When applying to Canadian federal research funding that is subject to the National Security Guidelines for Research Partnerships (NSGRP), researchers must complete a Risk Assessment Form (RAF).
UBC researchers should complete and submit their RAF to the research security team for validation as early as possible, but no later than five (5) business days' prior to the sponsor's full application deadline.
For relevant funding opportunities, the RAF must be completed and include all industry partners (companies/corporations), as well as industrial associations and producer groups. The form helps identify, assess and mitigate potential risks that the partnership(s) may pose to the integrity of the research and Canada’s national security.
Project Information
In completing the risk assessment, applicants should provide information specific to their proposed research project and the prospective private-sector partner organizations.
Relevant project information should include:
- Whether a research area is considered dual-use or relates to a sensitive technology research area;
- Whether and how researchers work with sensitive personal data or large datasets;
- Whether research intersects with materials on the Critical Minerals List;
- Whether the research areas are classified on the National Strategy for Critical Infrastructure.
Partner Information
Information regarding the proposed partners must also be included, to determine whether the partner(s) may pose national security risks when using information and data derived from your project.
Relevant partner information should include:
- Subsidiaries, affiliations or partnerships that could lead to the transfer of research to third party governments, militaries or other organizations;
- Their potential for foreign government influence or control through both legal or illegal means;
- Uncertainty or a lack of transparency of funding sources;
- Company charges or convictions speaking to a lack of transparency or ethical behavior;
- Research team conflicts of interests that could lead to research transfers to third part government, militaries or other organizations.
Drafting Risk Mitigation Plans
If researchers identify any potential risks when completing the form, they must prepare a risk mitigation plan. The plan should reduce the likelihood and impact of risks to a level that is acceptable to the researcher, their institution, the granting agency and the Government of Canada. Each risk mitigation plan should be unique to the specific project and/or partner.
The proposed risk mitigation plan will be assessed as part of the evaluation of the project proposal to ensure appropriate safeguards are in place to mitigate risks to the work. The following research security best practices are recommended as part of your risk mitigation plan:
- Building a strong research team, such as enrolling the team in training on research security, cyber security, intellectual property, and employing research security guidance and best practices from Government of Canada;
- Assessing the alignment of your partners’ motivations;
- Using sound cybersecurity and data management practices, such as employing UBC information technology security policies, and including any practices that are relevant to intellectual property and technology transfer clauses that address identified risks;
- Establishing an agreement with your partner(s) on the intended use of the research findings, which may include creating partnership agreements that cover intellectual property and technology transfer clauses that address national security risks; or
- Prioritizing the implementation your risk mitigation plan and that all members of the team are aware of their responsibilities, and ensuring the monitoring of mitigation measures.
Post-Award Risk Management Requirements
Upon receipt of a successful funding decision, researchers should begin implementing the risk mitigation plan outlined in their proposal.
If the risks that were originally identified in the RAF change or evolve throughout your research, or new private partners are brought onto the project, researchers must inform the granting agency of these changes. The agency may require new risk assessment form(s) to be completed. UBC’s Research Security Team has created a post-award guide to assist you in understanding your obligations following receipt of your research funding.