The University of Southern California (“USC”) is committed to advancing knowledge through research, teaching, innovation, and responsible collaboration in an environment that values academic freedom, research integrity, and the open exchange of ideas. In support of that mission, USC has established a Research Security Program designed to protect research data, support faculty, staff, and student researchers, and promote compliance with applicable federal research security requirements.
Research security obligations have evolved significantly in recent years. In an open and collaborative research environment, institutions must address risks associated with inappropriate foreign influence, undisclosed external support or affiliations, cybersecurity vulnerabilities, misuse of sensitive research and emerging technologies, and other activities that may undermine research integrity or national security.
USC’s Research Security Program is designed to address those risks through a governance-based, risk-informed framework that promotes transparency in foreign engagements and support, helps safeguard sensitive research, data, and emerging technologies, and supports responsible international collaboration consistent with U.S. law, sponsor requirements, and university policy.
The program is supported by a university-wide governance framework led by the Research Security Governance Council (RSGC), chaired by the Office of Ethics and Compliance, which provides institutional oversight for the development, implementation, and continuous enhancement of research security practices across the research enterprise.
USC Research Security Program – NSPM-33
USC’s Research Security Program is anchored in National Security Presidential Memorandum-33 (NSPM-33) and the research security program requirements issued by the White House Office of Science and Technology Policy (OSTP). These federal requirements are intended to strengthen and standardize safeguards for U.S. Government-supported research and development while preserving research openness and avoiding discriminatory impacts.
For covered institutions, NSPM-33 requires an institutional research security program that addresses four core elements: cybersecurity, foreign travel security, research security training, and export control training. USC has established and continues to mature program elements in each of these areas in accordance with applicable federal implementation timelines and institutional risk considerations. These include:
- Cybersecurity: USC maintains and continues to strengthen cybersecurity practices for the research enterprise consistent with applicable federal expectations for research institutions. This includes but is not limited to the partnership between local IT security leads and USC’s Office of Cybersecurity in the mapping and implementation of required cybersecurity measures. The Office of Cybersecurity makes available a comprehensive set of resources designed to enable compliance with applicable NSPM-33 standards, and acts in close partnership with the Office of Ethics and Compliance and impacted schools and units to ensure timely implementation of cybersecurity measures. USC has also established a Cybersecurity Working Group that meets regularly to focus on school- and unit-level implementation of research cybersecurity expectations.
- Foreign travel security: USC’s Research Security Training module – derived from training issued by NSF SECURE – includes foreign travel security guidance for individuals engaged in international travel for university business, research, teaching, or conferences, consistent with applicable federal guidance and sponsor requirements. USC’s Travel & Expense program utilizes Christopherson Business Travel and SAP Concur, which support required travel reporting and recordkeeping. OEC has implemented enhanced international travel features in Concur, including pop-up dialogue boxes with links to OEC’s international travel and Restricted Parties guidance, and automated duty-of-care emails with travel alerts and guidance for travelers to higher-risk countries (e.g., EAR Country Group D).
- Research security training: USC has implemented a research security training program for covered individuals and tracks completion through institutional systems.
- Export control training: USC requires covered individuals who engage in research and development involving export-controlled technologies to complete export control training and tracks completion through institutional systems. This requirement may be satisfied through relevant federal training resources or USC-delivered training.
Research Security Governance Council (RSGC)
To provide institutional oversight for the implementation of NSPM-33 and the broader Research Security Program, USC has convened the Research Security Governance Council (RSGC). Chaired by the Office of Ethics and Compliance, the RSGC supports the establishment and maintenance of a research security governance and compliance program that meets the standards set forth in NSPM-33 and OSTP’s Research Security Program Standard Requirement.
The RSGC is composed of representatives from key central offices, schools, and research units across the research enterprise with responsibilities related to cybersecurity, foreign travel security, research security training, export control compliance, research administration, international engagement, legal, and information security. The Council meets quarterly and works collaboratively with researchers and institutional stakeholders to promote compliance with NSPM-33 and the highest standards of research security. USC also maintains an RSGC Cybersecurity Working Group that meets regularly to focus on school- and unit-level implementation of research cybersecurity expectations. The Office of Ethics and Compliance supports submission of required institutional attestations and coordinates with stakeholders across the university regarding implementation and continuous improvement activities.
Research Security Education and Training
Online Research Security Training (TrojanLearn)
All researchers who propose or conduct federally sponsored research must complete the required training annually regarding research security when required by the sponsor or otherwise mandated by USC. Currently, the Department of Energy (DoE), National Institutes of Health (NIH), the National Science Foundation (NSF), and the Department of Agriculture (USDA) require research security training. USC offers online training on the requirements of federal regulations and USC policy.