Skip to content

SAFE Setting

The SAFE Data principle evaluates whether all parties have taken reasonable steps to ensure data will be used in an appropriately safe and secure environment. Data Custodians must provide practical controls both physical and IT to manage how data is stored, managed, transferred and accessed.


0. SAFE Settings: Data Access facility actively minimizes the risk of unauthorised use or disclosure Role
1. TRE providers must implement services to hold data and manage data securely at rest with auditable access logs TA
2. TRE providers must implement services to transfer data where required between established trust networks to facilitate consolidated analysis, subject to a DPIA assessment TA, DE
3. TRE providers must provide services that enable secure and/or remote analysis of the data TA, SI
4. TRE providers must provide a research environment with a set of approved tools/software that allow data to be analysed securely TA
5. TRE providers must collect logs of access and activity, and publish their robust system for automated and/or manual review to capture inappropriate use. TA, SO
6. TRE providers must implement harmonised processes and systems conformant to or in recognition of secure data processing standards e.g. ISO 27001, ONS / UKSA Accredited Processor, IGToolkit/DSPT SO
7. For transparency security design and implementation should be independently audited with reports reviewed by patient/public oversight groups and made public SO


ID Description Requirement Type Role
SETTING-01 TRE providers must implement processes and systems that hold and managed data securely, encrypted at rest with client-held encryption keys Non-Functional TA
SETTING-02 TRE providers must implement mechanisms to provision a minimised dataset bespoke to the individuals request encrypted with a separate key accessible by the project individuals Functional DE
SETTING-03 TRE providers must provide ingress and egress (where allowed) to transfer data and code securely between SAFE Settings Functional DE
SETTING-04 TRE providers must provide a secure environment to allow individuals to perform their analysis using tools supplied by the TRE provider and/or tools requested to be deployed by the individual Functional TA
SETTING-05 TRE providers must provide services that allow individuals to remotely execute analysis workflows using TRE supplied tools or research software with minimal hands-on access to the data Functional TA
SETTING-06 TRE Providers must publish their security design and implementation reports for review Non-Functional SO
SETTING-07 TRE providers must provide assurance statements that ensure their processes and systems are conformant to secure data processing standards – ISO 27001, IGToolkit/DSPT, ONS/UKSA Accredited Processor Non-Functional SO

Interoperable Standards & Specifications

This section is a work in progress

Please suggest edits and modifications to this section by clicking on the edit link

As far as we are aware there does not exist a comprehensive standard that encapsulates the entire stack of services required build, run and maintain an entire Trusted Research Environment setting. There are individual de-facto industry standards and best-practice around identity management, data management, analytics management, access management and outputs management. It will be an enormous undertaking to develop a standard for each of these services, so HDR UK proposes to develop a reference architecture and implementation that allows TRE vendore to implement services that closely aligns with the reference architecture or extend the reference implementation.

Consultation Question:

As there is a lack of standardisation of processes and implementation of Truster Research Environment settings, do you want HDR UK to develop a consolidated standard that provides a reference architecture for a TRE and the set of configurable capabilities as a refence implementation

Modular Software & Services

For data management there exists industry solutions around Block and Object storage with encryption capabilities and for analytics the de-facto standards used are container orchestration solutions like Kubernetes and Virtual Machine management solutions.

There also does exist vendor-neutral software to configure and deploy multiple service stack that combine these services, such as Terraform, Pulumi, Crossplane REF

Extensible Use Cases

The aim will be to publish a TRE reference architecture and implementation that can be modified and extended depending on the local setting, but that which conforms to the set of capabilities and services to ensure the Trusted Research Environment is conforms the TRE architecture and federated ecosystem