Research security

Tri-agency guidance on the National Security Guidelines for Research Partnerships (NSGRP)

About the National Security Guidelines for Research Partnerships

To ensure that the Canadian research ecosystem is as open as possible and as secure as necessary, the Government of Canada introduced in July 2021 the National Security Guidelines for Research Partnerships (NSGRP) to integrate national security considerations into the development, evaluation and funding of research partnerships.

The Risk Assessment Review Process of the NSGRP provides a framework through which researchers, research institutions and Canada’s federal funding organizations can undertake consistent, risk-targeted due diligence to identify and mitigate potential national security risks linked to research partnerships.

When applying to a research partnership grant program that applies the NSGRP as a requirement, grant applications involving one or more private sector partner organizations (including industrial associations and producer groups) — including when they participate alongside other partner organizations from the public and/or not-for-profit sectors — must include a completed a Risk Assessment Form as an integral part of their application. This questionnaire requires applicants to consider any risks associated with the nature of their research and proposed private sector partner organizations. Applicants must also develop a tailored risk mitigation plan commensurate with the risks identified that will be implemented for the duration of the grant. Following the principles of the Guidelines, risk mitigation measures must never lead to discrimination against or profiling of any group or member of the research community.

Frequently asked questions

For general questions related to completing the Risk Assessment Form, please consult the Frequently Asked Questions (FAQ): National Security Guidelines for Research Partnerships. The following FAQs are intended to complement the broader FAQs concerning the implementation of the NSGRP at the granting agencies.

What grant programs do the NSGRP apply to?

The National Security Guidelines for Research Partnerships (NSGRP) apply to selected federal research partnership funding programs. Consult the appropriate funding opportunity literature to determine if the NSGRP apply to your research partnership grant application and if a Risk Assessment Form is required as a mandatory component.

At this time, the NSGRP apply to the following programs:

Where can I find resources to help exercise due diligence to safeguard my research following the NSGRP?

Resources are provided by the Government of Canada on the Safeguarding Your Research portal, including guidance and training on conducting open-source due diligence, as well as information on mitigating research security risks and mitigating economic and/or geopolitical risks in sensitive research projects.

Is a Risk Assessment Form required for each private sector partner organization?

No, only one Risk Assessment Form is required per application, but it must consider all private sector partner organizations involved in the proposed research project.

This also includes industrial associations and producer groups, since their member organizations are principally from the private sector. When filling out the Risk Assessment Form, you must consider each of the association/group’s private sector member organizations participating in the project (when applicable) and/or those that will exploit the research results.

What is the role of the granting agency in the Risk Assessment Review Process?

Every application submitted with a Risk Assessment Form is reviewed on a case-by-case basis as part of a Risk Assessment Review Process. This process is conducted independently from the merit review process.

First, the granting agency reviews the Risk Assessment Form as part of an internal administrative process to ensure completeness. It then conducts an administrative risk validation using open-source intelligence (OSINT) methods. Any application with possible or identified risks is referred to the agency’s internal Risk Assessment Committee, where these risks are considered against the mitigation plan provided:

• If the Risk Assessment Committee determines that the risks are appropriately mitigated, the mitigation plan is approved.
• If the Risk Assessment Committee determines that a national security assessment is required to inform the funding decision, the application is referred to Public Safety Canada’s Research Security Centre for advice.

The granting agency then makes its funding decision following the results of the merit review and considering any advice requested and received from the Research Security Centre.

What common factors would contribute to a determination that a national security assessment is necessary to inform the funding decision?

In most cases, the granting agencies would refer applications for national security assessment and advice in cases where:

• the nature of the proposed research could be deemed sensitive (per Annex A of the NSGRP), and
• one or more private sector partner organizations were identified from open-source information to be
  • associated with, or originating from, organizations or countries that are subject to sanctions, and/or
  • associated with criminal or ethical concerns

If my application proceeds to a national security assessment, how will the results of this assessment be communicated to me?

Where possible, the granting agencies will communicate any new and relevant information they receive from the national security departments and agencies in the notice of decision letter. In some cases, the information provided may be limited due to the classified nature of the assessment.

In cases where the funding is conditional on additional mitigation measures or where funding was declined due to the result of the national security assessment, applicants are also offered the opportunity to request a meeting with representatives from the granting agency administering the funding opportunity, and representatives from the Government of Canada’s Research Security Centre, to discuss the results of the application’s national security assessment.

Am I required to implement the risk mitigation plan proposed in my application?

Yes. The risk mitigation plan proposed in your application is considered as part of the Risk Assessment Review Process to determine whether the potential risks to your research partnership are appropriately mitigated. As per the terms and conditions of the grant, you must implement all the risk mitigation measures identified in your risk mitigation plan and award letter, if applicable.

You are also expected to confirm the implementation of these risk mitigation measures as part of the regular grant reporting process, where applicable.

Is there information available on the results of the implementation of the NSGRP at the granting agencies?

The Progress Report on the Implementation of Canada’s National Security Guidelines for Research Partnerships and Supporting Research Security Efforts includes information on the results of the pilot implementation of the NSGRP in NSERC’s Alliance program and highlights other initiatives underway to safeguard Canadian science, data and research.

How is this policy distinct from the Policy on Sensitive Technology Research and Affiliations of Concern (STRAC)?

The National Security Guidelines for Research Partnerships (NSGRP) are distinct from, but complementary to, the Policy on Sensitive Technology Research and Affiliations of Concern (STRAC). These policies operate independently and apply distinct requirements at the grant application stage and for the duration of the grant. Consult the appropriate funding opportunity literature to determine whether the NSGRP and/or the STRAC Policy apply. In some cases, both the STRAC Policy and the NSGRP may apply to the same funding opportunity.

The NSGRP address risks related to research projects conducted in partnership with private sector partner organization(s). Applications that apply the NSGRP undergo a Risk Assessment Review Process that supports the identification, analysis and mitigation of risks as part of the development, evaluation, and funding of research partnerships. The NSGRP apply to selected federal research partnership programs, where applicants seeking grant funding for research with one or more private sector partner organization(s) must complete a Risk Assessment Form, and grant recipients must implement any risk mitigation measures identified in their completed Risk Assessment Form and in their Notice of Decision.

The STRAC Policy addresses risks related to sensitive technology research performed with research organizations and institutions that pose the highest risk to Canada’s national security. This policy applies to all relevant funding opportunities that fund research grants to university and university-affiliated institutions. For these funding opportunities, any research grant applications that aim to advance a Sensitive Technology Research Area (STRA) will require the submission of attestation forms by researchers with named roles on the grant application certifying that they are not currently affiliated with, or are in receipt of funding or in-kind support from a Named Research Organization (NRO). For the duration of the grant, all research team members involved in the activities funded by the grant are individually responsible for ensuring that they do not hold an active affiliation or receive funding or in-kind support from any of the listed NROs, following the version of the NRO list that was publicly available on the date that the grant application was submitted. No additional requirements apply for grant applications that do not aim to advance any of the listed Sensitive Technology Research Areas. For more information, consult the Tri-agency guidance on the STRAC Policy.