Safeguarding Research

What is Research Security?

Research security protects the integrity of your research from threats that could undermine Canada's national and economic security. It's about safeguarding your work against theft, misappropriation, and unauthorized transfer of ideas, research outcomes, and intellectual property.

This isn't abstract policy talk—it's practical protection for your research environment.

Why it matters: Canada's research ecosystem thrives on openness, transparency, merit, academic freedom, and reciprocity. These principles make Canadian research excellent. They also make it vulnerable. Foreign state actors, state-sponsored entities, and other bad actors actively target Canadian research to gain strategic, military, or economic advantages.

What's at stake:

  • Your intellectual property: Research findings, data, methodologies, and innovations you've spent years developing.
  • National security: Advanced technologies that could be weaponized or used for surveillance.
  • Economic competitiveness: Innovations that drive Canadian prosperity.
  • Your career: Funding eligibility, institutional reputation, and research partnerships.
  • Public trust: The credibility of Canadian research as a whole.

Shared responsibility: Research security works only when everyone plays their part. Researchers, institutions, federal funding agencies (CIHR, NSERC, SSHRC, CFI), and the Government of Canada all share responsibility for protecting Canada's research ecosystem.

The reality check: Research security doesn't mean shutting down international collaboration. Canada values global partnerships—they're essential for advancing knowledge. But collaboration requires diligence. You need to know who you're working with, understand the risks, and take appropriate precautions.

Safeguarding Your Research Website

Federal Guidelines & Resources

STRAC Policy

The Government of Canada's Policy on Sensitive Technology Research and Affiliations of Concern (STRAC) became effective May 1, 2024. This policy directly affects how Lakehead researchers can access federal funding from NSERC, CIHR, SSHRC, and CFI.

Here's what it means: If your research advances any sensitive technology area, you cannot have active affiliations with—or receive funding from—organizations that pose national security risks. Period. No exceptions.
Tri-Agency Guidance on STRAC

The policy operates on two lists that work together:

  • Named Research Organizations (NRO): 103+ foreign institutions connected to military, defence, or state security entities. If you're affiliated with any organization on this list while working on sensitive technology research, your federal grant application will be denied.
  • Sensitive Technology Research Areas (STRA): 11 categories of advanced technologies (AI, quantum computing, genetic engineering, advanced weapons, etc.). If your research aims to advance these technologies—not just use them—STRAC applies to you.

Your Responsibility: Before applying for federal funding, you must review both lists. If your research advances a STRA, all named researchers on your grant must attest that they have no NRO affiliations. Past affiliations don't count—only current ones matter. If you hold an NRO affiliation, you must sever it before applying. The government plans to update these lists regularly, so please check them each time you apply for funding.

Does Your Research "Advance" a Sensitive Technology?

This is the critical distinction. Many researchers assume STRAC doesn't apply because they're "just using" existing technology. That's often wrong. Here's how to tell the difference:

Your research ADVANCES a STRA if it:

  • Develops new capabilities, methods, or applications within a sensitive technology area
  • Improves the performance, efficiency, or functionality of existing sensitive technologies
  • Creates new knowledge that could enable others to develop sensitive technologies
  • Produces results that have dual-use potential (civilian and military applications)

Your research likely does NOT advance a STRA if it:

  • Uses commercially available AI tools as instruments without modifying them
  • Applies existing technologies to study unrelated phenomena (e.g., using machine learning to analyze historical texts)
  • Studies the social, ethical, or policy implications of sensitive technologies without developing them
When in doubt, assume it applies. Contact us for a consultation before submitting your grant application. Getting it wrong means your application gets denied—or worse, your funding gets clawed back later.

Request a STRA Assessment

National Security Guidelines for Research Partnerships (NSGRP)

The NSGRP integrates national security considerations into the development, evaluation, and funding of research partnerships.

The Risk Assessment Form is a tool to identify and assess potential risks that research partnerships may pose to Canada's national security.

Additional Resources:

Provincial Guidelines

Ontario is implementing steps to ensure that national and provincial security within our world-class research ecosystem is of the utmost priority. The Ministry of Colleges and Universities has released the Research Security Guidelines for Ontario Research Funding Programs.

These requirements apply to: Ontario Research Fund (ORF), Early Researcher Awards (ERA), and other provincial research funding programs. Failure to comply may result in funding being denied or revoked.

What Ontario Requires

The provincial guidelines go beyond federal requirements in some areas. You must provide:

  • Disclosure of collaborations with organizations of concern AND involvement with foreign entities: This is broader than STRAC—you need to disclose all foreign entity involvement, not just NRO affiliations.
  • A completed risk checklist: The Mitigating Economic and Geopolitical Risk Checklist must be completed for all applications.
  • A risk identification and mitigation plan: If risks are identified, you must describe specific measures to address them.
  • An attestation: The Application Attestation Form confirms the accuracy of your disclosures.

