Students Staff

Security sensitive research material

The University is required to comply with Section 26 (1) of the Counter-Terrorism and Security Act 2015 which imposes a duty on ‘specified authorities’ to have due regard to the need to prevent people from being drawn into terrorism. Government guidance for HEIs on implementation of this duty includes the statement that:

“We [the UK government] would expect to see clear policies and procedures for students and staff working on sensitive or extremism-related research.”
(para 28)

The University has developed a policy and procedures for managing and storing security-sensitive research material based on the guidance document published by Universities UK, Oversight of security-sensitive research material in UK universities: guidance, which involves the registration of research that involves access to and/or storage of security sensitive research material.

  • What is ‘security-sensitive’ research material?

    Security-sensitive research materials cover:

    • Materials that are covered by the Official Secrets Act (1989) and the Terrorism Act 2006
    • Materials that could be considered ‘extremist’ which is defined in the Statutory Guidance to HEIs under Section 29 of the Counter Terrorism and Security Act 2015 as, 'vocal or active opposition to fundamental British values, including democracy, the rule of law, individual liberty and mutual respect and tolerance of different faiths and beliefs'
    • Materials used for research projects commissioned by the military or under an EU security call.
    • Research projects that involve the acquisition of security clearances to undertake the research.

    ‘Materials’ include online, electronic and hardcopy sources, audio and video recordings.

    It is recognised that other research material, not mentioned above, could also be regarded as security sensitive. If in any doubt, a researcher should contact the University’s Research Governance Officer for further advice.

  • Purpose of the Registration Process

    The University supports its researchers in undertaking research using security sensitive material, but takes seriously the need to protect them from the misinterpretation of intent by authorities, which can result in legal sanction. It is therefore important that the University is aware of the research before it begins and can ensure proper data management and oversight.

    The registration process described below is a mechanism for allowing researchers to register their use of security sensitive materials as part of legitimate research projects and thereby enabling the University to demonstrate to authorities that it is aware the research being carried out. It is not a mechanism for reviewing this research or regulating it.

  • To whom does this guidance apply?

    The guidance applies to all staff and students, both postgraduate and undergraduate.

  • What do researchers using security sensitive research material need to do?

    1. Register all research that involve the use of security sensitive research material
      Individuals whose research falls within the definition of using security sensitive research material must register their research project(s) with the University prior to commencement by completing the Registration Form and submitting it to the Research Governance and Planning Manager. The registration form must be approved by either the departmental Director of Research (staff research) or the research supervisor and departmental Director of Research (student research). This provides evidence that the University is aware of the research, and its legitimacy.

    2. Use a university profile when visiting security sensitive websites
      Researchers should be aware that visits to security sensitive websites (even from open access sites) may be subject to monitoring by the police and, if discovered, can prompt a police investigation. Therefore it is recommended that, when undertaking research, university IP addresses are used to access these sites, thus ensuring that any enquiries about such activities come to the institution in the first instance.

    3. Use the University individually allocated secure SharePoint to store security-sensitive research material
      Research material that is security-sensitive must not be stored on the researcher’s personal computer, university computer or on their standard university drives. Individuals indicating on the registration form that their research involves the storage of security-sensitive research materials will be allocated a secure SharePoint site drive for the storage of this material.

      Physical data e.g. reports/manuals must be scanned and a copy uploaded to the site. Hardcopies must subsequently be securely destroyed.

      Documents stored on the secure site will only be accessible by the named research personnel and files from this store must not be exchanged. This will ensure that security-sensitive material is kept away from personal and university computers.

    The Research Governance and Planning Manager will have oversight of the declared use of security-sensitive research material through the registration process. The purpose of this oversight is to allow a prompt response to any enquiries, internal and external, relating to declared use of security-sensitive material. The Research Governance and Planning Manager will be aware of the names of the researchers who are able to access each secure site and will be aware of the metadata for documents (e.g. the titles) that are stored, but will not know the content of the document themselves. For those who declare the use of security-sensitive research material, this oversight will offer protection for researchers as it ensures that the research material is kept secure and at arm’s length from external intrusion (unless access is required for legal reasons).

  • Enquiries regarding the use of security sensitive research material

    If it is identified that material is being accessed or used within the University that appears to be security sensitive, in particular, material that might be connected with terrorism and extremism this should be reported to the Research Governance and Planning Manager using the appropriate form.

    Material of this kind can be connected with legitimate research and on receipt of an enquiry form checks will be made to establish whether the discovery of such material is linked to a registered research.

    If the identified material is not connected with legitimate research, the matter will be immediately reported to the University’s Security Manager.

Documents and forms

Further resources