Regulatory/Compliance Requirements

UCSF faculty members are required to conduct research and manage the financial aspects of research in compliance with University policy, federal and state laws, and sponsor requirements. Principal Investigators must ensure that they, their fellow investigators, students and staff meet compliance requirements, including any necessary training.

Common Compliance Areas

Animal Subjects

The Institutional Animal Care and Use Committee (IACUC) oversees all UCSF research and instruction that involves vertebrate animals. The IACUC ensures that the highest ethical and animal welfare standards are met.

Awards requiring these types of approvals may be processed before the IACUC has issued an approval number. However, in such cases, research is restricted to activities not involving animal subjects. Research activities involving animal subjects may only proceed after IACUC has given a final approval and number. In order for the approval to be valid the Sponsor (or funding source), and personnel must be listed on the applications. Learn about creating, editing and submitting IACUC protocols.

Biospecimens

The Biospecimen Services Program and the Department of Pathology provides all research biospecimen collection from non-exempt clinical tissue requiring gross evaluation. By March 24, 2022 all existing and future pathologist collaborations must be communicated to the Biospecimen Services Program through the Pathologist Collaborator Form. (Office of Research/Department of Pathology Research Acquisition Policy)

Learn More

Conflict of Commitment (COC) and Conflict of Interest (COI)

Conflict of Commitment (COC)

University of California faculty must report time and earnings from certain outside professional activities involving foreign entities (e.g., consulting for a foreign entity that is outside the scope of their professional responsibilities) on an annual basis, and certain categories of outside activities require prior approval. UCSF faculty enter their outside activities and income in the Outside Activities Tracking System (OATS).

Faculty should consult with their Department Chair.

Conflict of Interest (COI)

Researchers may have financial interests in research sponsors and/or entities with business interests closely related to their research. These interests must be disclosed. Before an award can be setup and transmitted to CGA, it must be released by the Conflict of Interest Division (COI).

OSR requests this release either at the Just-in-Time stage, or during Award Set-Up. This release can only occur after the PI makes the proper disclosures and COI approves them. If required, the type of grant or contract will determine the kind of disclosure necessary.

Cost Sharing

Coverage Analysis

Data and IT Security

Federal regulations and UC Policies require researchers to protect the privacy of subjects and to maintain the confidentiality of sensitive data. A contract or grant may mandate specific security compliance requirements for our information systems to ensure data security when collecting research data. Requirements for each compliance regulation vary.

UC IS-3 Electronic Information Security Policy requires security risk assessments to be completed for all information systems that create, store, process, or transmit UCSF data when they are initially introduced into the UCSF infrastructure. A IT Security Risk Assessment must be completed if the researcher is purchasing or developing a new software product or a cloud service that creates, stores, processes, or transmits UCSF data.

UCSF Buying Software and Cloud Computing guidance requires purchases of all cloud computing services and certain software to be completed through UCSF BearBuy to engage Supply Chain Management. This is necessary to ensure that agreement terms are compliant with regulations, UC policies, etc. 

The Research Cybersecurity team can confirm our ability to meet specific security compliance requirements in contracts or grants. If there is a list of security requirements, specific security regulations / frameworks, or an IT signature required, contact [email protected] for review.

If an RFP requires NIST 800-53 / NIST 800-171 / FISMA / HIPAA / ISO 270XX / FERPA / GDPR / FedRamp / CMMC, please guide the PI to email [email protected] to ensure the study budgets appropriately and selects systems that can meet security requirements.

Facts addressing of these concerns:

UCSF Box implementation of Secure Box does not currently meet the requirements to comply with:
- Federal Risk and Authorization Management Program (FedRAMP) a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring of cloud products and services, and
- The National Institute of Standards publication 800-53 (NIST 800-53) recommended security controls for Federal information systems, except those designed for national security.
  
