SDSU Research Foundation Logo

SDSURF › Project Administration Guide › Project Administration › Other Compliance Issues

Other Compliance Issues

1. Cost Sharing Policy and Procedures
2. Program Income Policy
3. Credit Card Processing and Security Policy - Merchant Services Policies and Procedures
4. Effort Reporting Procedures
5. Export Controls
6. Security of Financial Data
7. Password Policy for Standard User Accounts
8. Data Classification and Handling Policies
a. Information Classification Standard
9. Intellectual Property
10. Research Integrity/Regulatory Compliance

1. Cost-sharing Policy and Procedures

Purpose: The purpose of these guidelines is to provide direction in accumulating and reporting cost sharing on all grants and contracts.

If cost-sharing is offered in a proposal, either voluntarily or to comply with mandatory requirements and an award is received, the PI is responsible for working with the SR administrator to ensure all cost-sharing commitments are met and adequately documented.

The complete policy and procedures for cost sharing may be reached through the following link: Cost Sharing Policy and Procedures. (PDF Format 99KB)*

Definition: When federal statute or agency regulations require that the university share in the cost of sponsored research projects, the university contribution is referred to as “cost-sharing.”  In general, cost-sharing and matching represents that portion of project or program costs not borne by the sponsor (generally the federal government).  Cost-sharing can be voluntary or mandatory by statute or law, and can take the form of either cash contributions or in-kind contributions.

Cash contributions: Cash contributions represent the recipient's cash outlay, including the money contributed to the recipient by non-federal third parties.

In-kind contributions: In-kind contributions represent the value of all non cash contributions, including services and property, provided by the recipient and/or non-federal third parties.

Policy: It is the policy of the foundation and the university to only offer cost-sharing in a proposal when it is a requirement of the request for proposal or the program announcement.  The sponsoring agency's program guidelines typically indicate whether or not cost-sharing is mandatory for a specific proposal submission.  This is so that limited university resources, both monetary and time commitment, can be used most effectively.  The SR development office ensures that the proposal budget reflects the proper level of cost-sharing required.  Budgeted cost-sharing must be documented in the post-award phase of a project by the PI.  The SR administrator works with the PI to ensure all cost-sharing is adequately documented and source documents are provided.  The SR administrator summarizes the actual cost-sharing received on an Excel worksheet, and maintains the worksheet and the source documentation in the award file.

Acceptable Cost-sharing Items:  Cost-sharing or matching may consist of the following cost elements used to further project objectives:

  1. Salaries of SDSU faculty or staff who are paid by the university, and who devote a percentage of their compensated time to a sponsored project, without receiving reimbursement from the sponsor.
  2. Fringe benefit costs associated with contributed effort as described in item a.
  3. Facilities and Administrative (F&A) costs foregone, where the Foundation requests less than the federally approved negotiated rate, and where the sponsor does not prohibit the use of F&A foregone as cost-sharing.
  4. Rent foregone by the Foundation when a sponsor project occupies Foundation owned or rented space, and when there is less than full recovery of F&A costs.
  5. Other direct costs, such as supplies, equipment, or travel that are paid for from non-federal funding sources.
  6. Project costs financed by cash contributions by the recipient, or by cash donated to the recipient by third parties.
  7. Project costs represented by services and property donated by third parties (non-federal public agencies and institutions, private organizations, and individuals).

Requirements: All matching contributions, both cash and in-kind, must adhere to the following criteria as required by 2CFR Part 215:

  1. Are verifiable from the recipient's records.
  2. Are not included as contributions for any other federally assisted project or programs.
  3. Are necessary and reasonable for proper and efficient completion of the project or program objectives.
  4. Are allowable under the applicable cost principles (2 CFR Part 220 (OMB A-21), or other sponsor regulations if the sponsor is non federal).
  5. Are not paid by the federal government under another award, except where authorized by federal statute to be used for cost sharing or matching.
  6. Are provided for in the approved budget when required by the sponsoring agency.
  7. Conform to other provisions of 2CFR Part 215-23.

