Compliance

IIASA attributes great importance to compliance with applicable laws, policies, and procedures to ensure that its activities are in line with its objectives, the provisions of its Charter, and the interests of its member organizations.

Health, safety, and wellbeing

IIASA complies with the Luxembourg Declaration on Workplace Health Promotion and the Austrian Employee Safety Law (ArbeitnehmerInnenschutzgesetz). These laws stipulate that an occupational health doctor must be employed by the institute. IIASA has worked with a general practitioner qualified in occupational medicine since 1997, and in 2017, the institute also hired an occupational psychologist.

In addition to Austrian Safety Law, which covers work equipment, materials, and employee health, IIASA also adheres to:

  • The Bildschirmverordnung, which regulates work with computers/screens and office set up
  • Regulations regarding training for first aid officers and first aid equipment
  • Regulations regarding the appointment of a safety specialist
  • Regulations regarding the protection of non-smokers

IIASA reports work-related accidents as legally required. In 2018, one notable incident was reported.

The institute has guidelines regarding the following health and safety issues (detailed in the IIASA Handbook):

  • Maternity regulations
  • On-duty accidents
  • Fire prevention
  • Smoking
  • Prevention of health risks while working with computers

These all fall under the Austrian legal framework regarding health and safety in the workplace (i.e., ArbeitnehmerInnenschutzgesetz, Mutterschutzgesetz, Bildschirmverordnung).

In 2018, an external safety services company provided a specialist to support the institute’s doctor and psychologist in evaluating and documenting the implementation of the laws and guidelines listed above and come up with strategies to improve employee health at work with a specific focus on workplace safety (Arbeitsplatzsicherheit).

 

Intellectual property and copyright

IIASA follows the rules and procedures laid out in the institute’s patent and software policies. The Patent Policy ensures that any invention made in the course of research activities at IIASA is used to bring about the widest possible benefits. This includes that the institute gains financially from any commercial exploitation of patents resulting from the use of its resources, and that favorable terms are applied in granting licenses to organizations and citizens of National Member Organization countries. The Software Policy defines and protects the intellectual property rights for software developed by IIASA staff, and outlines the processes for commercialization, licensing, and distribution.

The IIASA Copyright Policy takes the practices of international journals and publishers into consideration and aims to facilitate the widest possible dissemination of IIASA results. In 2018, a revised version of the institute’s Scientific Publications and Copyright Policies was drafted taking into account the latest developments in academic publishing, open access publishing, and the use of creative commons licenses to expand the sharing and uptake of IIASA research.

Financial policies and procedures

The Finance Committee of the Council supervises the institute’s accounting and auditing activities, annual payments of National Member Organization contributions, the realization of royalties and other revenues, and annual financial reports. IIASA is also legally obliged under the Austrian Association Act and Austrian commercial law to have its accounts externally audited on an annual basis. IIASA’s statutory financial statements are audited by BDO Austria.

In addition, some external funders require that the projects they contribute to are individually audited. The European Commission (EC), a major contributor to the institute’s external funding, also sometimes performs second-level audits on already externally audited EC projects. To date, four major second-level audits on twelve projects were carried out in 2009, 2011, 2015, and 2017 respectively. All of these were successfully concluded.

At IIASA, financial policies and procedures are in place for:

  • Sponsored research and budgeting for proposals (sections 4.4.7 and 4.4.8 of the IIASA Operating Procedures and Policies)
  • Procurement, business travel, organizing conferences, and visits from external collaborators and stakeholders (section 4.4 of the IIASA Operating Procedures and Policies)
  • A budget planning and oversight process (section 4.4.2 in IIASA Operating Procedures and Policies)

The procedures and approval processes are facilitated and documented through the IIASA Management Information System.

 

Data management and archive policies

The IIASA rules laid out in its policies on Good Scientific Practice and Conflict of Interest, constitute the institute’s current data archiving standard. To comply with the requirements of research funders and other collaborators, IIASA policy stipulates that all primary research data must be retained for a minimum of 10 years, thus ensuring the reproducibility of findings and results. In addition, model-based work, model specifications, and methods of analysis have to be sufficiently documented, ideally in a peer-reviewed publication or its official supplement.