Common Mistakes to Avoid

  • Incomplete disclosures: Listing only formal affiliations while omitting visiting positions, advisory roles, or consulting relationships.
  • Vague mitigation plans: "We will be careful" isn't a mitigation plan. Specify concrete measures: access controls, data handling protocols, IP agreements.
  • Inconsistency between forms: Your checklist and attestation must align. Discrepancies trigger additional scrutiny.
We can help. The Mitigating Risk Checklist and Attestation Form can be confusing. Contact us before you submit—we'll review your forms, identify gaps, and help you write effective risk mitigation language that satisfies provincial requirements.

Request an ORF Compliance Review →

Risk Mitigation: Protecting Your Research

Risk mitigation isn't bureaucratic box-checking—it's the systematic process of identifying threats to your research and implementing practical measures to address them. Strong risk mitigation protects your work, maintains your funding eligibility, and demonstrates due diligence to granting agencies and collaborators.

Why it matters: The federal granting agencies assess your risk mitigation plan when evaluating funding applications involving private-sector partnerships or sensitive technology research. Weak or absent mitigation strategies can result in rejected applications, withheld funding, or terminated grants. High-risk partnerships with insufficient mitigation simply won't get funded.

How to Build Effective Risk Mitigation

  • Start early: Conduct risk assessments at the beginning of partnership discussions.
  • Conduct open-source due diligence: Research your potential partners thoroughly. Check their institutional affiliations, funding sources, and ownership structures.
  • Validate through direct consultation: Talk directly with your potential partners about their affiliations and motivations.
  • Assess alignment: Determine whether your partner's motivations align with yours.

Key Areas Your Risk Mitigation Plan Should Address

  • Research team composition: Build a team with appropriate security clearances, institutional affiliations, and awareness of research security requirements. All named researchers must comply with STRAC Policy requirements if working in sensitive technology areas.
  • Cybersecurity and data management: Implement robust protections for research data, methodologies, and intellectual property. This includes secure storage, access controls, encryption, and protocols for data sharing with partners.
  • Agreement on research outcomes: Establish clear written agreements about intellectual property ownership, publication rights, and intended use of research findings. Define what happens if security concerns arise mid-project.
  • Physical security: Control access to research facilities, labs, and equipment. Implement sign-in procedures for visitors and ensure only authorized personnel have access to sensitive areas.
  • Monitoring and Reporting: Establish mechanisms to detect security incidents and report them promptly.

Implementation and Compliance

Once your mitigation plan is approved, you must implement it. This isn't optional. Your award agreement stipulates that you'll follow the mitigation measures you identified, and you must maintain them until you submit your final financial report.

Monitor your mitigation plan continuously. If circumstances change—new partners join, research scope shifts, or risks evolve—you must immediately update your risk assessment and notify the granting agency. Changes that increase national security risk require submitting a new RAF before proceeding.

The Reality

Strong risk mitigation enables research partnerships that might otherwise be too risky to pursue. It demonstrates professionalism, protects Canadian interests, and reassures international collaborators that you operate in a secure environment. Weak mitigation, conversely, jeopardizes funding, damages your professional reputation, and puts your research at risk.

Get help. Lakehead's research office can support you in developing risk assessments and mitigation strategies. Don't wait until you're facing a funding deadline—reach out when you first identify a potential partnership that might raise security concerns.

Travel Security

International travel for conferences, collaborations, and fieldwork exposes researchers to unique security risks. Foreign governments may target your devices, monitor communications, or attempt to acquire sensitive research information. Proper preparation before, during, and after travel is essential.

Key principles: Use clean devices when travelling to high-risk destinations. Assume any device searched at a border is compromised. Change all passwords when you return. Register with the Government of Canada before you leave.

Our dedicated travel security page includes destination-specific guidance, device preparation checklists, and information on booking a pre-travel consultation.

Travel Security Guidelines →

Cybersecurity for Researchers

Your research data, methodologies, and intellectual property are valuable targets. Cybersecurity isn't just IT's problem—it's a core component of research security that protects your work from theft, manipulation, and unauthorized access.

Key principles: Use strong, unique passwords with multi-factor authentication. Be cautious with AI tools—some collect your data for training. Avoid third-party platforms for research websites. Protect survey data from bot contamination.
Security Alert: Do NOT use DeepSeek. Canadian security agencies have identified significant privacy and security risks, including potential foreign government access to user data. Use Lakehead's Google Gemini instead—your data is not used for AI training.

Our dedicated cybersecurity page covers AI usage guidelines, secure data storage, research website best practices, survey security, and more.

Cybersecurity Best Practices →

Training Resources

Lakehead University Training

The Office of Research Services holds workshops and events around research security throughout the year. Subscribe to the Research & Innovation weekly bulletin for announcements.

Required Training: Register for the "Research Security Training" module on MyCourseLink (Self-Registration Page). This includes two ISED workshops:

  • Introduction to Research Security
  • Cyber Security for Researchers

ISED Self-Paced Courses (30-40 minutes each)

The Government of Canada offers three free courses on the ISED Learning platform (GCKey login available):

Public Safety Canada | Safeguarding Science (Live Workshops)

Public Safety's Research Security Centre offers Safeguarding Science, a series of 60-90 minute live workshops covering:

  • Best practices for maintaining a security-conscious research organization
  • Tools to recognize and mitigate research security risks
  • Understanding sensitive and dual-use technology

Who Should Attend: Researchers, research staff, students, administrators, IT staff, and security personnel.