  The local network share drive would have to support the project instead, or an alternate cloud computing resource assessed for compliance.
UCSF IT uses Federal Information Processing Standard Publication 140-2 (FIPS PUB 140-2) compliant encryption on desktops/laptops. FIPS PUB 140-2 is a U.S. government computer security standard used to approve cryptographic modules.
Media disposal is in accordance with National Institute of Standards Special Publication 800-88 (NIST SP 800-88) – Guidelines for Media Sanitization.
Research Analysis Environment (RAE), formerly MyResearch, provides compute, storage, and tools in a secure, NIST 800-171 compliant platform across three product tiers (monthly fee applies to Premium and Cloud). If NIST 800-171 is required, please inform the PI to initiate a ServiceNow ticket to request a consultation with the RAE team early while reviewing RFPs and prior to preparing a proposal or discussing/putting together a data sharing plan.
- Go to MyAccess and select ServiceNow or go to Help.ucsf.edu
- Select Accounts, Access & Email
- Select RAE - Research Analysis Environment Request (formerly MyResearch)
- Document IT Security requirements under Comments
UCSF Data Storage for Research lists common approved storage options for UCSF research data that can meet security requirements for most general security requirements in research contracts and grants

Please direct additional research data security inquiries to [email protected].

NIH Data Management and Sharing

NIH requires researchers proposing research that results in the generation of scientific data, to prospectively plan for how scientific data will be preserved and shared through submission of a Data Management and Sharing Plan (Plan). Upon NIH approval of a Plan, NIH expects researchers and institutions to implement data management and sharing practices as described in the Plan and the Plan will become a term and condition of the award. (NOT-OD-21-013).

In an effort to reduce the burden of duplicative reporting expectations, NIH is establishing a single Plan submission requirement for research subject to both the NIH Genomic Data Sharing Policy (GDS Policy) and the NIH Policy for Data Management and Sharing (DMS Policy).

The NIH Genomic Data Sharing Policy ensures the broad and responsible sharing of genomic research data and applies to all NIH-funded research that generates or uses large-scale human or non-human genomic data as well as these data for subsequent research. Large-scale data include genome-wide association studies (GWAS), single nucleotide polymorphisms (SNP) arrays, and genome sequence, transcriptomic, metagenomic, epigenomic, and gene expression data.

The UCSF Library webpage for the 2023 NIH Data Management and Sharing Policy has more details and resources for investigators, including UCSF Budget Guidance - how to plan for data management costs.

The UC Research Data Policy and UCSF Guidance on Implementation of the policy is available on the UCSF Data Resources webpage. The guidance points out responsibilities of researchers in the management and sharing of research data, particularly when UCSF researchers leave UCSF. The guidance also establishes an infrastructure to manage questions regarding research data ownership and/or resolve disputes over data ownership while ensuring continuity of research.

Harassment and Discrimination Protections

In accordance with Title IX of the Education Amendments of 1972, Federally-supported research and training must occur in a civil, safe, and respectful environment, free from discrimination and unlawful harassment, sexual or otherwise. Harassment of any kind including sexual harassment is not tolerated at institutions that receive Federal funding or anywhere that Federally-funded activities are conducted.

UCSF has principles and policies that align with the Federal requirements.

Additional NIH Requirements
Additional NSF Requirements

Additional NIH Requirements

NIH Training Grant Applications require an additional institutional Letter of Support (flatten before uploading) ensuring that the University has proper policies, procedures, oversight, and practices in place to prevent discriminatory harassment and other discriminatory practices, and ensuring that the institution has adopted procedures to request prior approval of a change in the status of the PD/PI or other senior/key personnel if administrative or disciplinary action is taken that impacts their ability to continue in their role on the NIH award as described in the application. (NOT-OD-19-029, UCOP)
NIH recipients must comply with Federal civil rights laws that prohibit discrimination on the basis of race, color, national origin, age, sex (which includes discrimination on the basis of gender identity, sexual orientation, and pregnancy), and disability. Ensuring that meaningful steps are taken to provide access to persons with limited English proficiency and ensuring effective communication with persons with disabilities. (NOT-OD-23-047)
NIH-supported conferences and scientific meetings are expected to take steps to maintain a safe and respectful environment for all attendees by providing an environment free from discrimination and harassment. Just-In-Time materials for conference awards will include requirement of a “safety plan” that will be communicated to all conference/meeting attendees. (NOT-OD-22-074, Safety Plan and letter to conference participants templates)
NIH requires notification when the Program Director/Principal Investigator (PD/PI) or Senior Key Personnel named on the NIH Notice of Award (NoA) is removed or otherwise disciplined due to concerns about harassment, bullying, retaliation, or hostile working conditions. (NOT-OD-22-129)
UCSF Reporting Procedures: Immediately upon knowledge of removal or disciplinary action involving the PD/PI or Senior Key Personnel named on the NIH NoA, email the UCSF Point of Contact (POC) for NIH reporting. The UCSF POC will complete and submit the report and coordinate any resulting administrative requirements.
NIH expects prior approval requests for change in status and change of recipient organization include mention as to whether the change is related to concerns about safety and/or work environments (e.g. due to concerns about harassment, bullying, retaliation, or hostile working conditions). (NOT-OD-20-124)
UCSF Reporting Procedures: Immediately upon knowledge of removal or disciplinary action involving the PD/PI or Senior Key Personnel named on the NIH NoA, email the UCSF Point of Contact (POC) for NIH reporting. The UCSF POC will complete and submit the report and coordinate any resulting administrative requirements.

