The University of Iowa’s Research Security Program Policy outlines the university’s commitment to safeguarding research data, intellectual property, and critical technologies while also fostering responsible and collaborative research practices. This policy establishes a comprehensive framework for:

  • research security training,
  • international travel security,
  • export controls, and
  • cybersecurity. 

These elements ensure compliance with federal research security program standards and institutional policies while promoting a culture of research integrity and security.

 

Policy

  1. Purpose.  The University of Iowa (UI) fosters a collaborative research environment that includes partnerships with both domestic and international institutions, businesses, and governmental entities.  Principled collaborations with individuals from other organizations bring diverse perspectives and enrich UI’s research enterprise, enhancing the quality and impact of its work. The UI also supports the open and transparent dissemination of research findings to advance knowledge and understanding across disciplines.  While UI encourages and values research collaborations, it is equally committed to safeguarding research data, intellectual property, and critical technologies consistent with its responsibilities as a R1 institution operating in the State of Iowa.  Appropriate caution must be exercised to prevent loss or misuse. 

  1. Research Security Program.  UI is committed to safeguarding research data, intellectual property and critical technologies in accordance with applicable state and federal laws, federal guidance, and UI policies.  To support this commitment, UI has established five components that comprise its Research Security Program and adopted institutional policies that promote secure research practices.  This Research Security Program complies with federally mandated research security program standard requirements.     

  1. Scope.  All UI-affiliated persons who conduct or support research (“UI Researchers”) are subject to this Research Security Program Policy, regardless of funding sources.  This Policy supplements existing state and federal laws, as well as applicable UI policies related to research security.  The Policy does not supersede any other existing and applicable obligations. 

  1. Definitions.  

  1. UI Researchers.  All UI-affiliated persons who conduct or support research regardless of funding sources.  This definition applies to those who access, use, study, analyze, or generate research data or execute findings.  It includes all faculty, staff, students, adjunct faculty, postdoctoral scholars and fellows, individuals with complimentary and/or emeritus appointments, visitors, and collaborators.  

  1. Covered Individual.  For the purposes of this Policy, a “covered” individual is any person who works on or is supported by federal funding, or any person who is designated as a “covered” individual by the relevant federal funding agency.  A Covered Individual is also a UI Researcher. 

  1. Research Security Program Components.  The Research Security Program includes: 

  1. Research Security Training.   Covered individuals engaged in research must complete training(s) as required by the relevant, specific federal funding agency to inform them about research security risks and threats. Training will include, but is not limited to, the following areas: 

  • Proper use of federal funds. 

  • Benefits of responsible international collaboration and the importance of non-discrimination as a guiding principle of U.S. research security policy. 

  • Intellectual property and data protection requirements and best practices. 

  • Responsible international travel practices. 

  • Basic cybersecurity hygiene and data protection practices, including recognition of and response to social engineering threats and cyber breaches. 

  • Disclosure requirements for conflicts of interest and commitment, other research support, foreign components, and foreign gifts and contracts. 

  • Existing and emerging risks and threats to the global research ecosystem; and 

  • Identifying, managing, and seeking means for mitigating risk, particularly in the context of foreign talent recruitment programs and insider threats. 

The Research Integrity and Security Office (RISO) is responsible for ensuring compliance with federal training requirements.  The RISO will provide covered individuals with the training necessary to satisfy their research security training as well as a deadline by which training must be completed. 

  1. Travel Security.  All UI travelers must comply with institutional travel policies and protocols.  Travel protocols apply when individuals travel for UI related business including, but not limited to, teaching, conferences, and research activities, as well as when individuals receive sponsored or third-party travel for research or professional purposes.  All travel must be approved prior to an individual’s intended date of departure.  Anyone traveling internationally for research-related purposes must complete a pretravel briefing at least on an annual basis.  Post-travel briefings may be required at the discretion of the RSO or the research sponsor on a case-by-case basis. 

  1. Export Controls.  Certain research data, intellectual property, and critical technologies may be subject to additional restrictions.  All UI Researchers are responsible for ensuring compliance with all federal, state and local export control laws and regulations, as well as all UI policies, procedures, and guidelines related to export controls.  Covered Individuals must also complete training on requirements and processes for export controls through the Division of Sponsored Programs (DSP).  This training includes, but is not limited to, reviewing any foreign sponsors, restricted entities lists, and the explicit limitations to the fundamental research exception.  

  1. Cybersecurity.  All users of UI information technology (IT) resources, including UI Researchers, must comply with federal, state and local laws and regulations; UI policies; and any sponsor requirements for acceptable use, protection of information technology resources, research data, intellectual property, and critical technologies. 

