There are four main areas of importance related to research security.
-Disclosure of external relationship, both domestic and international. These relationships must be transparent and disclosed
in accordance with applicable federal sponsor agency guidance/policies and SBU policy/procedures.
-Protection of intellectual property, research data, and materials, i.e., cybersecurity,
physical security, review of international relationships and higher risk activities,
use of appropriate agreements (e.g., material transfer, confidentiality, collaboration,
data-use, visitor scientists).
-Compliance with export controls, i.e., disclosure, shipment, use, transfer, or transmission
of any item, commodity, material, technical information, technology, software, or
encrypted software for the benefit of a foreign person or foreign entity anywhere
(including the transfer of controlled information within the U.S. “deemed export”);
transaction and the provision of services involving prohibited countries, persons
or entities based on trade sanctions, embargoes and travel restrictions; and certain
transactions with persons or entities designated on a restricted party list.
Research Security Overview, Concepts, and Guidance
Disclosure of External Relationships
Researchers have an obligation to disclose all external relationships - both domestic
and international - in a manner that is consistent with applicable requirements, including
federal and state laws, regulations, and agency guidance, as well as the university's
own policies and procedures.
Individual (researchers, faculty, and staff) have an obligation to avoid conflicts
of interest and commitment when carrying out their external and University education,
research, scholarship, or service responsibilities. This includes activities over
summer and winter break months. These external activities must be reported in myResearch
Conflict of Interest in an individual's Disclosure Profile.
Researchers are required to appropriately disclose all activities, including all international
relationships, activities and components, in accordance with their federal sponsor's
guidance and policies*.
Research reporting requirements of gifts and federally sponsored projects:
If gift funds are used to support sponsored research there may be additional reporting
to the research sponsor (e.g. disclosure of other support).
SBU institutional reporting requirements of foreign gifts:
Disclose semi-annually to the U.S. Department of Education specific financial transactions
pursuant to Section 117.
Disclose annually to the National Science Foundation specific financial transactions
pursuant to the CHIPS ad Science Act of 2022.
Protection of Intellectual Property, Research Data, and Materials
Researchers, as stewards of their data, have an obligation to protect their data in
accordance with all applicable policies. This includes institutional policies, sponsor
policies, and any terms and conditions accepted in an agreement.
Faculty, staff, and students are required to comply with SBU cybersecurity and data
security policies.
Researchers (both funded and unfunded) may have additional laws and/or regulations
that oversee the data security requirements of a category of data.
Researchers may have additional cybersecurity laws and/or regulations that are required
for the conduct of their projects. (See Federal Awards and Protection Standards below)
SBU does not conduct or accept classified research or controlled unclassified information
(CUI).
Controlled Unclassified Information (CUI) is information the Government creates or possesses, or that an entity creates or
possesses for or on behalf of the Government, that requires safeguarding or dissemination
controls consistent with applicable laws, regulations, and Government-wide policies
but is not classified under Executive Order 13556 “Classified National Security Information”
or the Atomic Energy Act, as amended.
SBU cannot accept or store data subject to the GDPR or other similar data protection
laws.
The General Data Protection Regulation (GDPR) is a regulation in European Union law
on data protection and privacy concerning the processing by an individual, a company
or an organization (including SBU) of personal data relating to individuals in the
European Union and European Economic Area.
Contact the Research Security Program if you are contemplating research with increased
physical security requirements or are purchasing export controlled items.
Transfer of data, and materials to other researcher and labs must follow all applicable
laws, regulations, contractual obligations and SBU policies.
The U.S. federal government has identified certain parties, countries, and areas of
research that require additional due diligence when engaging in international activities.
These are Restricted Parties, Countries of Concern, Foreign Talent Recruitment Programs,
and Critical and Emerging Technologies.
The U.S. government maintains lists of entities and persons who are restricted and/or
denied certain transactions. This includes the recent "1286 List" - Restricted Party Overview
All foreign person and entities must be screened for inclusion on any of these lists
prior to engaging in activities.
Any activities with a Restricted Party must be reviewed by the Research Security Program.
Countries of Concern: China, Iran, Russia, and North Korea.
Recognized as countries of concern by many federal agencies and sponsors. Activities
that include these countries have additional risks and must be reviewed by the Research
Security Program.
Faculty and other key personnel on federally funded research awards should understand
the definitions of Foreign Talent Recruitment Programs (FTRP) and Malign Foreign Talent
Recruitment Programs (MFTRP) and federal sponsor restrictions on MFTRPs.
Many federal sponsors now require certification that faculty and other key personnel
are not participating in a MFTRP.
The federal government maintains a list of critical and emerging technologies that
are potentially significant to U.S. national security. Researchers contemplating
a research activity with an international partner in one of these areas should contact the Research Security Program.
Federal Resource: Critical and Emerging Technologies List Update (February 2024); Fast Track Action Subcommittee on Critical and Emerging Technologies
of the National Science and Technology Council
Compliance with Export Controls
Researchers have an obligation to be aware of export restrictions applicable to any
ideas, information or equipment they intend to share with international collaborators,
whether they are overseas or visiting the U.S.
Export controls are a body of federal regulations that regulate:
Disclosure, shipment, use, transfer, or transmission of any item, commodity, material,
technical information, technology, software, or encrypted software for the benefit
of a foreign person or foreign entity anywhere (including the transfer of controlled
information within the U.S. “deemed export”);
Transactions and the provision of services involving prohibited countries, persons
or entities based on trade sanctions, embargoes and travel restrictions.
Newsletters and Campus Correspondence
The Office of Research Security disseminates important information and updates from
the federal government and federal sponsor agencies through newsletters and campus
correspondence.
