Overview
The Government of Canada introduced new funding through the Research Support Fund (RSF) in Budget 2022 to further support the activities related to the indirect costs of research security and to support the National Security Guidelines for Research Partnerships.
The investment in research security will provide $125 million over five years, starting in 2022-23, and $25 million ongoing per year, in addition to the existing investments for the RSF and Incremental Grant Projects (IPGs).
Use of Research Security Funds
The funds granted to institutions should be used to build capacity to identify, assess and mitigate potential risks to research security, in support of the full implementation of the National Security Guidelines on Research Partnerships.
Institutions must spend the funds in the year of the award and report on the use of these funds annually.
Research security funds can be used to support multiyear projects whose outcomes will only be available at the end of a longer period of up to three years. The application allows your institution to apply for funding for the next phase of the project, provided the institution continues to meet reporting and eligibility requirements.
Eligible Institutions for Research Security Funds
Funding for research security is for eligible institutions receiving $2 million or more in eligible RSF direct research funding. Eligibility for research security funding is assessed against this threshold each year.
Institutions with less than $2 million in eligible direct research funding are not eligible for research security funding, but continue to benefit from the current progressive RSF funding formula.
McMaster’s Use of the Incremental Project Grants – Research Security
Under the current budget model, the funds are distributed among McMaster’s six Faculties: Health Sciences, Science, Social Sciences, Business, Humanities and Engineering; as well as our affiliated hospitals (Hamilton Health Sciences and St. Joseph’s Healthcare). Each Faculty uses these resources to provide for step-down expenses such as hydro, research administration etc.
Please refer to the table below to see how McMaster has utilized the IPG – Research Security. Note that the table below captures the ‘Proposal’ data for a fiscal year (current year and potentially 2nd most recent fiscal year) until the financial report is completed for that year.
Expandable List
|
Fiscal Year |
Proposal / Actual |
Award Amount |
|---|---|---|
| 2024/25 |
Proposal |
$ 1,022,080 |
| 2023/24 |
Actual |
$ 1,047,119 |
| 2022/23 |
Actual |
$ 1,069,447 |
Performance and Objectives by Fiscal Year
Expandable List
| Project Title | IPG Priority Areas | Output (investment of IPG grant funds) | Performance Objective | Performance indicator | Target Outcome | Reported Outcome |
|---|---|---|---|---|---|---|
| McMaster-VPR-Resources to Support McMaster Research Security and Management | Research Security | $579,159 | Continued education of Faculty members to ensure a baseline level of awareness with the research community | Create guidelines and templates for researchers to provide support tools
Education and Awareness Increased co-ordination with other services across campus |
Received increasing numbers of requests from faculty and staff related to potential security considerations around collaborations, grants, partnerships and other areas of research security
Hired 2 FTEs that report to the Director, Research Security Risk Developed guidelines and resources to support research administrators in their roles in order to be aware of and respond to research security requirements both federally and provincially. Developed resources and self-assessment tools to support research community and administrators navigate STRAC policy and NSGRP forms and requirements. Increased coordination with other services across campus (e.g. Telecommunications and IT; Privacy office; Academic and Research Integrity Office, Research Services and Administration; International Affairs, Campus Safety Services) Established protocol to support screening of graduate students for eligibility to engage in government funded research per STRAC Policy and Provincial Mitigating Economic and Geopolitical Risk (MEGR) Guidelines Development of travel security briefing and protocols in collaboration with Information Security Services (ISS) Supporting core facilities in the developing security protocols and updating user access policies to address current government policies and geopolitical risk. Increased coordination with government agencies (Research Security Centre, CBSA, ISED) to facilitate two-way communication and information sharing |
In Progress |
| McMaster-UTS-Enhancing Information Security for Research and Researchers | Research Security | $207,976 | Strengthen detection, protection and resilience of high-risk research related systems, data and intellectual property from threat actor | Develop a risk profile of research related systems, data and intellectual property
Strengthen information security culture by providing training modules |
Delivery of joint Information Security, Research Security and Data Management education and awareness sessions.
Information Security Sessions planned and delivery commencing by IT partners within Faculties that are expanding deployment and reach of awareness and education program. Increase in requests for Information and Security review of Research grants, partnership agreements, labs and facilities. Increased deployment and active use of Information Security resources such as MFA, Extended Detection and Response (Cortex), Vulnerability Scanning (Tenable). |
In Progress |
| McMaster-RHPCS-Security enhancements to McMaster’s research computing infrastructure and systems | Research Security | $0 | Increase capacity for secure server access and involved in McMaster research security plans | Isolated rack that can be used to provide computational and storage capacity for sensitive data
Engagement between RHPCS and UTS in IT Security project |
Project has been cancelled for further review. | Cancelled |
| McMaster-Library-Building Capacity for Research Data Security Best Practices | Research Security | $0 | Researchers better understand importance of data security and good research data management practices | Researchers access and complete training modules, rate them highly and express their increased knowledge through improved responses in data management plans and ethics board applications. | In collaboration with University Technology Services, developed and published a research data management and cybersecurity training module available to researchers across McMaster.
