Revision Date: February 20, 2025
Responsible Office: URA Compliance & Training
PDF
Policy Statement
The University of Chicago aims to ensure that all research activities performed by its researchers reflect the university’s primary goals of education, research, and scholarly inquiry, conducted in a rigorous and open manner. To that end, researchers should be transparent in their compliance with all applicable policies and guidelines, including those at the university level and sponsor level. This research security policy provides clarity surrounding the compliance requirements expected of researchers.
Purpose
In January 2021, the White House issued a National Security Presidential Memorandum (NSPM-33) intended to strengthen protections of United States Government-supported research and development against foreign government interference and exploitation. NSPM-33 directed federal funding agencies to establish policies requiring covered research institutions to certify implementation of a research security program.
In July 2024, the White House Office of Science and Technology Policy released a final “Guidelines for Research Security Programs at Covered Institutions” memo, instructing federal agencies to implement research security policies that meet specific requirements.
This Research Security Policy is designed to meet the requirements of the OSTP memo, anticipating agency implementation to be in alignment, and additionally aims to meet the requirements set forth in other federal guidance pertaining to research security, such as the CHIPS and Science Act of 2022.
Applicability
This policy applies to all covered individuals (defined below).
Policy Ownership
Responsible Office: URA Research Compliance and Training
Originally issued: 2/20/2025
Current version effective date: 2/20/2025
Last Updated: N/A
Definitions
|
Term |
Definition |
|
Covered individual |
As defined by federal guidelines, an individual who: a) contributes in a substantive, meaningful way to the scientific development or execution of a research and development project proposed to be carried out with a research and development award from a Federal research agency; and b) is designated as a covered individual by the Federal research agency concerned. |
|
MFTRP |
Malign Foreign Talent Recruitment Program. The University of Chicago adopts the full definition as set forth in the CHIPS and Science Act of 2022. However, in brief, an MFTRP is a program, position, or activity sponsored by an entity in a foreign country of concern involving compensation or remuneration in exchange for obligations or activities which are antithetical to U.S. interests (such as unauthorized transfer of IP developed under a federal research award). |
Policy:
The University of Chicago is committed to facilitating a culture of compliance with respect to research security. As such, the University undertakes to:
- Maintain and update this policy in accordance with the changing federal compliance landscape.
- Operate a cybersecurity program aligned with the cybersecurity resource to be developed by NIST (as of the date of this policy, such resource is not yet available).
- Make available trainings for the UChicago community, including:
- Export control training
- Foreign travel security training (not yet available)
- Research security training
- Maintain a record of covered individuals’ completion of required trainings and provide adequate notice to covered individuals who have not fulfilled the training requirements.
- Operate a travel reporting system containing a record of all international travel performed by covered individuals for official purposes as of the effective date of this policy.
- Provide guidance to University personnel regarding matters relating to research security.
- Engage with funding agencies to implement measures to mitigate potential risk associated with specific projects as deemed necessary by such agencies.
- Certify to federal funding agencies its, and its covered individuals’, compliance with all applicable training, reporting, and disclosure requirements.
The University of Chicago additionally expects its researchers to emulate this commitment to compliance, serving to further its goals of transparent and open scientific inquiry. Therefore, covered individuals are required to:
- In accordance with the COI policy, disclose to the University any affiliation with outside foreign entities, including any associated contracts for such affiliation.
- Not participate in any MFTRP. Individuals may consult with University Research Administration for assistance determining if a program is or is not an MFTRP.
- For each federal award on which the covered individual is named, certify non-participation in MFTRPs at the time of application.
- Cooperate with University and funding agencies to mitigate research security risks identified by the University or applicable funding agency.
- Maintain awareness of cybersecurity best practices and report any suspicious activity to the University’s IT Security.
- Complete the University’s designated Research Security Training prior to applying for new federal awards and annually thereafter.
- Complete the University’s export control training, if a covered individual is engaged in research involving export-controlled technologies.
- Report to the University any suspected compromise of research security, such as unauthorized transfer of intellectual property to a foreign entity.
- Ensure that all individuals performing and paid on any federal award for which the covered individual is PI are in compliance with all requirements herein, including completion of Research Security Training for any individual paid from such federal award (applicable to post-docs and graduate students).
- Cooperate with the University in any investigation of a research security matter.
Additionally, covered individuals who engage in any international travel as part of their University business, including teaching, conference attendance, and research purposes, shall be required to:
- Report to the University all such travel using the designated travel reporting system managed by the University.
- Complete the University’s designated foreign travel security training promptly following such training being made available to the University community, and again at an interval of no longer than once every six years thereafter.
Consequences of Non-Compliance
Due to the importance of maintaining security of the U.S. RD enterprise, the University or covered individuals may be penalized by the federal government if non-compliance is discovered. Penalties may include termination of federal awards and contracts, suspension or debarment from eligibility for federal funding, and/or suspension or denial of Title IV funds. Therefore, the University takes compliance with this policy very seriously, and covered individuals may be subject to the ordinary disciplinary process of the University if they fail to fully comply with any element of this Research Security Policy. Additionally, depending on the nature of non-compliance, they may be subject to criminal sanctions, civil liability, or both, under law.
Procedures (optional)
AURA – System of record for COI/COC disclosures and grant applications/award records
TBD – Travel reporting system
Workday Learning – Export Control Training; Research Security Training
CITI – Additional Export Control Training
TBD – foreign travel security training
Related Information
Related Policies:
- The University of Chicago Conflict of Interest Policy for Faculty and Other Academic Appointees
- Information Security Policy
- The University of Chicago Export Compliance Policy
Regulatory Links:
- National Security Presidential Memorandum on United States Government-Supported Research and Development National Security Policy (NSPM-33)
- The CHIPS and Science Act of 2022
- OSTP Guidelines for Research Security Programs at Covered Institutions July 9, 2024
Contacts
The following individuals can address questions regarding this Policy:
|
Title/Office |
|
Phone |
|
Katy Jones-Luckey, University Research Administration |
773-702-2918 |