Security Sensitive Research • City, University of London

City supports the principle of academic freedom and aims to support the scholarly research activities conducted under its auspices.

This includes research into security sensitive areas such as:

Accessing websites relating to terrorism, radicalisation and/or downloading material considered ‘extremist’ (this is defined as, ‘vocal and active opposition to fundamental British values, including democracy, the rule of law, individual liberty and mutual respect and tolerance of different faiths and beliefs’ in the Counter Terrorism and Security Act (2015))
Primary criminal or illegal activity
Materials which require security clearance
Materials used for research commissioned by the military or under an EU security call
Research into prohibited organisations.

Please note that this list is not exhaustive. For further advice, please contact the Research Integrity Manager in Research and Enterprise.

In order to facilitate research into such topics, but to protect staff and students, a registration process for research projects into these areas has been put in place.

Registering a project and getting Ethics approval

The registration process is a mechanism that enables City to demonstrate the legitimacy of the research, should this prove necessary, and is not put in place to regulate such research.

Researchers need to be aware that there is a degree of personal risk in undertaking this type of research and that City cannot guarantee protection from investigation or criminal prosecution by external authorities even if the project is registered with the institution.

The registration process applies to all research projects undertaken by students (including UG and PG) and staff involving access, collection and use of security sensitive materials, and applies to all research being undertaken under the auspices of City.

Research project(s) must be registered before the research can commence. Breach of this policy will be investigated through the normal institutional misconduct procedures.

A full research ethics applications must be submitted for review by Senate Research Ethics Committee for all projects, not just those that have prior registration.

Read how to apply to Senate Research Ethics Committee to get approval

Safeguarding

City has a responsibility to ensure that its staff and students are not adversely affected by the research being undertaken. This needs to be considered before the project commences, with a prior risk assessment being undertaken. The risk assessment should include consideration to the potential psychological impact of the study.

Where students are undertaking research that may be distressing, it is the supervisor’s responsibility to ensure that the student is supported appropriately. This can be achieved by, for instance, additional supervisory meetings.

In addition, students should contact the Student Counselling and Mental Health Service to discuss the potential impact and ongoing need for support before commencing the research. Staff are advised to speak to their Head of Department or Research Group and can contact Occupational Health to obtain information a list of organisation that provide psychological support.

Registration process

Research that falls within the definition of security sensitive research has to be registered using the ethics application form on Research Ethics Online.

Please note that the form must be signed off by the supervisor in the case of student research, and the Head of Department or Associate Dean for Research in the case of members of staff.

This will demonstrate to Research & Enterprise that the Department/School is aware of the research being undertaken.

Research shared drive

Once the project has been registered with Research & Enterprise, a research shared drive for storing the security sensitive material will have to be set up. The researcher will need to make a request in Service Now to arrange for the drive.

This request will be allocated to the IT Business Relationship Manager who will discuss the request with the researcher to ensure all the requirements of the project are captured and able to be met. Upon approval a standard, password protected shared drive will be created for the researcher and their collaborators.

In the event that the data is highly sensitive, the data must be held encrypted. The specifics of the encryption requirements and the processes by which the data must be accessed have to be discussed with IT Service. This should be considered before the project starts, as there may be a cost associated with procuring a solution.

Storing material

Any security sensitive research material must be stored on the institutional password protected research shared drive. Note that material must not be stored on the researcher’s personal computer, on a City computer or on a standard institutional drive. A password protected project drive will be allocated once the project has been registered and approved.

Physical outputs (e.g. reports, manuals, CDs) must be scanned and a copy uploaded to the secure project drive. Hard copies should be destroyed securely once the scanned copy has been saved to the drive.

Documents stored on the project drive will only be accessible to the researcher and must only be shared with named collaborators.

The Research Governance & Integrity Manager will be notified of the names of the files on the drive when they are uploaded and will have access to the metadata.

This will enable the institution to have oversight of the material and allow for prompt responses should any internal or external enquiries relating to the use of security sensitive material be received.

Accessing security sensitive websites

All staff and students should be familiar with Prevent Duty Guidance for higher education institutions (specifically section 27), City’s Acceptable Use of Telephones, Email and Internet policy (internal access only) (specifically sections 30 to 34) and Conditions of Use (internal access only).

Security sensitive research involving human participants

All research projects involving human participants and/or personal data are subject to review by one of City’s Research Ethics Committees. Security sensitive research projects involving human participants and/or personal data must be submitted via Research Ethics Online for review.

For further advice, please contact the Research Integrity Manager in Research and Enterprise.

External enquiries

Enquiries from legitimate external bodies or members of staff or students at City should be directed to the Research Integrity Manager.