Whether you are looking for answers regarding cybersecurity and privacy practices and requirements at UBC; help with the security posture of your project; or require a deep dive into a solution to identify security risks, ARC Sensitive Research Team (SRT) is available to assist. Consult the list of services below and select the one that best matches your needs.
Security Consultation
A security consultation consists of an in-person, phone or virtual consultation meeting between SRT and the research project team. During this consultation, SRT will respond to your security and privacy questions and provide guidance based on UBC policies and standards, and cybersecurity good practices.
Security Compliance Checklist
Looking to find out if your project solution is compliant with UBC requirements?
The security compliance checklist is a document covering high-level information security for a solution. It contains a list of items to verify for both compliance with UBC Security Policy and Standards, and good cybersecurity practices. Note that this document is not solution specific and will not be reviewed by SRT.
Security Threat Assessment
A Security Threat Assessment (STA), consist of the analysis and reporting of a solutions security posture. To deliver this service, SRT will collect information about the solution security, privacy, and governance; then will conduct an analysis of the solution (based on the information received) to identify possible threats, gaps and associated security risks. Once the security risks are identified, SRT will provide recommendations for mitigation.
This service is offered in 3 different tiers assessing the solution at different levels:
What is it?
The Level 1 is the lightest version of the STA. It includes collection and analysis of high-level solution information at a specific time, and an assessment of this solution to identify possible threats. The health check only address the most prominent gaps in a solution.
Who should request this service?
Research projects using solution with a light architecture (e.g.: SaaS), and that does not collect, process or store information classified medium risk, or higher.
What is the outcome?
The project will receive an STA report with SRT findings and recommendations.
What is it?
The STA Level 2 will capture everything included in the STA Level 1, plus additional information for in-depth analysis. Research projects should expect technical information and detailed infrastructure to be requested for this level of assessment.
Who should request this service?
Research project with a complex architecture, including on-site hosting, hybrid environments, IaaS, PaaS, internet facing or accessible solutions, and collection of information classified high or very high.
What is the outcome?
The project will receive an STA report including SRT findings and recommendations.
What is it?
STA Level 3 is the highest level of assessment SRT provides. It consists of a thorough analysis of the solution and all associated components to identify any gaps or security risks. To complete this assessment, SRT will require detailed technical, privacy and governance documentation, in addition to multiple consultation meetings with the project team and service provider.
Who should request this service?
Research projects processing/capturing information classified high or very high risk, use a complex infrastructure, and who are mandated to provide an STA by their Ethics board or Privacy department.
What is the outcome?
The project will receive an STA full assessment report including SRT findings and recommendations.
System Security Plan
A System Security Plan (SSP) is a document defining the architecture, and security controls of a research solution/project at high level. The plan created by SRT, in collaboration with the researcher and IT at UBC, is designed to present safeguarding in place for a specific research project (e.g.: In a grant application).
Can’t find what you are looking for?
Send us an email at arc.suport@ubc.ca to talk to one of our subject matter experts.
Reference Information
To learn more about Information Security and Privacy for research, you may also consult:
Electronic Information Security
https://arc.ubc.ca/securityandprivacy/security
Information Privacy
https://arc.ubc.ca/securityandprivacy/privacy
Sharing Data
https://arc.ubc.ca/securityandprivacy/sharing-data
Planning Research with Security and Privacy in mind
https://arc.ubc.ca/securityandprivacy/rdm
OneDrive and Teams for Research
https://arc.ubc.ca/microsoft-onedrive-and-teams-research