New Risk Assessment Requirements for NSERC Alliance Applications

On July 12, 2021, the Government of Canada released new National Security Guidelines for Research Partnerships, developed in collaboration with the Government of Canada–Universities Working Group. The federal government is introducing these guidelines to ensure the Canadian research ecosystem is as open as possible and as secure as necessary. The Guidelines integrate national security considerations into the development, evaluation and federal funding of research partnerships.

NSERC Alliance Grant applications with a private sector partner (including applications currently under review*) must now include a risk assessment questionnaire completed by the researcher and, if necessary, a risk mitigation plan. 

To meet this new requirement, UBC is developing new supports and processes. The following information is provided as a guide based on current information and will be updated as additional information and resources become available.

The National Security Guidelines for Research Partnerships will be applied to federal research partnership funding starting with all applications to the NSERC Alliance Grants involving a private sector organization partner. Private sector partner organizations are defined as for-profit organizations that support a research partnership by sharing in intellectual leadership or providing expertise or making cash and/or in-kind contributions underpinned by a formal agreement.

Applicants with proposals currently under review will be contacted by NSERC when a risk assessment form is required.

New requirements and process

All Alliance Grant applications with a private sector organization partner will involve the following steps 

Researchers
  1. A Risk Assessment Questionnaire must be completed by the researcher.
    These should be submitted to jp.heale@uilo.ubc.ca for validation.
    Please also send your NSERC Alliance application form and UBC Research Project Information Form (no signatures required at this point) to provide full context.
  2. Should it be required after completing the form, a risk mitigation plan must be developed. Researchers may submit a draft risk mitigation plan at the same time as the risk assessment questionnaire based on any risks they identified.
  3. Validated risk assessment questionnaires and completed risk mitigation plans will then form part of the researcher’s grant application.
Granting Agency
  1. The granting agency undertakes the scientific merit assessment of all research partnerships proposals it receives, as described in the funding opportunity’s evaluation criteria and according to the established peer review process.
  2. The granting agency reviews the Risk Questionnaire and the Risk Mitigation Plan (if applicable) provided with the grant application and, when necessary, refers the application for advice from national security partners.
  3. For those applications that warrant examination of national security considerations, the granting agency will conduct an assessment of the risk level and refer specific applications to national security partners, should the initial risk assessment indicate a need to do so. Academic experts will be asked to provide input on the technical aspects of the subject matter and the effectiveness of proposed mitigation measures, as required.
  4. The funding decision will take into consideration the scientific review as well as the assessment of potential national security considerations.

Proposals assessed as posing a high national security risk will not be funded.

Risk Assessment Questionnaire and Guidance.

The questionnaire and guidance are available at https://science.gc.ca/eic/site/063.nsf/eng/h_98257.html

Researchers must answer a series of questions to the best of their knowledge and using information and resources available to them. This includes being aware of any obligations under the Export and Import Permits Act.

These questions focus on:

The nature of the research, including:

  • its potential interest to foreign governments, militaries or their proxies
  • potential military, policing or intelligence applications
  • working in sensitive areas
  • working in areas covered by export controls
  • working with controlled goods
  • working in areas covered by the Export Control List, the Import Control List, or the Area controlled list
  • working in research related to critical minerals and critical mineral supply chains
  • working with sensitive personal data or large amounts of data that could be sensitive in the aggregate
  • working on research areas focused on critical infrastructure
  • the research facilities supporting the project

The nature of the private sector partner(s) involved, including:

  • subsidiaries and affiliations or partnerships that could lead to the transfer of research to third party governments, militaries or other organizations
  • their potential to be subject to foreign government influence or control
  • uncertainty of funding sources
  • funding conditions requiring replicating work in a foreign country
  • company charges or convictions speaking to a lack of transparency or ethical behavior
  • research team conflicts of interests that could lead to research transfers to third part government, militaries or other organizations
  • unrelated access to facilities
  • location in a country on the Area Control List

Researchers must provide the basis or information about any risks identified in the Risk Assessment Questionnaire and describe the steps taken and resources utilized to identify and assess the risks.

Risk Mitigation Plans

If completion of the form identifies any potential risks, a risk mitigation plan must be produced. Risk mitigation aims to reduce the likelihood and impact of risks to a level that is acceptable to the researcher, their institution, the granting agency, and the Government of Canada. Risk mitigation plans should describe actions that will be implemented to reduce risks’ likelihood and impact.

The proposed risk mitigation plan will be assessed as part of the evaluation of the project proposal to ensure appropriate safeguards are in place to mitigate risks to the work.

Categories of a risk mitigation plan are recommended to include:

  • Building a Strong Research Team
  • Assessing Alignment of Your Partners Motivations
  • Ensuring Sound Cybersecurity and Data Management Practices
  • Agreement on Intended Use of Research Findings
  • Open Science approaches
  • Other

Examples of risk mitigation measures include, but are not limited to:

  • Training (research security, cyber security, and intellectual property training)
  • Guidance and best practices from Government of Canada departments
  • Partnership agreements that include intellectual property and technology transfer clauses that address national security risks
  • Data management plan
  • Cyber security plan
  • Establishing access restrictions for partners and personnel to an “as needed” basis
  • Regular reporting to your institution on the implementation and effectiveness of the proposed risk mitigation measures

Further guidance on best practices for risk mitigation is available on the Safeguarding Your Research portal in the guidance on Mitigating Economic and/or Geopolitical Risks in Sensitive Research Projects.