2. Program Income Policy

Program income is defined as gross income earned by a grantee or its subcontractors that is directly generated by a grant-supported activity or earned as a result of the grant.  Program income includes, but is not limited to, income from fees for services performed, the use or rental of real or personal property acquired under the grant, the sale of commodities or items fabricated under the grant, license fees for and royalties on and copyrights, and interest on loans made with grant funds.  Program income does not include interest earned on advances of federal funds or the receipt of principal on loans, rebates, credits, discounts, etc., or interest earned on any of them.

SDSU Research Foundation must comply with the federal reporting requirement to account for all program income related to projects financed with federal funds.  This requirement is set forth in 2CFR Part 215-24 and is summarized as follows:

All program income earned* during the project period shall be retained by the grantee and, in accordance with federal awarding agency regulations or the terms and conditions of the award, shall be used in one or more of the ways listed in the following:

  1. Additional Funds: Added to funds committed to the project by the federal awarding agency and grantee and used to further appropriate project or program objectives.
  2. Cost Sharing or Matching: Used to finance the non-federal share of the project or program. (Income is added to the amount allowable for project costs.)
  3. Deduction of Funds: Deducted from the total project or program allowable cost in determining the net allowable costs on which the federal share of costs is based. (Income is deducted from the amount reimbursed to the grantee from the sponsor.)

* The grantee is excluded from reporting program income earned from license fees and royalties for copyrighted material, patents, patent applications, trademarks, and inventions produced under an award unless the federal awarding agency regulations or the terms and conditions of the award specify otherwise. (Patent and Trademark Amendments (35 U.S.C. 18) apply to inventions made under an experimental, developmental, or research award.)

If a federal agency authorizes the disposition of program income as Additional Funds or as Cost-sharing/Matching, any amount of program income in excess of the limits set by the agency shall be deducted from the total amount reimbursed to the grantee from the sponsor.

If the federal awarding agency does not specify how program income is to be used in its regulations or on the notice of grant award, the grantee shall apply the Deduction of Funds (c. above) method to all projects or programs except research.  For awards that support research, program income shall be used as Additional Funds (a. above) unless the awarding agency specifies otherwise or the grantee is subject to special award conditions.

Unless federal awarding agency regulations or the terms and conditions of the award provide otherwise, the grantee is not obligated to report program income earned after the end of the project period to the federal government.

If authorized by federal awarding agency regulations or the terms and conditions of the award, any costs incidental to the generation of program income may be deducted from the gross income to determine the amount of program income, provided these costs have not been charged to the award.

Income from the sale of property shall be handled in accordance with the requirements of the Property Standards in 2CFR Part 215.30 through 215.37.

PROGRAM INCOME PROCEDURE:

Project directors must identify all program income, regardless of sponsor (federal or non-federal) to SR Administration to enable the funds to be set up in the Foundation’s accounting system and used appropriately to further the project goals and objectives.

  • Upon being notified of program income associated with a Foundation project, the SR administrator reviews the definition of program income and determines if the Foundation is obligated to report the type of income identified.
  • The SR administrator reviews the notice of grant award and/or the sponsor regulations to determine the sponsor requirements for using program income.
  • The SR administrator establishes a 9-ledger fund in Banner to deposit and monitors all program income received for the project.
  • As funds are received, the SR Administrator will deposit the checks/cash into the 9-ledger fund established to receive the income.
  • The SR administrator will approve expenditures against the program income fund based on the criteria used to approve similar costs on Foundation accounts. (See Expenditure Processing)
  • Facilities and Administrative Costs (F&A) and Fringe Benefit rates will be applied to program income 9-ledger funds at the same rate as the sponsored project associated with the fund or at a minimum of 6%, whichever is greater.
  • Project directors should ensure all funds received for program income are forwarded to the appropriate SR administrator for deposit into a program income fund.  Project directors should also monitor the monthly budget reports produced for program income funds in a manner consistent with that used to monitor her/his other project funds.
  • SR administrators will monitor and reconcile program income funds in a manner consistent with the method used to administer grant funds.
  • SR administrators, in conjunction with finance & accounting, will ensure that program income costs are included on sponsor required financial reports and are accurately reported to the federal government.

3. Credit Card Processing and Security Policy - Merchant Services Policies and Procedures

Some SDSURF projects accept donations or payments for goods or services such as application and registration fees and have been set-up with credit card merchant accounts.  Projects accept payments through point of sale (POS) terminals or have agreements with third-party processors to provide payment gateway services that allow customers to make purchases on-line via the internet.

