The University of Southern California (“USC”) is committed to advancing knowledge through research, teaching, innovation, and responsible collaboration in an environment that values academic freedom, research integrity, and the open exchange of ideas. In support of that mission, USC has established a Research Security Program designed to protect research data, support faculty, staff, and student researchers, and promote compliance with applicable federal research security requirements.
Research security obligations have evolved significantly in recent years. In an open and collaborative research environment, institutions must address risks associated with inappropriate foreign influence, undisclosed external support or affiliations, cybersecurity vulnerabilities, misuse of sensitive research and emerging technologies, and other activities that may undermine research integrity or national security.
USC’s Research Security Program is designed to address those risks through a governance-based, risk-informed framework that promotes transparency in foreign engagements and support, helps safeguard sensitive research, data, and emerging technologies, and supports responsible international collaboration consistent with U.S. law, sponsor requirements, and university policy.
The program is supported by a university-wide governance framework led by the Research Security Governance Council (RSGC), chaired by the Office of Ethics and Compliance, which provides institutional oversight for the development, implementation, and continuous enhancement of research security practices across the research enterprise.
USC Research Security Program – NSPM-33
USC’s Research Security Program is anchored in National Security Presidential Memorandum-33 (NSPM-33) and the research security program requirements issued by the White House Office of Science and Technology Policy (OSTP). These federal requirements are intended to strengthen and standardize safeguards for U.S. Government-supported research and development while preserving research openness and avoiding discriminatory impacts.
For covered institutions, NSPM-33 requires an institutional research security program that addresses four core elements: cybersecurity, foreign travel security, research security training, and export control training. USC has established and continues to mature program elements in each of these areas in accordance with applicable federal implementation timelines and institutional risk considerations. These include:
- Cybersecurity: USC maintains and continues to strengthen cybersecurity practices for the research enterprise, consistent with applicable federal expectations for research institutions, and will align implementation timelines to the federal research cybersecurity resource referenced in the CHIPS and Science Act.
- Foreign travel security: USC provides periodic foreign travel security training for covered individuals engaged in international travel for university business, research, teaching, or conferences, consistent with applicable federal guidance and sponsor requirements, and supports required travel reporting or recordkeeping where mandated under an award.
- Research security training: USC has implemented a research security training program for covered individuals and tracks completion through institutional systems.
- Export control training: USC requires covered individuals who engage in research and development involving export-controlled technologies to complete export control training and tracks completion through institutional systems. This requirement may be satisfied through relevant federal training resources or USC-delivered training.
Research Security Governance Council (RSGC)
To provide institutional oversight for the implementation of NSPM-33 and the broader Research Security Program, USC has convened the Research Security Governance Council (RSGC). Chaired by the Office of Ethics and Compliance, the RSGC supports the establishment and maintenance of a research security governance and compliance program that meets the standards set forth in NSPM-33 and OSTP’s Research Security Program Standard Requirement.
The RSGC is composed of representatives from key central offices, schools, and research units across the research enterprise with responsibilities related to cybersecurity, foreign travel security, research security training, export control compliance, research administration, international engagement, legal, and information security. The Council meets quarterly and works collaboratively with researchers and institutional stakeholders to promote compliance with NSPM-33 and the highest standards of research security. USC also maintains an RSGC Cybersecurity Working Group that meets regularly to focus on school- and unit-level implementation of research cybersecurity expectations. The Office of Ethics and Compliance supports submission of required institutional attestations and coordinates with stakeholders across the university regarding implementation and continuous improvement activities.
Research Security Education and Training
Online Research Security Training (TrojanLearn)
All researchers who propose or conduct federally sponsored research must complete the required training annually regarding research security when required by the sponsor. Currently, the Department of Energy (DoE), National Institutes of Health (NIH), and the National Science Foundation (NSF) require research security training. USC offers online training on the requirements of federal regulations and USC policy.
Who Must Complete the Training:
Individuals currently working on federally sponsored research projects who contribute in a substantive and meaningful way to the development or execution of the project scope are considered “covered individuals” and are required to complete the training. At a minimum, this includes the Principal Investigator/Project Director(s) and any Co-Principal Investigator/Project Director(s).
How to Complete the Training:
To fulfill this requirement, the Office of Ethics and Compliance (OEC) has added a 70-minute course entitled “Research Security Training” that is now available through TrojanLearn: http://trojanlearn.usc.edu/.
How Training Will Be Verified:
New Proposals: DCG will verify that all USC personnel named as “Senior/Key Personnel” in Section A of the Research & Related Budget form have completed the required training and that their training is current. Proposal submissions will not proceed until the training is complete.
Active Awards: DCG will verify that all USC personnel named as “Senior/Key Personnel” in Section A of the Research & Related Budget form have completed the required training and that their training is current. New award actions will be held until the training is complete.
Current Awards: PIs, with the support of their department and school research administration, are responsible for ensuring any new covered individuals complete the training prior to working on the project.
How Do I Launch the Course?
- Point your browser to the TrojanLearn portal (http://trojanlearn.usc.edu/) and log in using your USC netID and password (pop-ups must be enabled to launch the course).
- Enter “Research Security Training” in the search bar at the top and select the course.
- Click the “Launch” button to begin the course.
- Note: Once you click “Launch”, the course may take 1-2 minutes to load. Please ensure that you have a stable internet connection prior to launching the course. If your internet gets disconnected, your progress may not be saved.
Contact Information For Technical Assistance:
TrojanLearn Help Desk