Digital Design Network Plus – Research Security Guidance 

Research Security, or Trusted Research, is an initiative developed by the National Protective Security Authority that aims to support the integrity of international research collaborations, which is vital to the continued success of the UK’s research and innovation sector. 

The Digital Design Network Plus (D2N+) is building a community with the vision of making Digital Design Faster, Better and more Efficient. Given the nature of Digital Design, there is the potential that some of the methods we exploit in our tools, or some of the case studies we demonstrate or test them on, may have Trusted Research implications. This guidance is to help ensure D2N+ activities adhere to UKRIⁱ Guidance and UK legislationⁱⁱ.  

Actions taken to ensure compliance with Trusted Research guidance: 

1. Compliance – D2N+ leadership have, and are, working collaboratively across our institutions with those responsible for Trusted Research, to ensure we are compliant with all relevant UK and international legislation and UKRI grant conditions. Considerations include how we deal with sensitive data, how we organise and run events, and how we deal with the growth in Network partners. 

2. Governance – D2N+ leadership team are committed to ensuring that good practice is sought and implemented in managing the network and as such Trusted Research is discussed regularly at management/operational meetings and at Advisory Board meetings.  

3. Due Diligence – D2N+ will undertake proportionate due diligence for all organisations and industrial speakers/keynotes participating in D2N+ events. 

4. Risk Assessment – D2N+ maintains a risk register for tracking all risks, including Trusted Research related risks. The risk register is reviewed and updated on a regular basis. 

5. Communication – This guidance will be sent to all registered D2N+ event attendees and will be published on the D2N+ website.    

What is required from participants in D2N+ activities: 

1. Review the sensitivity of the research you plan to demonstrate – this should consider what technologies are being included in the design process you are demonstrating, as well as the use case/application you are demonstrating it on. To help understand the potential risks you may wish to consult the following guidance:  

• National Security and Investment Actⁱⁱⁱ 

• National Protective Security Authority^iv 

• UK Export Control^v,  

• If sharing controlled information^vi from NI, export controls will apply for transfers to countries outside the UK, including the Isle of Man and Channel Islands. 

• Academic Technology Approvals Scheme^vii.  

• Foreign Interference Registration Scheme^viii  

2. Carefully decide what to share at network meetings – given D2N+ events will be attended by a diverse range of attendees; please ensure not to share any information that your review has deemed to be sensitive from a trusted research perspective. Please remember that the interest of the D2N+ community is how you have used Digital Design to design faster and better with less, relative to the processes of today. It will be possible to demonstrate this without exposing details of the resulting design that may be sensitive. For example: 

• if the data you wish to present is numerically sensitive, you could desensitise it by removing the axis of a graph or scaling the numbers of an image. 

• if your use case is sensitive, you could demonstrate the digital design process you are championing on a non-sensitive test case, and then also provide general non-sensitive details about how it performed on the sensitive test case.  

• if your design processes include methods that may be sensitive, you can describe it generally using information about the method already in the public domain, and without exposing the sensitive implementation details.   

If potentially sensitive information is shared at a D2N+ event, ensure it is highlighted as such so that it can be redacted from publicly available records of the event.  

3. Advice on archival – as part of the D2N+ activities we plan to archive the outcomes of the Challenge Case studies and events. If you are aware the information you are contributing includes sensitive information, please make sure the D2N+ leadership are informed, and that the sensitive information is clearly identified, so we can ensure it is stored appropriately, and is not shared inappropriately.   

4. Declare anything the D2N+ leadership should be aware of – please declare any information the D2N+ leadership should be aware of.  For example, while we will conduct due diligence on partners who are new to the network, if you have links to a UK sanctioned regime, as listed here^ix, you should advise the leadership team as soon as possible. 

5. Respecting meeting venues – D2N+ is very fortunate to have a range of network partners who have offered to host D2N+ events. At some of these venues there may be security restrictions, and there is the potential you will be exposed to sensitive information. Please ensure you comply with the relevant security requests and adhere to relevant restrictions when on site at these locations. If you are unsure, please ask. 

Should you have any queries or concerns in connection with this guidance please contact Lynda Mahon, Grant Manager at l.davison@qub.ac.uk  

Other helpful information  

• UKRI’s guidance on Trusted Research & Innovation can be found on the good research resource hub at https://www.ukri.org/manage-your-award/good-research-resource-hub/trusted-research-and-innovation/  

• UKRI’s terms and conditions for research grants: https://www.ukri.org/publications/terms-and-conditions-for-research-grants/.   

• National Protective Security Authority: Trusted Research | Specialised Guidance | NPSA 

• National Security & Investments Act: National Security and Investment Act 2021 – GOV.UK 

• UK Export Control: UK strategic export controls – GOV.UK 

• Higher Education Export Controls Association: The Higher Education Export Control Association).   

• Queen’s University Belfast: General Privacy Notice