Additional NSF Requirments

Guidance for Off-campus and Off-site Research Requirements for NSF Applications

The National Science Foundation (NSF) Proposal & Award Policies & Procedures Guide (PAPPG) 23-1 Chapter II.E.9 Safe and Inclusive Working Environments for Off-Campus or Off-Site Research, effective for proposals due on or after January 30, 2023.

To foster safe and harassment-free environments wherever science is conducted, each proposal that proposes to conduct research off-campus or off-site (e.g., data/information/sample collection off-campus or off-site, such as, fieldwork and research activities on vessels and aircrafts), the AOR is required to certify that the organization has a plan in place for that proposal:

The Project PI should download the NSF Off-Campus-Site plan template and adjust accordingly for the needs of the project.
The plan should describe how the following types of behavior will be addressed:
- Abuse of any person, including but not limited to harassment, stalking, bullying, or hazing of any kind, whether verbal, physical, electronic, or in writing
- Conduct that is unwelcome, offensive, indecent, obscene, or disorderly
The plan identifies steps that will be taken to nurture an inclusive off-campus or off-site working environment training, processes to establish shared team definitions of roles, responsibilities, and culture (UCSF Principles and Policies); and field support, such as mentor/mentee support mechanisms, regular check-ins, and/or developmental events.
The plan includes communication pathways (within the team and to the organization) that minimize singular points in the pathway (e.g., use of a single person overseeing access to a single satellite phone) and takes into account circumstances, such as involvement of multiple organizations or the presence of third parties in the working environment.
The plan accounts for the process or method for making incident reports as well as how any reports received will be resolved.
The plan will be disseminated by the Project PI to individuals participating in the off-campus or off-site research prior to departure.
The plan will not be submitted to NSF. Instead, OSR staff will upload the final plan to the Additional Documents section of eProposal (Find your OSR Support) prior to routing the proposal for approvals and submission to the sponsor. AOR sign-off will be achieve during routing after confirming the plan is uploaded in eProposal. Off-Campus or Off-Site Research Plans can be retrieved from the application record in eProposal if requested by NSF.

Human Fetal Tissue (HFT) Research (NIH Requirement)

On July 26, 2019, NIH modified the policy on Human Fetal Tissue Research (NIH GPS 4.1.14) to include the HHS requirements and review considerations for NIH research applications (e.g. grants, cooperative agreements, and R&D contracts) that involve the proposed use of human fetal tissue obtained from elective abortions (HFT). See Human Fetal Tissue Research, Human Fetal Tissue from Elective Abortions (NIH GPS 4.1.14.2).

These requirements apply to competing grant applications submitted for due dates on or after September 25, 2019 and in response to R&D contract solicitations published on or after September 25, 2019 and grant and cooperative agreement awards with HFT or that add HFT made on or after September 25, 2019.

Refer to the General Application Guide for specific instructions when preparing competing applications proposing research involving HFT. In the SF424 (R&R) Version F, HFT are called-out in the Cover Letter (Section G.200), Cover Page Supplement Form (G.210), Detailed Budget and Justification (Section G.300), and Research Plan (Section G.400). Page limits will not be increased to accommodate these requirements. The Modular Budget Form cannot be used (Section G.320). For R&D contract proposals, please refer to the specific solicitation for proposal instructions.

Learn more

Human Subjects

The UCSF Human Research Protection Program (HRPP) is responsible for ensuring the ethical and equitable treatment of human research subjects, as well as ensuring compliance with Federal Regulations, State Statues and Guidance.

The Institutional Review Board (IRB) - formerly known as the Committee on Human Research (CHR) - reviews and makes decisions on all research involving human subjects performed by UCSF faculty, staff and students, regardless of funding source or the location of the research.

Awards requiring these types of approvals may be processed before the IRB has issued an approval number. However, in such cases, research is restricted to activities not involving human subjects. Research activities involving human subjects may only proceed after IRB has given a final approval and number. In order for the approval to be valid the Sponsor (or funding source), and Key Personnel must be listed on the IRB applications.

