A basic R-CSTRA provides a high-level review of a research project and the information systems and solutions that interact with research data (e.g., collection, generation, processing, storage) to identify potential threats and risks. This assessment is designed for low-risk projects that involve level 1, level 2 or lower-risk level 3 data, with minimal regulatory or security requirements.

An advanced R-CSTRA involves a comprehensive review of a research project and all associated information systems and solutions that interact with research data. This assessment evaluates potential threats and risks and includes an in-depth analysis of information systems and solutions against the University’s Information Security Control Standard. It is intended for medium- and high-risk projects that involve higher-risk level 3 and level 4 data or require a robust data governance structure and adherence to significant regulatory requirements.

Connect with the Research Information Security Program team via Enterprise Service Centre to safeguard research knowledge, intellectual property and data.