If you determined that your research may intersect with any research or partner-based risk considerations, you will need to identify mitigation measures within section 4, “Risk Mitigation Plan”, of the risk assessment form (RAF) and to implement these measures throughout the duration of your research project. Your risk mitigation measures should be commensurate to the risks you identified. You may also include research security best practices within your risk mitigation plan; these may include the following:
- Building a strong research team Anchor1 with verifiable professional histories and expertise, such as publication or academic history, that are in alignment with your research objectives and building capacity and raising awareness within the team on research security. This includes completing the Government of Canada training courses such as:
- Introduction to Research Security (Accessible via UBC Workplace Learning using CWL)
- Cyber Security for Researchers
- Safeguarding Research Partnerships with Open-Source Due Diligence
- Employing sound cybersecurity and data management practicesAnchor2 by adhering to UBC policy on cybersecurity and data management practices, Acceptable Use and Security of UBC Electronic Information and Systems (SC14), which helps ensure research information is protected by UBC’s IT infrastructure. Adhering to UBC policy also involves following the UBC Information Security Standards suite; this set of standards governs the collection, storage and transfer of research information following the Research Information Classification schema under the Information Security Standards (U1) guidelines and the Transmission and Sharing of UBC Electronic Information (U3) guidelines.
- This also includes having the research team complete training courses via UBC's Privacy Matters related to privacy and personal information, storage and encryption of information, remote work, phishing, and the transmission and sharing of information.
- Depending on the specific nature of your research, you may wish to consult Advanced Research Computing (ARC) Security & Privacy to assess the particular cybersecurity needs of your research project.
- Noting other review processes that the research proposal may be subject to, such as an approval from the Office of Research Ethics when involving human participants or the inclusion of a Data Management Plan (DMP) for certain funding opportunities. Should the latter be the case, there may be elements from your DMP that you can specifically reference in the RAF if appropriate to the risk.
- Assessing that your potential partner’s motivationsAnchor3 in this research project align with your own and establishing an agreement on the intended use of all information surrounding the research project, up to and including research outputs.
- This may include, as applicable, ensuring there are legal agreementsAnchor4 covering any IP or patent disclosures, licensing agreements or revenue sharing, as well as identifying common goals of open-access publications to scientific journals or information sharing at workshops or conferences.
- Consult with Innovation UBC’s Sponsored Research team and/or Inventions & Licensing teams to ensure any potential for commercializing the research aligns with UBC’s Inventions Policy (LR11).