| PEOPLE-01 |
Individuals MUST be able to supply user identification information to the data custodian to verify identity |
Functional |
RE, TA, DC |
| PEOPLE-02 |
Individuals or Organisations must be able to supply their Accredited / Approved / Bonafide researcher status or equivalent to the data custodian to verify their status |
Functional |
RE, TA*, DC |
| PEOPLE-03 |
Individuals are afforded opportunities to undertake and renew their Information Governance Training in support of their Accreditation status |
Non-Functional |
RE, TA, DC |
| PEOPLE-04 |
Organisations must be able to provide information on appropriate governance and administrative arrangements, security and privacy arrangements and technical skills and capabilities to protect, manage and use data |
Functional |
PO |
| PEOPLE-05 |
Individuals must be able to use their existing identities from their affiliated organisations to authenticate using 2FA and use services from data custodians, which offers a level of organisation control of individual access to data |
Functional |
RE, TA |
| PEOPLE-06 |
TRE providers must be able to apply authorisation policies to enable access to services and share authorisation decisions to enable system-wide intelligence of an individual’s access rights |
Functional |
TA |
| PEOPLE-07 |
TRE providers should maintain and record of all user access performed by Individuals for audit purposes |
Non-Functional |
TA |
| PEOPLE-08 |
TRE Providers should be able disbar users in breach of service with an appeals process |
Non-Functional |
TA |