According to the National Science Foundation definition research security means: “Safeguarding the research enterprise against the misappropriation of research and development to the detriment of national or economic security, related violations of research integrity and foreign government interference.”

Based on this definition, research security is a set of actions we take as researchers, administrators and support staff, to keep research data safe from those who would dishonestly take and use it in harmful ways.

Research security is not:

• A replacement for research integrity and ethical conduct
• A barrier to innovation and discovery
• Discrimination or targeting of specific populations
• Suppression of legitimate research findings
• A hindrance to collaboration and open scientific discourse

At USC, we consider personnel who meet one or more of the following criteria to be covered individuals under the research security program:

• University personnel, meaning faculty, staff, students, postdoctoral scholars or university affiliate researchers serving as principal investigator, co-principal investigator or key personnel on a federally funded research project (including subawards).
• University personnel designated as covered individuals by a federal research agency.
• University personnel supporting federal contracts/awards with access to regulated data (controlled unclassified information, HIPAA, genomic, etc.).
• University personnel involved in export-controlled projects. Most USC research is not subject to export control regulations, which apply to research on specific technologies that could be used for military purposes and items listed on the United States munitions list.
• University personnel working on a federal agency contract/award requiring Operations Security (OPSEC) training.

Under our research security program, USC research personnel minimize risk to themselves and the institution by ensuring they understand their role and responsibilities in research security:

• Understand and comply with relevant research security and export control regulations, policies and procedures.
• Protect sensitive research data from unauthorized disclosure.
• Properly classify research data to appropriate sensitivity levels.
• Utilize appropriate data storage and access controls.
• Implement appropriate safeguards.
• Report potential vulnerabilities.
• Submit full, accurate and timely disclosures of outside professional activities.
• Remain vigilant about malign foreign influence.
• Recognize and report suspicious activities and behaviors.
• Practice safe online behaviors.
• Complete required training and maintain appropriate records.
• Communicate with the ORS when you have questions. When in doubt, err on the side of caution and ask.

The ORS and our key functional partners ensure compliance with research security requirements through implementation and management of the following program elements:

• Cybersecurity: Protecting our electronic research environments through appropriate controls and safeguards.
• Certifications: Affirming and attesting to the university’s compliance with applicable research security requirements.
• Conflicts of Interest and Commitment Disclosures: Ensuring transparency in the affiliations of USC research stakeholders
• Prohibition of Participation in Malign Foreign Talent Recruitment: Preventing our adversaries from access to research data and personnel.
• Foreign Travel Security, Awareness and Support: Enhancing safety and security of researchers and information during foreign travels.
• Export Control Compliance: Protecting sensitive export-controlled technologies, information and materials from unauthorized disclosure.
• Due Diligence and Risk Assessments: Ensuring integrity and security in our collaborations with foreign researchers.
• Misconduct and Insider Threat Awareness: Preventing, identifying, investigating and mitigating insider threat activities.
• Threat Reporting: Working with local, state and federal partners to understand the threats to our research enterprise.
• Security Education, Training and Awareness: Ensuring compliance with federal training requirements and educating the research populace on security requirements and best practices.

Unfortunately, some research institutions have suffered notable research security violations that have resulted in a variety of consequences for individual researchers and institutions. Failing to comply with critical government requirements can have adverse impacts on individual researchers, research programs, and institutions. Read case studies on specific research security violations documented by the National Science Foundation.

Notable research security violations:

• Failing to disclose foreign affiliations, support and funding
• Export control violations
• Falsifying applications
• Violations of HIPAA security standards
• Unsafe cybersecurity practices
• Failing to safeguard sensitive data
• Intellectual property theft

Potential consequences for research personnel:

• Disciplinary action
• Criminal or civil liability
• Potential restriction or debarment from future research activities
• Reputational damage
• Factors of consideration:
• Nature of the violation
• Sensitivity of research
• Degree of harm caused
• Researcher’s history

Potential consequences for the institution:

• Investigations by U.S. government agencies
• Suspension or termination of federal research grants
• Criminal or civil liability
• Penalties and/or fines
• Negative publicity, reputational damage and loss of credibility
• Loss of revenue
• Factors of consideration:
• Nature of violation
• Intent of the researchers
• Degree of harm caused
• Institutional response

Have questions about a potential violation? Contact the ORS.