Peer Practices

Download COGR's "Research Security and the Cost of Compliance"

View COGR Presentation on "Research Security & the ROI"

"The projected year one, average total cost per institution for compliance with the Disclosure Standards, regardless of institutional size, is significant and concerning. The figure ranges from an average of over $100,000 for smaller institutions to over $400,000 for mid-size and large institutions. Although some of these expenses are one-time costs, a sizeable portion will be annual recurring compliance costs. Overall, the cost impact to research institutions in year one is expected to exceed $50 million. "

Research Security and the Cost of Compliance

COGR Results from COGR’s Phase I Survey on the Costs of Complying with Research Security Disclosure Requirements

Gathered from 26 complete answers examining institutional costs for fiscal year 2022-23

Over the past four and a half years, universities and their affiliated academic medical centers (AMCs) and research institutions have focused on addressing federal funding agency requirements adopted to address inappropriate foreign influence on research. These requirements include new and clarified provisions calling for researchers to disclose all sources of research support and all types of appointments and affiliations (“Disclosure Requirements”) so that agencies and institutions will have the information they need to identify any areas of commitment, funding, or scientific overlap. These Disclosure Requirements are set forth in the Guidance for Implementing National Security Presidential Memorandum 33 (NSPM-33) on National Security Strategy for United States Government Supported Research and Development1 (“Implementation Guidance”) and in agency notices.

COGR conducted Phase I of the survey described in this report to quantify the considerable time and resources (financial and otherwise) that research institutions have invested (or will invest) to achieve compliance with the Disclosure Requirements.

Community Workshops 2020-2021

Higher Education Regulated Workshop Series: A Collective Perspective

Co-authored by contributors from Purdue University, Duke University, University of Florida, Indiana University, Case Western Reserve University, University of Central Florida, Clemson University, Georgia Institute of Technology, and University of South Carolina.

After an eight month effort concluding in June of 2021, 155 participants from 84 research institutions from across the United States gathered for six facilitated, NSF-sponsored workshop sessions to determine if coming together as a community could improve the support of individual programs to secure regulated data in research involving the Department of Defense or health sciences.

The report represents the collective perspective of those who participated in the workshop series and the efforts of volunteer authors who helped put it together. The primary aim of the document is to identify challenges, share best practices, and provide recommendations to the community on how to handle regulated research data on campus.

Effective Cybersecurity for Research

Authored By: William Drake and Anurag Shankar of Indiana University

The tension between cybersecurity and researchers has long hampered attempts to secure research. It is also why institutional cybersecurity efforts in academia have been confined to the most sensitive research. The status quo has persisted for other reasons as well, for instance the complexity of the research environment, but latest developments in the regulatory and cyber threat landscape are quickly changing the status quo. Funding requirements scoped beyond individual awards and newly evolving threats are pointing to a future where securing research holistically is no longer optional. This paper describes an approach to cybersecurity for research that is showing great promise in breaking the security versus research impasse. A product of years of effort at Indiana University, it focuses exclusively on the researcher and the research mission, reduces the cybersecurity and compliance burden on the researcher, and aims to secure all research. It has been stress tested on campus, with success evidenced by researchers embracing it voluntarily and research being accelerated measurably.

Regulated Research Benchmarking Study

Authored By: Liz Rulli, Jane Livingston, and Neal Wozniak of Notre Dame Research, University of Notre Dame

As its research portfolio grows, and with increasing emphasis by sponsors on cybersecurity and research data security, the University of Notre Dame is embarking on creating a program for handling regulated research data from cradle to grave. In order to learn more about how best to build a program, the University surveyed its peers to understand what they are doing and collect best practices.

Unsurprisingly, there are as many approaches to the task of managing a compliant regulated research program as there were interviews conducted. At the highest level, there is broad awareness of the need to comply with the various agency regulations governing data security and moves to address them. That being said, of a dozen institutions in the study, most report being in the early phases of building a comprehensive program for managing regulated data.

For more information: lrulli at nd.edu