Research Security Reimagined - A Better Way to Address Cybersecurity, Privacy, and Ethics Across Disciplines
- Ash Bassili
- May 7
- 5 min read
As we deliver our Research Data Management (RDM) services to higher education institutions and researchers, we are given a front-row seat to the many challenges of securing research data, facilitating global and inter-disciplinary collaboration, and compliance with regulatory standards.
These experiences have offered us a unique perspective and exposure to the cybersecurity, privacy, and compliance issues surrounding research data and has highlighted a critical gap: the need for a unified, flexible, and discipline-sensitive Research Security Office framework.
Today’s Higher Education research institutions face an increasingly complex landscape shaped by rising cybersecurity threats, stricter data privacy laws, institutional research ethics board expectations, growing concerns about intellectual property protection and foreign interference, in addition to funding body governance. Yet, many institutions still approach these challenges in a fragmented way, treating cybersecurity, research ethics, export controls, and privacy compliance in a fragmented manner.
We believe there is a better way.
The Evolving Research Risk Landscape
The risks facing research projects today are not hypothetical — they are real, urgent, and global:
Regulatory Standards and Privacy frameworks like GDPR, HIPAA, and new national legislation such as NIST 800-171 impose specific controls and obligations on how research data is collected, stored, and shared.
Ethical requirements for the responsible conduct of research have expanded beyond human subject research to include animal research and AI development, genomics, and Indigenous research.
Export controls and foreign interference risks also require that researchers navigate complex regulatory environments when collaborating internationally with respect to restrictions on collaboration partners and data sharing.
Cyber threats from foreign actors targeting research data, intellectual property, and national security-related projects are also accelerating.
Despite this complexity, these concerns are addressed in a siloed manner — cybersecurity is handled by IT, ethics concerns are managed by institutional ethics review boards, and export control considerations addressed by research legal services somewhere in the process, if at all.
A Flexible Research Security Framework Is Required
We have come to understand that higher education research institutions need a new kind of Research Security Office (RSO) - one that can address core, non-negotiable protections but can also adapt flexibly to the specialized needs of different research disciplines.
Our proposed RSO Framework is flexible and built on two simple components:
Every research project, regardless of domain, must comply with fundamental security, privacy, ethical, and export control principles.
Research discipline-specific requirements should be modular, triggered only when necessary to avoid unnecessary burden.
5 Core Components for All Research Projects
Every research project should have to address these five core components:
Cybersecurity — Protecting the confidentiality, integrity, and availability of research data and systems (aligned with SOC2 Type II, NIST SP 800-171, ISO 27001).
Privacy and Data Protection — Ensuring compliance with GDPR, HIPAA, PIPEDA, OCAP®, and other privacy regulations depending on jurisdiction.
Research Ethics Compliance — Upholding ethical standards set out in frameworks like TCPS2 (Canada), the Belmont Report (US), and UNESCO Open Science recommendations.
Export Controls and Sanctions Compliance — Preventing unauthorized transfer of sensitive research or technology under national export laws.
Research Integrity and Responsible Conduct — Promoting transparency, accountability, and trust in research.
These foundational components form the backbone of an adaptable, and trusted research enterprise.

As this blog is being written, there are efforts underway in many jurisdictions that continue to evolve many of these components of the framework. A recent example is the EOSC, European Open Science Cloud FIDELIS initiative to identify Trusted Digital Repositories (TDRs) which has scheduled their first webinar for May 13th of this year. This is not unique and will certainly require researchers in the EU to fully consider the implications of their recommendations. |
---|
RSO Must Be Tailored to Accommodate Different Disciplines - The Need for Modular Flexibility
At the same time, specialized research areas demand additional attention:
Healthcare research must align with HIPAA, PHIPA, 21 CFR Part 11, and Good Clinical Practice guidelines.
Engineering and technology research often trigger export control regimes such as ITAR and EAR.
Artificial Intelligence research raises questions of algorithmic fairness, bias, and transparency under frameworks like the OECD AI Principles.
Indigenous research requires adherence to data sovereignty frameworks like OCAP® and the CARE Principles.
Rather than forcing all researchers into a one-size-fits-all model, our proposed framework applies these discipline-specific modules or capabilities only when needed, ensuring both compliance and efficiency.
Building the Modern Research Security Office
One of the biggest challenges we have faced as a commercial RDM platform in our engagements with higher education researchers and research institutions is the degree of fragmentation of accountability for research data security, and compliance. It is this experience and from this vantage point that we propose that a contemporary and efficient Research Security Office built on this flexible framework would combine:
A Research Security Officer leading the overall program.
A Privacy Officer managing data protection and privacy impact assessments.
A Research Ethics Advisor supporting compliance with ethics boards.
An Export Controls Specialist conducting due diligence on partnerships and technology.
A Cybersecurity Liaison working closely with institutional IT security teams.
Discipline-Specific Pools of subject matter experts available for specialized projects.
This proposed structure allows institutions to stay agile, scaling expertise up or down based on research portfolio, project complexity and risk profiles of the institution and specific research teams, research methodologies, and data management plans.

Why This Approach Matters
In our experience, both in research settings and from our broader consulting experience, success hinges on building systems that are proactive, integrated, user-centered, repeatable, and administratively light weight.
A flexible Research Security Office framework:
Reduces risk — preventing data breaches, compliance violations, and reputational damage.
Simplifies compliance — offering clear, navigable paths for researchers consistent with institutional protocols without bureaucratic overload.
Strengthens trust — reassuring private sector and government funders, partners, and the public that research is conducted ethically and securely.
Future-proofs research — enabling institutions to adapt as threats evolve and new regulatory frameworks and requirements emerge.
Ultimately, protecting the integrity and security of research is not just a compliance exercise — it is an investment in the credibility, innovation, and global leadership of the research institution itself.
The recent introduction of the NIST 800-171 standard in the US that went into effect on January 25th of this year is a good example of the need for the RSO to dynamically adapt to various jurisdictional regulatory requirements in the context of the anticipated collaboration for each research project. |
A Call to Action
We see the Flexible Research Security Office framework as a necessary next step for modern research management.
The future of research security demands flexibility, and the ability to adapt to new technologies and standards…not fragmentation.
We invite our colleagues across higher education, research funding agencies, and innovation ecosystems to collaborate on building Research Security Offices that are resilient, and agile — for every discipline, every project, and every researcher.
Interested in learning more or collaborating?
Contact us to explore how we can help you design or strengthen your Research Security Office and Research Data Management (RDM) protocols.
Downloadable Template -
myLaminin RSO Checklist: Building Your Flexible Research Security Office
Download our checklist, created by myLaminin, which summarizes the core components and discipline-specific considerations needed to establish a resilient, flexible Research Security Office that supports security, compliance, and ethical research across disciplines.
__________________________________

Ash Bassili (article author) is the CEO of myLaminin, a secure research data management platform for academia using blockchain and web3 technologies, who brings a rich 30-year global experience base in emerging technology delivery. Ash has a BSc Hons Life Sciences from Queen’s University, a MSc in Information Technology from Johns Hopkins University, and a Certificate in Blockchain Technologies from MIT Sloan School of Management.
Comments