Skip to content

SAFE Project

The SAFE Project principle evaluates the intended purpose of the data request. The decision will be based on the ethical, legal and public benefit considerations of the data use. Each data custodian will have a slightly different set of considerations based on the level of consent afforded to them by the subject within the dataset, the data sensitivity level, type and purpose of the data use.


0. SAFE Project: Only appropriate use of the data is allowed Role
1. Individuals must be able to demonstrate that use of the data is in the public interest and must be able to satisfy a public benefit assessment. RE
2. Individuals and organisation must supply all relevant information to support the assessment of the project proposal (who will access, declaration of interest, funder/sponsor information, ethics approvals, what purpose, engagements with the patients and public, how will the data be analysed, over what period of time and what will happened to the data at the end of the project) RE
3. Individuals must supply what governance and administrative arrangements are available to assess, monitor and oversee the project RE
4. Data Custodians must provide clear and transparent guidelines of the decision-making process to individuals and organisations, including how representatives of patients and members of the public are involved in the decision-making process DC
5. Individuals and organisation must be able to specify the analysis methodology including software, research code, workflows that need to be provisioned by the data custodian/TRE RE
6. Data custodian/TRE provider must provide services to allow the provisioning of research software and analysis code into their SAFE Setting environment DC, TA
7. Data Custodians must publish an open register of approved data use DC


ID Description Requirement Type Role
PROJECT-01 Individuals and organisation must be able to provide detailed project descriptions including project methodology, funder/sponsor information, ethics approvals and time period of access Functional RE, DC
PROJECT-02 Data Custodians must provide detailed guidance of the data access request process, including time frames, requirements and decision making process Non-Functional DC
PROJECT-03 Data Custodians must provide the ability for Individuals and organisations to submit and process enquiries of the data prior to submission of a formal access request Functional DC
PROJECT-04 Data Custodians must provide a proportionate data access request form to collect all relevant information about the individual/organisation’s project Functional DC
PROJECT-05 Data Custodians must inform and update individuals on the status & processing times of their application and allow for individual appeals process Functional DC
PROJECT-06 Data Custodians must demonstrate meaningful involvement of patient and public / lay representatives in the data access decision making process. Non-Functional DC
PROJECT-07 TRE providers must allow individuals to specify software, research code, reference data, configurations to be deployed with their SAFE Setting which may be subject to a review process before deployment Functional DC, TA
PROJECT-08 TRE provider must make every attempt to support the ongoing collaboration between project members, including provide collaboration software – Git, Shared docs Functional TA, SI
PROJECT-09 Data Custodian must maintain a public Data Use Register that is updated in ‘real time’ with approved projects Functional DC

Interoperable Standards & Specifications

This section is a work in progress

Please suggest edits and modifications to this section by clicking on the edit link

Most data custodians provide some form of Data Access Request process and these vary from using offline Word/PDF forms to fully online access request process. HDR UK has attempted to streamline the data access request process by collating the questions asked by Alliance members to build up a consolidated Data Access Request Form as a standard Five SAFE approach to allow individuals to submit access requests. Our recommendation for new Data Custodians is use the HDR UK designed Five SAFE Form as the baseline to extend and modify for their use. HDR UK will be published the Five SAFE form as a standard to allow reuse and interoperability between the Gateway and data custodians for processing

There currently does not exist a single streamlined data access request management API that allows individuals to submit an access request to one of more data custodians as they are implemented by each data custodian themselves. HDR UK will aim to help consolidate these APIs into single streamlined Data Access Request API to allow interoperability between systems.

There does exist a number of standards for specifying software applications, research code and other research project requirements that are vendor-neutral. Our recommendation for TRE providers is to support the Helm specification for containerised applications and Terraform specifications of more complex deployments. Non-containerised applications should be specified using the Data Access Request form or separately before access it provided. HDR UK will be looking to help coordinate the specification of complex workflow and task execution-oriented specifications such as the GA4GH WES/TES standards that will allow TRE provider to provide orchestrator neutral remote execution functionality.

Modular Software & Services

This section is a work in progress

Please suggest edits and modifications to this section by clicking on the edit link

Our suggested list of vendor-neutral software and services that help facilitate SAFE project management with a TRE include:

  • HDR UK Data Access Request Management for Data Access Request Management
  • Helm Charts for containerised application deployments
  • Terraform configurations for complex application deployments
  • Workflow orchestration solutions that support the GA4GH WES/TES standard

Extensible Use Cases

This section is a work in progress

Please suggest edits and modifications to this section by clicking on the edit link