Choosing Vendors when Procuring Research Goods and Services

When procuring good and services for your research, it is important to bear in mind that your choice of vendor and the goods and services your purchase could introduce potential security risks.

These risks often centre around access to your research data, or to the research infrastructure and assets you use. Inappropriately sourced goods and services could ultimately lead to the theft, interference or unauthorized transfer of data and knowledge and could also impact your funding eligibility, reputation and your research partnerships. In more extreme instances it could even impact the personal security of individuals on your research team. 

The type of equipment you purchase can also introduce risks in and of itself. A non-exhaustive list of risks include: 

  • Data management issues
  • Network vulnerability issues
  • Foreign-government control
  • Legal liabilities, implication in on-going lawsuits

This document is intended to highlight some approaches to mitigating these risks and to help inform purchasing decisions that can protect the interests of you, your partners, collaborators and funders. It does not constitute legal advice and further guidance is available through the Government of Canada's Research Procurement Guidebook and  Procurement Case study.

Risks and Mitigating Approaches

Access to assets and infrastructure

Risks

As part of the procurement process, it’s normal to provide vendors, service providers, and equipment manufacturers with digital or physical access to UBC assets and infrastructure. However, doing so can introduce potential risks that can lead to the theft, interference, or unauthorized transfer of, knowledge or data.

Mitigating Approaches

Consider the level of access that is required for your work and engage, when possible, with internal UBC stakeholders when you have questions.

 

Export controls, sanctions and international laws

Risks

A vendor or equipment provider might have been placed under Canadian/international sanctions, or face other restrictions on national security grounds. Furthermore, they may engage in other unethical practices (such as the use of forced labour or child labour) that can conflict with international laws or present human rights concerns.

Mitigating Approaches

Conduct due diligence on your vendors to become aware of the potential risks involved in their work, and how their own operations might affect the security of your research.

Risks

The operations or supply chains of certain vendors may present risks related to human rights violations and other ethical violations. Some of these violations can also result in legislation that prevent procurement of certain goods, such as Canada’s Forced Labour in Canadian Supply Chains Act or the Uyghur Forced Labor Prevention Act (UFLPA), a US law that aims to prevent the importation of goods made with forced labor from the Xinjiang Uyghur Autonomous Region of China. 

Mitigating Approaches

Review your vendor carefully prior to procuring to avoid potential ethical and legal implications in your purchase. 

Changing contexts of your purchase

Risks

Even if the type of good or the vendor themselves pose minimal risk, or the consequences from their risks can be adequately mitigated, the context of your purchase/hiring can also affect your decisions throughout the procurement process. For example, new government regulations could prevent or delay the export of your goods from their source country.

Mitigating Approaches

Regardless of the type of good or vendor, you may choose to mitigate risks by choosing to purchase a different good or from a different vendor

Potential impacts

Poor procurement decisions could have a number of direct impacts on your research activities. These include:

Funding
Your eligibility for future government funding opportunities can be affected by your procurement choices. It’s important to conduct due diligence whereby you complete a sufficient amount of research about your vendors to learn how working with them might impact the security of your research at all stages of the research. Update and submit any relevant documentation, such as attestations to relevant funders, if vendors change at any point in the project.

Intellectual property ownership and commercialization
Depending on the type of engagement with a vendor, you might inadvertently expose your research insights (including those that may be patentable) to the vendor, thereby increasing the risk of having your intellectual property stolen. At a minimum, efforts to commercialize your research may also be delayed if security-related considerations such as sanctions or political turmoil are not properly accounted for when planning the work. This could force you to find a new vendor, posing added administrative work and potential delays to your research project. 

Partnerships
Poorly managed or mitigated risks from vendor relationships could lead other partners to end their collaborations with you or severely restrict future engagements. This not only restricts the ability to access important research data for collaborations, it could also affect the ability to access funding opportunities with those partners.

Reputation
Purchasing or accessing goods and services creates a relationship to the vendors, and can be seen as an implicit endorsement of a business’ goods, services or practices. Even if you do nothing wrong, engaging in business with vendors with known legal issues, lack of transparency about their operations, or negative reputations can cause negative repercussions to you and your work. It can also affect the reputation of the university and Canadian research more broadly, depending on the nature of the relationship in question.

How can the research security team help?

While specific questions regarding the procurement process and around a specific order in process should go to UBC's procurement office, our research security can help and advise you on the following:

  • how federal research security guidelines could impact your procurement decisions
  • how to undertake due diligence on potential suppliers
  • current regulations and their impact on the delivery of goods and services

Contact Us

 

Additional Resources

Other related considerations

Part of the VP Research & Innovation portfolio

UBC Research Security

Suite 580, Walter C. Koerner Library, 1958 Main Mall
Vancouver, BC Canada
E-mail research.security@ubc.ca

UBC receives support for managing its research enterprise from the federal Research Support Fund.

UBC Crest The official logo of the University of British Columbia. Urgent Message An exclamation mark in a speech bubble. Caret An arrowhead indicating direction. Arrow An arrow indicating direction. Arrow in Circle An arrow indicating direction. Arrow in Circle An arrow indicating direction. Bluesky The logo for the Bluesky social media service. Chats Two speech clouds. Facebook The logo for the Facebook social media service. Information The letter 'i' in a circle. Instagram The logo for the Instagram social media service. External Link An arrow entering a square. Linkedin The logo for the LinkedIn social media service. Location Pin A map location pin. Mail An envelope. Menu Three horizontal lines indicating a menu. Minus A minus sign. Telephone An antique telephone. Plus A plus symbol indicating more or the ability to add. Search A magnifying glass. Twitter The logo for the Twitter social media service. Youtube The logo for the YouTube video sharing service.