Instructions to add a funding source or Key Personnel.

The revised Common Rule (2018 Requirements) requires at 45 CFR 46.114(b) that all institutions located in the United States that are engaged in cooperative research that involves more than one institution, conducted or supported by a Federal department or agency, rely upon approval by a single IRB for the portion of the research that is conducted in the United States.

The NIH Policy on Use of a Single Institutional Review Board (sIRB) of Record for Multi-Site Research establishes the expectation that all sites participating in NIH-funded, multi-site studies, involving non-exempt human subjects research, will use a sIRB to conduct the ethical review required by the Department of Health and Human Services (HHS) regulations for the Protection of Human Subjects at 45 CFR Part 46.

Human Research Administration

Protecting Your Grant: Affirmative Action and Non-Discrimination: Hiring for grants at UCSF must follow laws regarding Affirmative Action and Equal Opportunity Employment.
Personnel Policies for Staff Members
A&PS and Staff Title and Pay Plans

International Collaborations

Federal and UC guidelines require reporting and monitoring of international collaborations. The following resources are available regarding International Collaborations.

Ethics & Compliance website: Foreign Collaborations, Funding & Transaction

Learn more about improper foreign government influence, international travel, internal hires & visitors, international collaborations and more.

Adding Foreign Component to sponsored project
When and what to include in Other Support and Biosketches
UC Global programs supports projects with international components
Issue Subaward/Subcontract

OSR will confirm appropriate compliance requirements are disclosed in our proposal system (eProposal). If an application involves collaboration with a foreign organization or includes a foreign component, OSR staff will work with the PI of the application to ensure the following compliance questions are addressed:

Does the proposal include subawards?
Are any subrecipients foreign entities or do any include foreign components? If yes, identify countries.
Are UCSF personnel, consultants, or independent contractors performing work in a foreign country? If yes, identify countries where activity/activities will occur.
Does proposal include unfunded collaboration with person/entity in a foreign country? If yes, identify country where collaboration will take place.
Will proposed work require any type of a partner affiliation agreement?
Has the PI received resources (financial/non-financial) that are (related/not related to the project) from any foreign parties?

Additional review/actions may be required from other UCSF units (i.e. Export Control Office (ECO) or International Research Support Office (IRSO)) depending on compliance needs. All University personnel must identify when their activities may trigger export controls. If you think an activity may be subject to export control regulations, please escalate the question to Export Control Officer, at [email protected].

The PI’s must respond to ECO Compliance Assessment and any requests from other compliance offices at time of proposal or follow up at time of award, if advised to do so. If there are questions regarding operating in a foreign country, including but not limited to hiring and foreign government requirements, please contact Joe Novotny and Gladys Villacorta in IRSO.

View Roles and Responsibilties

Key Contacts

Export Control Officer - [email protected]
International Research Support Operations – Joe Novotny and Gladys Villacorta
International Visitors – International Students and Scholars Office

Safety Committees

Safety Committees are campus committees that are mandated by regulatory and policy requirements.

UCSF, UCOP and The Regents' Policies/Regulations

UCSF
- Campus Administrative Policies - See Academic Administration (100), Financial Administration (300) and Contracts and Grants (400)
- Campus Code of Conduct
- Affirmative Action and Non-Discrimination
- Social Media Guidelines
- Export Control - In addition to actual shipment of a commodity out of the United States, export regulations also control the transfer, release or disclosure of technical data about controlled commodities to foreign persons in the United States.
- Integrity of Research - Along with the Integrity of Research campus policy (100-29), Academic Affairs offers further procedures on Integrity of Research.
UCOP and The Regents'

Federal and County Policies/Regulations

Federal Policies and Regulations
- Uniform Guidance
- OMB Circular A-21: Cost Principles
- OMB Circular A-110: Administrative Principles
- OMB Circular A-133: Audit Principles
- Code of Federal Regulations
- NIH - Grants and Funding
  1. Responsible Conduct of Research - NIH provides guidance and training resources in the Responsible Conduct of Research (RCR). RCR training is mandatory for the recipients of some NIH awards.
- Federal Register
San Francisco and Bay Area Counties

Provide Website Feedback

Office of Sponsored Research

Search form

You are here

Regulatory/Compliance Requirements

Common Compliance Areas

Safety Committees