This message is from Brian Collier, director of science and security in the Office of the Vice Chancellor for Research.
In July 2024, the federal government, via the Office of Science and Technology Policy, released their guidelines for research security programs at covered institutions (which UNC-Chapel Hill qualifies as) and directed federal agencies to submit their implementation plans for final approval. One requirement of the NSPM-33 guidelines is to have a research security training program that covers, at a minimum, the four main areas of cybersecurity, research security, export control, and foreign travel security. We have now begun seeing agencies roll out their requirements for such a program and we must comply with them.
In anticipation of this, my office, in conjunction with the Office of Sponsored Programs and other key units across campus, began developing an in-house training program. We recognize that faculty and staff already take a lot of required training, so we started this process with three goals in mind:
- Develop a compliant training program
- Launch the training program before the first agency deadline, using a phased-in approach
- Reduce administrative burden as much as possible by keeping the training streamlined while capturing the most critical elements needed
We have now completed all the technical requirements and enhancements necessary to launch and track the program and have drafted the course content. Our plan at this point is to release it in two phases.
- Phase 1 – Pilot: The Department of Energy (DOE) plans to implement their research security training requirement on May 1, 2025. All individuals tied to proposals that are submitted to DOE funding announcements after this date will be required to complete research security training within 12 months of the application’s submission and any individual added to an award after May 1st will need to complete the training within 30 days. We are asking all individuals tied to active DOE awards to also take this training by May 31st because we anticipate amendments being issued to those awards that insert this requirement and because feedback received will allow us to adjust the program before full implementation.
- Phase 2 – Full Release: Will require all employees working on federally-funded projects to complete the training by December 31, 2025. We anticipate releasing it between mid-June and December 1st, after we evaluate any comments received by the pilot group and work out any system bugs that might occur. This will help us ensure we are prepared for any additional agency requirements in this area.
It will be important for Principal Investigators, Investigators, and other Senior/Key personnel to take the training quickly as there are hard stops built into the system that will prevent proposals and awards from moving forward. Non-senior/key staff will just need to meet the December 31st deadline.
I recognize that this Research Security training course is an additional commitment for you to manage. This training is a federal requirement; however, our research security efforts form a part of good research stewardship, which is the foundation of our partnership with federal funding agencies. We will collect feedback on the training in order to improve the content over time, and you are welcome to e-mail me with any questions.
Thank you for your commitment to research.
Note: Since the publication of this memo, Phase 2 implementation was advanced to October, 2025 to reflect sponsor guidance.