Research Operations Sourcebook

Ethics must be reviewed before, during and after research. This includes risk assessment, meaningful consent, safeguarding, and clear escalation routes. Ethical governance is not a one-off task but an ongoing obligation.

Researchers must understand and apply relevant legislation including:

• GDPR & Data Protection Act
• Equality Act (2010)
• Accessibility Regulations for public sector bodies
• UKRI-ESRC or equivalent organisational research ethics frameworks

Legal considerations must be embedded into planning, recruitment, facilitation and data handling procedures.

Some studies require formal ethics review depending on topic sensitivity, participant vulnerability or organisational risk.

• Establish an ethics committee including legal, data protection and research specialists.
• Define criteria for when review is mandatory.
• Use standard ethics application forms documenting purpose, risks, safeguards and data handling.
• Define predictable review timeframes to avoid delivery delays.
• Store decisions and conditions for organisational learning.

Compliance must be embedded throughout research activity.

• Standardise consent models and secure storage.
• Include compliance checklists in research plans.
• Define protocols for capture, transfer, storage, sharing and disposal.
• Conduct periodic audits of research projects.
• Maintain an incident response plan for data breaches involving research data.

Bias may arise at any stage of research. Organisations must provide tools and training to identify and reduce it.

• Provide bias awareness training.
• Encourage diversity in research teams.
• Peer review topic guides and instruments.
• Ensure inclusive recruitment and monitor representation gaps.
• Audit studies periodically for fairness issues.

Research can expose participants or researchers to risks if poorly planned.

• Require study-level risk assessments.
• Document foreseeable risks and safeguards.
• Provide clear guidance for distress, safeguarding or disclosures.
• Use an incident log to support organisational learning.
• Review and update risk procedures annually and after incidents.