French virtual sessions available on the French Safeguarding Science page.

2026 Session Schedule

Click on a module below to view details. Registration links will be posted as they become available on the Public Safety Safeguarding Science page.

Canada's Export and Brokering Controls | Global Affairs Canada

Increases knowledge about Canada's export controls regime, including what is controlled and why. Explains how research institutions may be subject to export controls, demonstrates how to apply for an export permit, and provides resources and contacts.

Learning Objectives:

  • Increase knowledge about Canada's export controls regime
  • Understand how research institutions and academia may be subject to export controls

Date: January 19, 2026 | 1:00pm - 2:00pm (EST)

Raising Awareness of Security Risks and Mitigation Tools in the Research Ecosystem | Public Safety Canada

This foundational module raises awareness within Canada's scientific and academic communities about research security issues. It explains the potential for misuse of sensitive research, technology, and materials, along with risk indicators and mitigation tools. Updated annually to reflect the evolving research and national security environment.

Recommended starting point for anyone new to research security.

Learning Objectives:

  • Learn guidance and tools to strengthen security posture at research institutions
  • Understand how research security intersects with research activities
  • Identify and mitigate threats to research security
  • Pursue and maintain safe research partnerships
  • Consider dual-use implications of research
  • Protect valuable research, data, and potentially patentable property

Date: January 21, 2026 | 1:00pm - 2:30pm (EST)

Global Affairs Canada

Overview of Canada's current sanctions measures, best practices for conducting due diligence to verify sanctions compliance, and information on permit applications. Details how sanctions affect Canadian educational institutions, research collaborations, funding opportunities, and engagement with international partners in sanctioned countries.

Learning Objectives:

  • Gain awareness of Canadian sanctions, exceptions, and permits
  • Learn about compliance and enforcement

Date: February 5, 2026 | 1:00pm - 2:00pm (EST)

Public Safety Canada

Provides an overview of open-source due diligence techniques for evaluating risks related to potential research partners. Enhances researchers' ability to gather, analyze, and interpret relevant information using open-source methods to ensure research security and integrity.

Learning Objectives:

  • Find relevant information using open-source methods
  • Frame open-source information to analyze and make security-conscious decisions
  • Protect researchers during all stages of research

Date: February 19, 2026 | 1:00pm - 2:00pm (EST)

Protecting Your Research While Travelling Abroad | Public Safety Canada

Provides a global overview of the threat environment when travelling. Summarizes techniques used by foreign governments to acquire research, and provides best practices to follow before, during, and after travel.

Learning Objectives:

  • Raise awareness of travel risks
  • Enable researchers to make risk-informed decisions to protect themselves and their research

Date: March 11, 2026 | 1:00pm - 2:00pm (EDT)

Immigration, Refugees and Citizenship Canada

Provides insight on the immigration process for international students and explains how prospective applicants are security screened for admissibility. Covers immigration forms, supporting documents, and the roles and responsibilities of IRCC and its security screening partners. Includes case studies to demonstrate the process.

Learning Objectives:

  • Learn about the Canadian process of obtaining a study permit for international students
  • Review recent case studies

Date: March 19, 2026 | 1:00pm - 2:00pm (EDT)

Know Your Research – Know Your Partners – Assess the Risk | Public Safety Canada

Elaborates on dual-use technologies and research with specific examples that highlight their complex nature and how to recognize their sensitivities. Whether working in STEM, social sciences, or humanities, this module enhances understanding of dual-use research and provides tools for due diligence and risk evaluation.

Learning Objectives:

  • Raise awareness of risks from Sensitive Technology Research Areas and dual-use technologies
  • Illustrate the dual-use nature of specific research areas across multiple domains
  • Enable participants to better recognize how their work may be sensitive or dual-use
  • Highlight the importance of due diligence and safeguarding intangible information
  • Balance and reinforce the importance of collaboration in open science

Date: March 24, 2026 | 1:00pm - 2:00pm (EDT)

The Strategic Relevance of Social Sciences and Humanities in Research Security | Public Safety Canada

Highlights the strategic role of social sciences and humanities in analyzing and managing complex security challenges. Explores how foreign interference, surveillance, and manipulation strategies can compromise Canada's research ecosystem and affect researchers. Uses case studies to illustrate synergies between STEM and social sciences, dual-use research concerns, and vulnerabilities specific to academic environments.

Learning Objectives:

  • Increase awareness and provide practical tools to identify and address research-related risks in social sciences
  • Support informed decision-making in assessing social sciences and humanities grants through a research security lens

Date: To be announced

In-Person Option: The Research Security Centre offers scenario-based exercises to complement Module 1. Participants work in small groups to identify risks and propose mitigation strategies. Contact Public Safety Canada to arrange a session for your institution.

On This Page

Need Assistance?

For any research security-related questions, please contact:

Andrew Austin
Research Security & Data Management Specialist

security.research@lakeheadu.ca

(807) 343-8010 ext. 8190