The ability to accept credit card payments comes with risk and the responsibility to protect sensitive cardholder data.

SDSURF projects that participate in card processing activities (merchants) are required to follow strict procedures to protect customers’ credit card data.  The credit card companies (including Visa, MasterCard, Discoverer, and American Express) have developed standards that all credit card merchants must follow called Payment Card Industry Data Security Standards (PCI DSS).  In addition, all projects utilizing merchant accounts must also adhere to the ICSUAM Credit Card Payment Policy, San Diego State University Information Security Plan and SDSURF’s Merchant Services Policies and Procedures at Credit Card Processing Security Policy-Jan2010.pdf). (PDF Format 49KB)*

Failure of merchants to comply with these standards and guidelines and otherwise adequately protect sensitive cardholder information will result in the suspension of merchant privileges.  In addition, fines may be imposed by the affected credit card company, ranging from $5,000-$50,000 per violation, per month out of compliance, per credit card company.

For complete detail on program requirements and procedures go to Credit Card Processing Security Policy-Jan2010.pdf. (PDF Format 49KB)*

4. Effort Reporting

Educational institutions conducting research, instruction, and/or other sponsored work under grants, contracts, and other agreements with the federal government are required to comply with the costing principles described in OMB Circular 2 CFR PART 220. Section J.10 of Circular 2 CFR PART 220 describes the principles, criteria, and examples of how employee compensation for personal services rendered under sponsored agreements should be charged and subsequently documented.

The salary and wage costs of employees with a university (SDSU) appointment are compensated to the employee by SDSU, SDSU Research Foundation or a combination of both organizations. The effort reporting system described herein was established to meet the requirements of Section J.10 referenced above. This system was reviewed and approved by the Department of Health & Human Services in September, 1981 and again in 2001.

The effort report contains comprehensive time and effort information, including percent of SDSU assignment allocated to instructional activities, reimbursed time, direct pay, and cost-sharing or release time for faculty and staff who work on federally and non-federally sponsored programs. To maintain consistency, effort reports are prepared, distributed, and certified for all employees with a SDSU appointment who work on sponsored agreements. The Foundation attempts to complete this process within 90 days of the end date of the effort reporting period. Effort reports are typically created 60 days after the end date of the term period. The reports are distributed to the employee for review and signature and the Foundation requests that the signed report be returned within approximately two weeks. Follow-up letters are sent and if necessary, phone calls and office visits are made to ensure the effort reports are completed and returned in a timely manner.

The sponsored research services division is responsible for the preparation, dissemination, and collection of all effort reports. The effort reporting analyst gathers information during the academic year on all SDSU faculty and instructional staff. The information is gathered from workload forms, downloads from the Foundation's financial system, and cost-sharing information provided by SRA administrators.

The recipient of an effort report is required to certify that the distribution of effort recorded in the payroll systems and reported on the effort report is a reasonable estimate of the actual work performed during the period covered by the report.  If not, the individual must indicate the correct distribution of effort so that the payroll allocations can be corrected.

See Cost-sharing Policy (PDF Format 99KB)* for more information about effort reporting.

5. Export Controls

Current export law controls certain hardware, data materials, chemicals information, and other items pertaining to a wide range of designated “Defense Articles” and “dual use” items in a way that may have a substantial impact on research at U.S. universities.  Every award is subject to the export control regulations whether or not there is an explicit clause within the award document.  Also, individuals carry responsibilities with regard to the export of certain materials on the critical technology list.  Although most activities SDSURF is involved in meet the exclusion test as fundamental research, some do not.   Questions regarding the applicability of export controls on a specific program should be directed to SRCC.

6. Security of Financial Data

SDSU Research Foundation has established certain application controls to ensure the accuracy and completeness of all computer input, processing and output.  The application controls established include the following:

  • Access to computer facilities, terminals, programs and data is restricted.
  • Each user is granted an individual user ID and password, and is assigned a user profile appropriate for her/his job.  Security profiles control access by specifying which Banner forms the user is authorized to access, whether access permission is query only or maintenance (input).  In addition, fund/org security is used to specify the accounting elements the user is authorized to access and employee class security is used to specify the types of employees the user is authorized to access.
  • Source documents are required and maintained for input transactions (journal vouchers, cash receipts, etc.)  Appropriate review and approval signatures are required.
  • Daily controls/reviews are in place to balance the overall system.

