employed within projects.
The Research Security Team reviews the completed Application Attestations and MEGR prior to submission to the granting agency as part of the submission review process. In this review, the type of analysis granting agencies may conduct to identify potential concerns is replicated to the extent possible. This includes completing Partner Due Diligence assessment(s), Researcher Due Diligence assessment(s) and vendor checks, as applicable. Should concerns be identified, researchers will be provided advice on how to address them prior to submission.