A common requirement for large, complex or unique research initiatives taking place in and across health authorities and involving the handling of sensitive information is the completion of a privacy impact assessment (PIA) and/or security threat & risk assessment (STRA). Often, by the time consultation for the STRA process is initiated, the research project will have received ethics approval and developed or identified the platform or service it is intending to deploy. The research group may be eager to proceed, and modifications to the platform based on security assessment findings can be difficult to fully implement at that stage. To help move researchers through the security assessment process, the Sensitive Research Team at UBC Advanced Research Computing has begun to offer STRAs as a complementary service for UBC researchers requiring security assessments.

This presentation will introduce the Security Assessment service offered by ARC, examine how research projects are referred for assessment, speak to how we see the process evolving in the future, and will review key areas of inquiry in the consultation and discovery/intake process serving also as a primer on some key security gaps commonly encountered in the research STRA process.

Speaker