7. Password Policy for Standard User Accounts

Standard user accounts (a unique login id, password and job specific system permissions) are assigned directly to users with a need to access various SDSU Research Foundation systems.  Passwords are assigned to individual users for exclusive use only and should not be shared with, or delegated to, others.  Only the assigned user must know the password to their assigned account.  Managers should ensure that users are not requested or coerced to reveal their personal passwords.

User ids and passwords are used to authenticate individuals accessing systems.  When they are used, they serve the same function as if the individual signed a physical piece of paper and presented an id for authentication.  Just as you would not allow another individual to use your driver license or identification card and signature, do not allow them to use your user id and password.

Accessing Other User's Account or Information

There are often legitimate operational needs to delegate authority (back-up coverage, extended absence coverage, shared workloads, etc.) to individual accounts and files.   Users should work with their supervisor and the appropriate system administrator to coordinate system permission updates that meet SDSURF’s business needs while also protecting the privacy of user password(s).

  • Utilize an application’s (Outlook, etc.) built in functionality to assign delegate permissions.  This will allow designated individuals to access your files, but using their own unique user id and password.
  • Where system privileges and delegate controls are not directly available to the user (Banner Finance and HR, PI Profile, etc.), users must coordinate with their supervisor to follow existing procedures to request a new account for the delegate or to have the permissions on the designated delegate’s existing account updated.
  • If there is a need to access and/or control a terminated or otherwise indisposed individual’s accounts or files, the manager or supervisor may provide a written request to the appropriate system administrator to reset the password of the account being accessed, so that the employee to whom the account belongs will know that it has been accessed.

At times, there may be a non-operational need to access an individual’s accounts or files without their permission, such as investigations of unlawful activity or infractions of SDSURF policies.  This non-operational need to access employee accounts and files must be approved by the director of Human Resources and Risk Management or the chief financial officer.

A more detailed analysis of password protection standards is available online at Password Policy.

8. Data Classification and Handling Policie

  1. Information Classification Standard

SDSU Research Foundation has adopted the draft CSU Data Classification and SDSU Information Classification standards as a minimum information classification standard.  The full information on the Information Classification Standard is available in the San Diego State University Information Security Plan, Section 3.0.  It is available on the SDSU IT Security Office (ITSO) website. These standards outline three levels of classification and standards to which information must be secured:

  • Protected Level 1 – mandate by law or regulation
  • Protected Level 2 – proprietary, ethical or privacy considerations
  • Protected Level 3 – public information

Along with these standards, the following guidelines and policies have been established by SDSU Research Foundation to assist in reducing exposure to information and data loss.

  • Information security is essential whether information is conveyed electronically, over the phone or in written documents, whether it is acquired, transmitted, processed, transferred and/or maintained by SDSURF.
  • All SDSU Research Foundation staff, PIs, Project Directors and entities working on behalf of SDSURF are subjected to these guidelines and policies, and adhering to SDSU Information Security policies and procedures, including periodic Security Awareness Orientation training.
  • Non-Foundation (personal) information (both electronic and non-electronic), such as personal credit reports, personal bank statements, or even contact information from a synchronized cell phone or PDA should not be stored on SDSURF systems as SDSURF does not assume responsibility for securing this information and many systems may not be secured for this information by default.  Personal information does not just pertain to first party personal information (yours), but also to any third party personal information (someone else’s).

9. Intellectual Property

The Technology Transfer Office (TTO) manages all aspects of intellectual property (IP) with the goal of bringing qualifying properties to the open market. It helps to identify discoveries and creative works that need protection and have commercial potential. In addition, the TTO provides appropriate documents for the protection of IP, such as confidential disclosure documents.  Managing the commercialization of these inventions, authored works, and other projects is also part of the TTO service. Other services include patent, copyright, and trademark filing, technology assessment, as well as marketing and marketing research.  For additional information access:  Technology Transfer Office.