Delivered a suite of workshops related to research data security and shared them as asynchronous learning modules (1, 2) Developed and published an Open Educational Resource: Basic Security for Web Development Conducted over 200 research data management consultations related to aspects of research data security. |
In Progress |
| HHS-Research Security Monitoring | Research Security
|
$52,132 | Ensure security monitoring provided on-site | In order to maintain these security services a monthly fee is paid for the expertise of the security staff and overall protection of the research properties | Monthly services received were CCTV monitoring, safety escorts, disturbance calls, suspicious person calls, after hour responses for MAG lock/Fire Panel issues | Achieved |
| HHS-Cell Service Signal Repeater | Research Security | $0 | Improve cell phone reception to all areas of building | Installation of a cell phone signal repeater that would provide appropriate cell reception within the building. | Item was installed in FY23/24. Fully funded by HHS internal funds. | Achieved |
| HHS-Cardiac, Vascular and Stroke Research Institute (CVSRI) Data Centre | Research Security | $0 | Upgrading the data centre facility to ensure our data is well protected. | Reduction of temperature spikes in the data centre facility. | Project started late in 2024. Cannot assess results at this time. | Delayed |
| HHS-DocuSign Implementation | Research Security | $0 | Upgrade to DocuSign, which has been validated to comply with the FDA regulations. | Results will be based on a number of investigators to convert to DocuSign. | Project has been delayed. | Delayed |
| HHS-Infonetica Renewal | Research Security | $21,783 | Provide and maintain security level over our research ethics material | Ensure annual maintenance and user license is purchased | Ongoing license was renewed in FY23/24 which provided a filing system for ethical applications and guaranteed high-level cloud based security. Also helped organization demonstrate operational security against cyber attacks. | In Progress |
| HHS-RedCap Maintenance | Research Security | $39,316 | Provide a secure web application for building and managing online surveys and databases. | Implement secure platform to provide users with a validated version that meets the regulated security and confidentiality requirements for clinical studies. | Maintenance has ensured data collection within the institution is conducted and is in compliance with PHIPA and HIC requirements | Achieved |
| HHS-Upgrade and Maintenance of Research Database | Research Security | $61,553 | Upgrade existing database to a more reliable & secure system | Implement new database with increased security framework and documentation. | Database implemented January 2024, which is an upgrade from our prior system which guarantees a near perfect rate of uptime each month, provides a comprehensive 10 Layer Security Framework, and has a documented disaster recovery plan. | Achieved |
| St. Joes-Modernization and Securitization of Research Data Services and Research Admin Technology | Research Security | $78,649 | St. Joes-Modernization and Securitization of Research Data Services and Research Admin Technology | Procure and implement a software system capable of meeting performance objectives; support for data security personnel to assess security needs, plan system implementation and negotiate system security requirements, act as a liaison between business transformation team and research management team to ensure appropriate planning for system integration.
Upgrading information technology as per recommendations made in the FY2022/23 information technology infrastructure and data security audit. |
Implementation of recommendations from audit in FY2022/23 data security project – wetlab information technology infrastructure upgraded.
|
In Progress |
| Project Title | IPG Priority Areas | Output (investment of IPG grant funds) | Performance Objective | Performance indicator | Target Outcome | Reported Outcome |
|---|---|---|---|---|---|---|
| McMaster-Resources to Support Research Security Assessment and Management
|
Research Security | $99,864 | 1. Implementation of a University-wide and efficient process to enable researchers to submit grant applications with minimal delay 2. Education of Faculty members to ensure a baseline level of awareness within the researcher community related to research security risks |
Staff dedicated to Research Security; Research Security Training for Staff; Complete Research Security guidance documents to help researchers; Number of researchers receiving training / education related to Research Security (via 1 on 1 meetings or workshops); Number of applications reviewed by MILO for research security; Number of applications rejected due to lack of sufficient information in Research Security Plans: Processes, tools developed or implemented at the university to support research admin and researchers to prepare and review Research Security Mitigation Plans |
Director, Research security job posted and hired for F2024; 3 staff received Research Security Training; MILO created Research security guidance documents and provided to researchers applying to NSERC Alliance; MILO staff met with over 50 researchers and stakeholders in FY22/23 to provide guidance, training and support on Research Security Mitigation plans; 20 applications submitted to NSERC and 10 to other funders with Research Security Mitigation Plans ; 2 applications rejected due to Research security concerns in FY 2023
|
In-Progress
|
| McMaster-Building a more secure research computing infrastructure
|
Research Security | $445,526
|
Support the creation of a new core advanced research computing infrastructure which will be used to supplement the services available to McMaster’s researchers through the Digital Research Alliance of Canada and Compute Ontario.