 

Information technology and data security

During 2018, the Information and Communications Technologies (ICT) Department improved online security through a full replacement of the network firewalls and the implementation of specialized security systems to protect internet facing IIASA applications and tools.

In addition to managing the IIASA mobile telephone program that provides nearly 150 staff with mobile telephones and access to worldwide data roaming capabilities, the ICT Department also modernized the office telephone system with a new Voice-over-IP system in 2018.

Legal compliance

IIASA is legally registered as a “Verein” (Association) in Austria with registration number (ZVR-Nr 524808900) and is subject to the laws and jurisdiction of its host country, Austria. These include all laws that typically affect an organization of similar size, such as:

  • IIASA as a “Verein”: Austrian Association Act
  • IIASA as an organization with an annual income over €20 million: Austrian Commercial Law
  • IIASA as an employer: Austrian Labor Law; Austrian Health and Safety Acts and regulations; Austrian Social Insurance Law including specific agreements for IIASA
  • IIASA as a publisher and provider of research material: Austrian Media Act; Austrian E-Commerce Act; Austrian Copyright Law; Austrian Intellectual Property Law
  • IIASA as a holder of information about people: Austrian Privacy Law; Austrian Data Protection Act, and the EU General Data Protection Regulation (GDPR) which came into effect on 25 May 2018.
Infrastructure development

In 2018, the host country carried out a major retrofitting of the Schloss to bring the building up to date with fire safety regulations. This included the installation of fire doors, smoke exhausts, alarm systems, and emergency lighting. In addition, an audit was undertaken with the aim of receiving the “Klimabündnis” (Climate Alliance) label granted by the state of Lower Austria.

Environmental performance

The 2018 IIASA staff association (STAC 2018) formed an Environment Committee with the aim to improve the institute’s environmental performance. The committee introduced an initiative comprised of representatives from IIASA programs and departments to act as Sustainability Champions.

Over the course of 2018 the Environment Committee and Sustainability Champions produced “green event guidelines” to help event organizers make IIASA events more sustainable. Implemented initiatives include the introduction of reusable tableware that are now used at all IIASA STAC events instead of single-use plastic equivalents. The committee also reviewed personal computer (PC) power saving policies and ran a campaign to reduce power usage. In 2019 a campaign will be launched to target a reduction in printing across the institute.

In order to obtain the eco label “Klimabündnis Betrieb” (“Climate Alliance Enterprise”), a sustainability audit was conducted by the State of Lower Austria and the Climate Alliance Austria. The audit will set internal sustainability targets to be monitored over the next five years, while the eco label will publicly show the institute’s commitment to the goals of the climate and sustainability initiative.

In May 2018, 65 IIASA staff members participated in the annual Austrian Bike to Work month, which aims to encourage more sustainable commuting options. Together the IIASA teams rode more than 12,000 kilometers.

A number of initiatives are already planned for 2019 including, accounting of travel-related emissions, sustainable travel policies, and revisiting climate-friendly menus in the IIASA restaurant. Other measures include encouraging paperless management systems through paperless pay slips, expense reimbursements and timesheets, sustainable procurement and catering policies, and reviewing waste and recycling policies.

Data protection and privacy

IIASA is the controller and processor of personal data concerning both its staff and other individuals associated with the institute. The institute periodically sends bulk mails to some of its contacts for a variety of reasons, ranging from asking them to attend an event, to updating them on IIASA’s latest research and activities.

In light of the above, the institute is obligated to follow the provisions of Austrian Data Protection Law. As a member of the European Union, Austria must also comply with the EU General Data Protection Regulation (GDPR), which came into effect on 25 May 2018.

In 2018, IIASA appointed a Data Protection Officer to oversee related issues and work towards compliance of all data protection regulations. The Data Protection Officer provides information on the new regulations to staff and is responsible for answering any queries related to data protection.

Many processes were updated in 2018, including the registration of visitors and conference participants to ensure that they are aware of how their data is stored and used. For subscribers to IIASA publications, evidence was obtained of their subscription preferences and consent to be contacted. The access rights in the management information system were reviewed and updated. In addition, IIASA signed data processing agreements with third parties where necessary to cover any transfer of data. Development of a Data Processing Register was initiated, which will be populated throughout 2019.