10. Research Integrity/Regulatory Compliance

SDSU is committed to achieving the highest standards in its conduct of research. Through the University Research Council, standing committees implement federal, state and institutional policies associated with research compliance as well as research development and promotion. The Division of Research Administration has oversight of regulatory assurances between the federal government and the university. These assurances are agreements that detail the responsibilities of those involved in the conduct of research to ensure that the research is carried out in a manner consistent with accepted standards of ethical research practices.  Programs that support research integrity and compliance include:

Animal Subjects
SDSU is committed to ensuring the humane care and use of all animals associated with its research and teaching programs. Stringent federal laws and policies, such as the federal Animal Welfare Act, regulate the use of animals in research. The SDSU Animal Care and Use Program meets or exceeds all requirements through oversight by the Office of Laboratory Animal Care and the Institutional Animal Care and Use Committee. The Animal Care and Use Program is housed within Graduate & Research Affairs' Division.  Program components include:

  • Office of Laboratory Animal Care (OLAC)
    The primary objective of the SDSU Office of Laboratory Animal Care (OLAC) is to ensure that each animal at the university receives the highest quality of care tailored to its individual needs. The OLAC includes on its staff a veterinarian board certified in Laboratory Animal Medicine, a Vivarium Manager, and laboratory animal technicians and caretakers.

    The OLAC staff observes animals daily to ensure their health and welfare. The veterinarian serves as a member and consultant to the Institutional Animal Care and Use Committee on matters relating to animal health and veterinary care. The campus veterinarian participates in reviewing animal studies, performing facility inspections, and assisting in training faculty and students who will be working with animals.

    Animal Care Technicians provide daily care for laboratory animals. The first qualification for obtaining a position in OLAC is having compassion for animals. Many of the technical staff are graduates of animal health technology programs of universities or technical schools. On-the-job training, informal lectures, and formal course work provide personnel with knowledge of the laws governing animal research and methods of proper care and handling of a wide variety of animal species. OLAC encourages employees to take certification examinations that are offered through the American Association for Laboratory Animal Science.

    The Office of Laboratory Animal Care, in conjunction with the Institutional Animal Care and Use Committee, monitors and ensures compliance with federal and state laws, regulations, and guidelines governing the care, use, and housing of animal subjects used in research, testing, and teaching. OLAC provides services and resources needed by investigators to accomplish their animal research objectives and assists in providing training in laboratory animal care and use to technical personnel, students, and faculty.
  • Institutional Animal Care and Use Committee (IACUC)
    The SDSU Institutional Animal Care and Use Committee (IACUC) is a committee of the University Research Council and is administered through Graduate and Research Affairs. The Vice President for Research is the "Institutional Official" responsible for research and teaching involving animal subjects.

    Through the IACUC, which includes veterinarians, scientists, and private citizens as members, SDSU ensures that all research, testing or educational instruction involving animals is conducted in a humane manner using the fewest number of animals possible to obtain valid results. Charged with this responsibility, the IACUC:
    • Reviews all proposed uses of live vertebrate animals in research, teaching and testing, including regular reviews of all ongoing projects.
    • Inspects all the animal facilities at least once every six months. Any deficiencies noted are classified as "significant" or "minor". The Institute of Laboratory Animal Resources (ILAR) Guide for the Care and Use of Laboratory Animals (the Guide) will be used as a basis for the evaluation. Expected completion dates for deficiencies to be corrected will be specified. If required, any corrections required by the USDA will be reported to the USDA.
    • Reviews the animal care and use program at least once every six months.
    • Submits semi-annual reports of facility inspections and program reviews to the Institutional Official (Vice President for Research).
    • Submits an annual report to the Public Health Service, National Institutes of Health (NIH), and Office of Laboratory Animal Welfare (OLAW) detailing changes in the animal care and use program, changes in IACUC membership, and the results of the semi-annual facility inspections and program reviews.
    • Submits annual reports to the USDA.
    • Investigates all concerns involving the care and use of animals at SDSU.
    • Makes recommendations to the Institutional Official regarding the animal care and use program, animal facilities, and the care and use training programs available to personnel.
    • May suspend a previously approved animal related activity if the committee determines that the activity is not being conducted in compliance with the Animal Welfare Act, PHS policy, or the Institutional IACUC policies.
    • Ensures that investigators have appropriate training to use animals as they propose in their animal protocol forms (APFs).
    • Cooperates with other administrative units at SDSU to ensure compliance with other university policies and other new regulations involving animals as the need arises. This includes Graduate and Research Affairs, (e.g., which oversees completion of Materials Transfer Agreements and student Thesis Committee Appointment Forms), the SDSU Research Foundation (e.g., contract and grant proposal routing forms), and Environmental Health & Safety (e.g., authorizations for use of radioactive materials and controlled substances). http://gra.sdsu.edu/research.php?areaid=2&sectionid=10&subsectionid=20.