  1. International Collaborations. UI Researchers engaged in any international collaborations may be required to complete a UI research security risk assessment prior to beginning work on a project so that an institutional review may be performed.  The Research Security Officer (RSO), the Research Security Program Committee, and/or other UI leadership may determine whether any mitigation measures or other precautions are appropriate. 

UI Researchers must also comply with the UI’s Policy on Foreign Talent Recruitment Programs, including disclosure of participation in such programs.  The UI and federal funding sponsors prohibit researchers from participating in malign foreign talent recruitment programs.   

f. Reporting Obligations for Research Security.  All members of the UI community should raise concerns about research security to the RISO.  

The RISO may report the concern(s) to the Vice President for Research, to other appropriate UI leadership, or to the department or unit responsible for addressing any potential policy violations.  

g.  Research Security Program Violations.  

UI Researchers who fail to comply with the Research Security Program may be subject to discipline for violating UI policies and protocols.   

Covered Individuals who fail to comply with the Research Security Program may be reported to the relevant funding agencies and may be subject to disciplinary measures imposed by those agencies, including suspension of research activities and termination of research funding.  The UI also reserves the right to impose additional or other measures as may be appropriate. 

  1. Oversight.  The Office of the Vice President for Research (OVPR) oversees and manages the Research Security Program to support institutional compliance.  Roles include: 

  1. Research Security Officer.  The Vice President for Research will appoint a Research Security Officer (RSO) to implement and directly manage the Research Security Program.  Among other responsibilities, the RSO conducts research security risk assessments for international research collaborations and under other circumstances when appropriate. As needed, the RSO coordinates with institutional partners to conduct such assessments.  The RSO also receives and manages reported concerns regarding the Research Security Program. 

  1. Research Security Program Committee.  The Vice President for Research and the RSO will establish and maintain a Research Security Program Committee (RSPC) consisting of stakeholders with program oversight and appropriate UI leadership.  The RSPC will: 

(a)  Periodically evaluate research security policies and procedures for effectiveness to ensure compliance with federal requirements and to identify areas for institutional improvement; 

(b)  Develop and recommend strategies to mitigate potential risks associated with research activities including data security, responsible and principled international collaboration, intellectual property protections, critical technologies, cybersecurity, export controls, and international travel security; 

(c)  Create research security training programs and evaluate effectiveness of research security training programs for Covered Individuals, as required by federal regulations and funding agencies, to foster a culture of security awareness within the research community.  Security awareness involves issues around data security, intellectual property protection, insider threat awareness, and risks associated with undue influence in research; and 

(d) Engage with relevant stakeholders to ensure a cohesive approach to research security across the UI. 

Related Policies
 
UI Policy Manual (PM): 

II-18.4 Conflicts of Commitment (Effort) 
II-18.5 Conflict of Interest in the Workplace 
II-18.6 Conflict of Interest in Research 
II-18.7 Institutional Conflict of Interest in Human Subjects Research 
II-19 Acceptable use of Information Technology Resources 
III-15 Professional Ethics and Academic Responsibility 
III-16 Ethics and Responsibilities for University of Iowa Staff 
III-29 Faculty Dispute Procedures 
III-32 Visitors in the Workplace 
V-22 - Travel Policy  

 

Office of the Dean of Students Policy: 

Sections E.3, E.5, and E.9 of the Code of Student Life 

 

Other UI Policies and Guidance: 

International Travel/VPN Guidance 
UI IT Security Policy 

 

Office of the Vice President for Research (OVPR) Policies:  

OVPR Policy on Foreign Talent Recruitment Programs 
OVPR Policy on Visitors Engaged in Research on Campus 
OVPR/DSP Export Controls at the University of Iowa 
UI Research Data Policy 

Contacts

Mike Andrews

Mike Andrews

Director of Research Integrity and Security
Research Security Officer
Research Integrity Officer
michael-andrews@uiowa.edu
319-335-9687
photo of Shelly Campo

Shelly Campo, PhD

Assistant Research Integrity Officer (ARIO) and Graduate College Associate Dean for Administrative Affairs
Shelly-campo@uiowa.edu
319-335-2136
Kevin Zihlman portrait

Kevin Zihlman

Research Integrity and Security Specialist
kevin-zihlman@uiowa.edu
(319) 335-9718

Allegations of research misconduct are serious in nature and confidentiality for all parties involved must be and will be maintained.

Reports can be made to the individuals listed above, the Vice President for Research, or the Provost.