Security sensitive information
Registration of research projects that involve access to and/or storage of security sensitive research material
1. What is ‘security sensitive’ research material?
Keele defines security sensitive research materials as:
- Materials that are covered by the Official Secrets Act (1989) and the Terrorism Act 2006
- Materials that could be considered ‘extremist’ or incompatible with British values.
- Materials used for research projects commissioned by the military or under an EU security call.
- Research projects that involve the acquisition of security clearances to undertake the research.
‘Materials’ include both online, electronic and hard copy sources.
It is recognised that other research material, not mentioned above, could be also be regarded as security sensitive. If in any doubt, a researcher should contact the University’s Research Governance Officer for further advice.
2. Purpose of the Registration Process
The University supports its researchers in undertaking research using security sensitive material, but takes seriously the need to protect them from the misinterpretation of intent by authorities, which can result in legal sanction. It is therefore important that the University is aware of the research before it begins and can ensure proper data governance and oversight.
The registration process described below is a mechanism for allowing researchers to register their use of security sensitive materials as part of legitimate research projects and thereby enabling the University to demonstrate to authorities that it is aware the research being carried out. It is not a mechanism for reviewing this research or regulating it.
3. To whom does this guidance apply?
All researchers – both academic faculty and the student body. This includes undergraduate and postgraduate students.
4. What do researchers using security sensitive research material need to do?
a) Register all research projects that involve the use of security sensitive research material
Individuals whose research falls within the definition of using security sensitive research material must register their research project(s) with the University prior to commencement by completing the Registration Form and submitting to the Research Integrity Team via firstname.lastname@example.org. The registration form must be signed off by the research supervisor (or Faculty Research Director / Research Institute Director in the case of staff) to demonstrate that the University is aware of the project, and its legitimacy.
b) Use a university profile when visiting security sensitive websites
Researchers should be aware that visits to security sensitive websites (even from open access sites) may be subject to monitoring by the police and, if discovered, can prompt a police investigation. Therefore it is recommended that, when undertaking research, university IP addresses are used to access these sites, thus ensuring that any enquiries about such activities come to the institution in the first instance.
c) Use a University-provided secure project drive to store security sensitive research material
Research material that is security sensitive should not be stored on the researcher’s personal computer, university computer or on their standard university drives. Individuals indicating on the registration form that their research involves the storage of security sensitive research materials will be contacted by IT to arrange the set-up of an appropriate secure project drive for the storage of this material.
Physical data e.g. reports/manuals should be scanned and a copy uploaded to the secure project drive and hard copies subsequently securely destroyed.
Documents stored on the secure project drive will only be accessible by appropriate research personnel. Files from this store must not be exchanged in order to ensure that security sensitive material is kept away from personal and university computers.
The Research Integrity team, by means of the registration process, will have oversight of declared use of security sensitive research material. The purpose of this oversight is to allow a prompt response to internal and enquiries relating to declared use of security sensitive material. The Research Integrity team will be aware of the names of the researchers who are able to access each secure project drive and will be aware of the metadata (e.g. titles) for documents that are stored in the secure project drive, but not the content of the document themselves. The research supervisor (or Faculty Research Director / Research Institute Director) will also be able to access the metadata if required. This oversight will offer protection for researchers, who declare the use of security sensitive research material, as it ensures that the research material is kept secure and at arm’s length from external intrusion (unless access is required for legal reasons), in return for openness on the part of the researchers about their use of security sensitive material.
5. Enquiries regarding the use of security sensitive research material
If it is identified that material is being accessed or used within the University that appears to be security sensitive, in particular, material that might be connected with terrorism and extremism this should be reported to the Head of Academic Legal Services using the Report Form.
As outlined above material of this kind can be connected with legitimate research projects and on receipt of an enquiry form Academic Legal Services will carry out checks to establish whether the discovery of such material is linked to a registered research project.
Further queries please contact the Research Integrity team - email@example.com