Biosafety
SDSU is responsible for ensuring that recombinant DNA research or experiments involving biological materials or potentially hazardous materials are conducted in compliance with the NIH Guidelines for Research Involving Recombinant DNA Molecules (NIH Guidelines)  and the CDC Biosafety in Microbiological and Biomedical Laboratories guidelines to promote safe and responsible practices. On behalf of SDSU, the Institutional Biosafety Committee (IBC) reviews research for this purpose. The IBC is a committee of the University Research Council appointed by the Vice President for Research.

Graduate and Research Affairs’ provides administrative support to the IBC. The IBC membership is determined based on federal guidance and includes a biosafety officer, an animal expert, scientists, and private citizens.

Principal investigators using biohazardous materials or conducting experiments involving recombinant DNA in their laboratories must obtain approval from the IBC. To initiate this process, the investigator must complete a Biological Use Authorization (BUA) Form. The BUA may be reviewed and approved by the Institutional Biosafety Officer (IBO) for BL-1 experiments. The IBO and the IBC will review research involving BL-2 or BL-3 experiments.

http://gra.sdsu.edu/research.php?areaid=2&sectionid=10&subsectionid=22

Conflict of Interest
The conflict of interest committee evaluates research when an investigator discloses a significant financial interest that may influence the conduct of the activity. The committee determines what, if any, conditions or restrictions should be imposed on the investigator or research protocol in order to manage, reduce or eliminate such conflicts of interest.

The conflict of interest and commitment policies of the university serve as a guide to faculty and other employees with principal responsibility for research projects conducted at San Diego State University and establish procedures to be followed to comply with state and federal requirements for review and oversight of research. http://gra.sdsu.edu/research.php?areaid=2&sectionid=10&subsectionid=44

Human Research Protection Program
SDSU assumes responsibility for the protection of the rights and welfare of human subjects in accordance with federal regulations and SDSU's Federal Wide Assurance issued by the U.S. Department of Health and Human Services. The Institutional Review Board (IRB), a standing committee of the University Research Council, reviews research involving human subjects to ensure that all projects conform to the federal and institutional regulations and policies. This site is designed to provide access to information for the faculty, students, and employee's of SDSU who plan to conduct research that involves human subjects. http://gra.sdsu.edu/research.php?areaid=2&sectionid=10&subsectionid=19

Responsible Conduct of Research
SDSU is committed to maintaining the highest standards in the conduct of research and scholarship. SDSU’s policy on Integrity in Research and Scholarship is approved by the academic senate as well as the Department of Health and Human Services' Office of Research Integrity (ORI).

Information and educational materials to facilitate the responsible conduct of research are available through the following web sites.

Research Integrity/Misconduct Policy
http://gra.sdsu.edu/research.php?areaid=2&sectionid=10&subsectionid=23

Human Research Protection Program - Education and Training in Research Ethics
http://gra.sdsu.edu/research.php?areaid=2&sectionid=10&subsectionid=19&PHPSESSID=887e4714ff46e09
0743043cb49dacfad dacfad

Project TRES
http://projecttres.sdsu.edu/tres

Education and Training in the Care and Use of Laboratory Animals
http://gra.sdsu.edu/research.php?areaid=2&sectionid=10&subsectionid=41

Office of Research Integrity (ORI)
http://ori.hhs.gov/

Responsible Conduct of Research Education Consortium (RCREC)
http://www.indiana.edu/~appe/rcrec.html


* Note: Documents in Portable Document Format (PDF) require Adobe Acrobat Reader 5.0 or higher to view. Download Adobe Acrobat Reader.

Accessibility Statement  |  Contact UsEmergency Preparedness   |  Feedback   |  Jobs  |  Locations