Put in place the necessary pieces to improve monitoring of McMaster’s core digital research infrastructure allowing McMaster to be more proactive and effective and responding to potential threats and risks which will greatly improve the security of our research enterprise. |
1. Create new infrastructure 2. Put in place tools that will allow for automated monitoring of system reports 3. Put in place tools that will allow for more effective system access controls 4. Ensure that the campus cybersecurity plan fully considers the needs of researchers 5. Support security for applications used to manage central research infrastructure |
1. Procurement, installation and deployment of hypervisor nodes and storage nodes. 2. Configured internal network 3. Automated system monitoring tool selected, tested and implemented on select systems. 4. Co-hosted 1/2 day Security working session 5. Host IT Security monthly team meetings |
In-Progress
|
| McMaster-Enhancing Information Security for Research and Researchers | Research Security | $175,876 | Enhance Information Security for Researchers 1. IT Security Education and Training 2. IT Security Support Services |
1. Strengthen the detection, protection and resilience of high-risk research related systems, data and intellectual property from threat actor exploitations 2. Develop a risk profile of research related systems, data and intellectual property that will inform the application of Information Security Safeguards 3. Strengthen the information security culture within the Research Community at McMaster |
1. Launched IT Security Training and Awareness Models for Researchers including Research Data Management training integration. Promoting training Fall 2023, Winter 2024, Spring 2024 through Digital Research Commons Pilot engagement with Research Community and through campaigns targeting new and returning Researchers i.e. participated in the 2023 incoming Researcher’s awareness sessions 2. Through vulnerability scanning and incident and event alert monitoring trough Cortex and Sentinel, have engaged Researchers and Research support units to address discovered vulnerabilities and incidents. As well conducted several Security Reviews for Researcher agreements and partnerships |
In-Progress
|
| McMaster-Expanding Accessibility to Secure Storage and Analysis for Sensitive Research Data | Research Security | $100,000 | 1. Develop a plan to scale up, adapt to unique needs and address pressing problems while maintaining and improving data security features.
2. Expand the number of users and as such, expanded server capacity. |
1. Complete a new access modality that will dramatically increase accessibility for a subset of data with different security needs, without compromising our standards 2. Initiate a pilot test to make access to secure data environment available to all researchers (including students) 3. Move from 90 researcher base to more than 300 and double the datasets managed. |
1) New access modality implemented by the end of the year. Policy ironed out, discussions with potential users started and pricing tentatively decided.
2)In the process of onboarding – first users in January. 3) This process unearthed gaps in decision making that has been resolved. 4)training material for security and lab usage completed – to be uploaded |
In-Progress
|
| St. Joes-Modernization and Securitization of Research Data Services and Research Administration Technology
|
Research Security | $80,326 | Obtain software system, hire personnel, integrate with EPIC/hospital systems
|
Identify/procure a software system capable of meeting performance objectives; Successful recruitment of personnel to perform system integration and data security duties; Successful integration with EPIC/hospital systems
|
– An external firm hired to perform an information technology infrastructure and data security audit to identify gaps and weaknesses prior to hiring of personnel and acquiring software.
– 1.0 FTE hired to provide dedicated support to the research community and secure access to research data in Epic. – 0.5 FTE hired to provide dedicated support to the RFP process and implementation of the research management software. – Timelines for the RFP process for the research management software system were longer than anticipated to ensure alignment with the broader public sector accountability act; two vendors have been identified and demonstrations will be completed by Nov 28, followed by the selection of the software system. – Potential vendors have described capability of integrating with hospital systems; once the system has been chosen, integration activities can begin In-Progress |
In-Progress
|
| HHS-David Bradley Cardiac, Vascular and Stroke Research Institute-Security System Replacement
|
Research Security | $111,082 | HHS-DBCVSRI Security System Replacement | Upgrade obsolete security camera system for better data capture | Digital security camera system install was complete, providing higher resolution, improved lens & zooming capabilities and covers a larger area. | Achieved |
| HHS-Upgrade of Research Database
|
Research Security | $26,995 | Upgrade Research Database | Upgrade existing database to a more reliable & secure system | Implementation started late in the fiscal year and will carry-over into next fiscal before performance objectives are met | In-Progress
|
| HHS-RedCap Web Application Software
|
Research Security | $29,778 | RedCap Maintenance | Provide a secure web application for building and managing online surveys and databases | Maintenance has ensured data collection within the institution is conducted in compliance with PHIPA and HIC requirements | Achieved
|