What is Research Security?

Research security protects the integrity of your research from threats that could undermine Canada's national and economic security. It's about safeguarding your work against theft, misappropriation, and unauthorized transfer of ideas, research outcomes, and intellectual property.

This isn't abstract policy talk—it's practical protection for your research environment.

What's at stake:

• Your intellectual property: Research findings, data, methodologies, and innovations you've spent years developing.
• National security: Advanced technologies that could be weaponized or used for surveillance.
• Economic competitiveness: Innovations that drive Canadian prosperity.
• Your career: Funding eligibility, institutional reputation, and research partnerships.
• Public trust: The credibility of Canadian research as a whole.

Shared responsibility: Research security works only when everyone plays their part. Researchers, institutions, federal funding agencies (CIHR, NSERC, SSHRC, CFI), and the Government of Canada all share responsibility for protecting Canada's research ecosystem.

The reality check: Research security doesn't mean shutting down international collaboration. Canada values global partnerships—they're essential for advancing knowledge. But collaboration requires diligence. You need to know who you're working with, understand the risks, and take appropriate precautions.

Safeguarding Your Research Website

Federal Guidelines & Resources

STRAC Policy

The Government of Canada's Policy on Sensitive Technology Research and Affiliations of Concern (STRAC) became effective May 1, 2024. This policy directly affects how Lakehead researchers can access federal funding from NSERC, CIHR, SSHRC, and CFI.

The policy operates on two lists that work together:

• Named Research Organizations (NRO): 103+ foreign institutions connected to military, defence, or state security entities. If you're affiliated with any organization on this list while working on sensitive technology research, your federal grant application will be denied.
• Sensitive Technology Research Areas (STRA): 11 categories of advanced technologies (AI, quantum computing, genetic engineering, advanced weapons, etc.). If your research aims to advance these technologies—not just use them—STRAC applies to you.

Your Responsibility: Before applying for federal funding, you must review both lists. If your research advances a STRA, all named researchers on your grant must attest that they have no NRO affiliations. Past affiliations don't count—only current ones matter. If you hold an NRO affiliation, you must sever it before applying. The government plans to update these lists regularly, so please check them each time you apply for funding.

National Security Guidelines for Research Partnerships (NSGRP)

The NSGRP integrates national security considerations into the development, evaluation, and funding of research partnerships.

The Risk Assessment Form is a tool to identify and assess potential risks that research partnerships may pose to Canada’s national security.

Additional Resources:

• NSGRP Frequently Asked Questions (FAQ)
• Tri-Agency Guidance on NSGRP

Provincial Guidelines

Ontario is implementing steps to ensure that national and provincial security within our world-class research ecosystem is of the utmost priority. The Ministry of Colleges and Universities has released the Ministry of Colleges and Universities, Research Excellence and Security (MCURES) Research Security Guidelines for Ontario Research Funding Programs

The RS Guidelines apply to the Ontario Research Fund Programs and requires:

• Disclosure of collaborations with organisations of concern AND involvement with foreign entities
• A risk checklist
• A risk identification and mitigation plan

These requirements apply to programs such as the Ontario Research Fund (ORF) and Early Researcher Awards (ERA). Failure to comply may result in funding being denied or revoked.

• Mitigating Risk Checklist
• Application Attestation Form

Risk Mitigation: Protecting Your Research

Risk mitigation isn't bureaucratic box-checking—it's the systematic process of identifying threats to your research and implementing practical measures to address them. Strong risk mitigation protects your work, maintains your funding eligibility, and demonstrates due diligence to granting agencies and collaborators.

Why it matters: The federal granting agencies assess your risk mitigation plan when evaluating funding applications involving private-sector partnerships or sensitive technology research. Weak or absent mitigation strategies can result in rejected applications, withheld funding, or terminated grants. High-risk partnerships with insufficient mitigation simply won't get funded.

How to Build Effective Risk Mitigation

• Start early: Conduct risk assessments at the beginning of partnership discussions.
• Conduct open-source due diligence: Research your potential partners thoroughly. Check their institutional affiliations, funding sources, and ownership structures.
• Validate through direct consultation: Talk directly with your potential partners about their affiliations and motivations.
• Assess alignment: Determine whether your partner's motivations align with yours.

Key Areas Your Risk Mitigation Plan Should Address

• Research team composition: Build a team with appropriate security clearances, institutional affiliations, and awareness of research security requirements. All named researchers must comply with STRAC Policy requirements if working in sensitive technology areas.
• Cybersecurity and data management:  Implement robust protections for research data, methodologies, and intellectual property. This includes secure storage, access controls, encryption, and protocols for data sharing with partners.
• Agreement on research outcomes: Establish clear written agreements about intellectual property ownership, publication rights, and intended use of research findings. Define what happens if security concerns arise mid-project.
• Physical security: Control access to research facilities, labs, and equipment. Implement sign-in procedures for visitors and ensure only authorized personnel have access to sensitive areas.
• Monitoring and Reporting: Establish mechanisms to detect security incidents and report them promptly

Implementation and Compliance

Once your mitigation plan is approved, you must implement it. This isn't optional. Your award agreement stipulates that you'll follow the mitigation measures you identified, and you must maintain them until you submit your final financial report.

