SAFE Setting¶
The SAFE Data principle evaluates whether all parties have taken reasonable steps to ensure data will be used in an appropriately safe and secure environment. Data Custodians must provide practical controls both physical and IT to manage how data is stored, managed, transferred and accessed.
Principles¶
| 0. | SAFE Settings: Data Access facility actively minimizes the risk of unauthorised use or disclosure | Role |
|---|---|---|
| 1. | TRE providers must implement services to hold data and manage data securely at rest with auditable access logs | TA |
| 2. | TRE providers must implement services to transfer data where required between established trust networks to facilitate consolidated analysis, subject to a DPIA assessment | TA, DE |
| 3. | TRE providers must provide services that enable secure and/or remote analysis of the data | TA, SI |
| 4. | TRE providers must provide a research environment with a set of approved tools/software that allow data to be analysed securely | TA |
| 5. | TRE providers must collect logs of access and activity, and publish their robust system for automated and/or manual review to capture inappropriate use. | TA, SO |
| 6. | TRE providers must implement harmonised processes and systems conformant to or in recognition of secure data processing standards e.g. ISO 27001, ONS / UKSA Accredited Processor, IGToolkit/DSPT | SO |
| 7. | For transparency security design and implementation should be independently audited with reports reviewed by patient/public oversight groups and made public | SO |
Requirements¶
| ID | Description | Requirement Type | Role |
|---|---|---|---|
| SETTING-01 | TRE providers must implement processes and systems that hold and managed data securely, encrypted at rest with client-held encryption keys | Non-Functional | TA |
| SETTING-02 | TRE providers must implement mechanisms to provision a minimised dataset bespoke to the individuals request encrypted with a separate key accessible by the project individuals | Functional | DE |
| SETTING-03 | TRE providers must provide ingress and egress (where allowed) to transfer data and code securely between SAFE Settings | Functional | DE |
| SETTING-04 | TRE providers must provide a secure environment to allow individuals to perform their analysis using tools supplied by the TRE provider and/or tools requested to be deployed by the individual | Functional | TA |
| SETTING-05 | TRE providers must provide services that allow individuals to remotely execute analysis workflows using TRE supplied tools or research software with minimal hands-on access to the data | Functional | TA |
| SETTING-06 | TRE Providers must publish their security design and implementation reports for review | Non-Functional | SO |
| SETTING-07 | TRE providers must provide assurance statements that ensure their processes and systems are conformant to secure data processing standards – ISO 27001, IGToolkit/DSPT, ONS/UKSA Accredited Processor | Non-Functional | SO |
Interoperable Standards & Specifications¶
This section is a work in progress
Please suggest edits and modifications to this section by clicking on the edit link
As far as we are aware there does not exist a comprehensive standard that encapsulates the entire stack of services required build, run and maintain an entire Trusted Research Environment setting. There are individual de-facto industry standards and best-practice around identity management, data management, analytics management, access management and outputs management. It will be an enormous undertaking to develop a standard for each of these services, so HDR UK proposes to develop a reference architecture and implementation that allows TRE vendore to implement services that closely aligns with the reference architecture or extend the reference implementation.
Consultation Question:
As there is a lack of standardisation of processes and implementation of Truster Research Environment settings, do you want HDR UK to develop a consolidated standard that provides a reference architecture for a TRE and the set of configurable capabilities as a refence implementation
Modular Software & Services¶
For data management there exists industry solutions around Block and Object storage with encryption capabilities and for analytics the de-facto standards used are container orchestration solutions like Kubernetes and Virtual Machine management solutions.
There also does exist vendor-neutral software to configure and deploy multiple service stack that combine these services, such as Terraform, Pulumi, Crossplane REF
Extensible Use Cases¶
The aim will be to publish a TRE reference architecture and implementation that can be modified and extended depending on the local setting, but that which conforms to the set of capabilities and services to ensure the Trusted Research Environment is conforms the TRE architecture and federated ecosystem