Monitor your mitigation plan continuously. If circumstances change—new partners join, research scope shifts, or risks evolve—you must immediately update your risk assessment and notify the granting agency. Changes that increase national security risk require submitting a new RAF before proceeding.

The Reality

Strong risk mitigation enables research partnerships that might otherwise be too risky to pursue. It demonstrates professionalism, protects Canadian interests, and reassures international collaborators that you operate in a secure environment. Weak mitigation, conversely, jeopardizes funding, damages your professional reputation, and puts your research at risk.

Get help.  Lakehead's research office can support you in developing risk assessments and mitigation strategies. Don't wait until you're facing a funding deadline—reach out when you first identify a potential partnership that might raise security concerns.

Travel Security Guidelines

As a researcher at Lakehead University, your work contributes to advancing knowledge and innovation on the global stage. When travelling internationally for research activities, conferences, or collaborations, you face unique security challenges that require proactive preparation and vigilant practices. This guide provides comprehensive recommendations to protect your research data, personal information, and university systems while maintaining the ability to conduct meaningful academic work abroad.

 Canada's official Travel Security Guide for university researchers and staff

Before You Travel

• Assess Your Risk: Consult the Government of Canada's travel advisories. For "High Degree of Caution" countries, use a temporary device.
• Register Your Trip: Use the Registration of Canadians Abroad service.
• Prepare Your Devices: Use a "clean" device (loaner/burner) with no sensitive data. Encrypt devices if permitted by local laws.
• Secure Accounts: Use temporary passwords and enable Multi-Factor Authentication (MFA).
• Book a travel consultation with someone from research services to better prepare you for your trip.

While You Travel

• At the Border: Power down devices. If searched, assume the device is compromised.
• Internet: Avoid public Wi-Fi. Use cellular data or Lakehead's VPN.
• Physical Security: Keep devices with you at all times. Never plug in unknown USB drives.

After You Return

• • Change All Passwords: Immediately change the passwords for every account and device you used while travelling.  

  • Scan Your Devices: Before connecting to any campus or home network, run a full scan with updated anti-malware software.  

  • Wipe Loaner Devices: Securely wipe any devices you may have used while travelling.

  • Monitor and Report: Watch your financial statements for fraudulent activity. Be alert for targeted phishing emails that reference your trip. Report any security incidents (lost/stolen devices, border searches, suspected compromises) to the appropriate contact below

Digital Research Security & Best Practices

Artificial Intelligence Usage

AI tools are powerful but come with risks. Embedded AI features in software may collect your data for training.

Research Websites

Avoid third-party platforms like Wix or personal WordPress for research sites due to security risks and compliance issues. Contact Web Development Services (WDS) for university-approved options.

Survey Best Practices

Protect your data integrity from bots:

• Layer 1: Use unique survey links and monitor responses daily.
• Layer 2: Implement CAPTCHA and "Honeypot" traps.
• Layer 3: Rigorous Data Screening & Secure Payouts

Training Resources

Lakehead University

The Office of Research Services holds workshops and events around research security throughout the year. Please check back here and subscribe to the Research & Innovation weekly bulletin for details.

Please make sure to register for the "Research Security Training" module under the Self-Registration Page on MyCourseLink to access 2 ISED Research Security workshops:

• Introduction to Research Security
• Cyber Security for Researchers

ISED Courses (Asynchronous)

The Government of Canada has developed three publicly available courses to better equip Canadian researchers. To enroll, sign up to the ISED Learning platform (GCKey option available). Each course takes approx. 30-40 minutes.

• Introduction to Research Security
• Cyber Security for Researchers
• Safeguarding Research Partnerships with Open Source Due Diligence

Public Safety Canada | Safeguarding Science (Live)

Canada is a leader in innovation, thanks to the research community's commitment to open science. However, this commitment can be exploited. The Government of Canada wants to keep research open while ensuring security measures are in place.

The Workshop
To raise awareness, Public Safety's Research Security Centre offers Safeguarding Science, a 90-minute workshop focusing on:

• Best practices in maintaining a security-conscious research organization.
• Research security guidance and tools to recognize and mitigate risks.
• Understanding sensitive and dual-use technology.

Who Should Attend: Researchers, research staff, students, administrators, IT staff, and security personnel.

French virtual sessions are available on the French Safeguarding Science page.

Training Modules

Click on a module below to view details and registration links.