SETTING-01 |
TRE providers must implement processes and systems that hold and managed data securely, encrypted at rest with client-held encryption keys |
Non-Functional |
TA |
SETTING-02 |
TRE providers must implement mechanisms to provision a minimised dataset bespoke to the individuals request encrypted with a separate key accessible by the project individuals |
Functional |
DE |
SETTING-03 |
TRE providers must provide ingress and egress (where allowed) to transfer data and code securely between SAFE Settings |
Functional |
DE |
SETTING-04 |
TRE providers must provide a secure environment to allow individuals to perform their analysis using tools supplied by the TRE provider and/or tools requested to be deployed by the individual |
Functional |
TA |
SETTING-05 |
TRE providers must provide services that allow individuals to remotely execute analysis workflows using TRE supplied tools or research software with minimal hands-on access to the data |
Functional |
TA |
SETTING-06 |
TRE Providers must publish their security design and implementation reports for review |
Non-Functional |
SO |
SETTING-07 |
TRE providers must provide assurance statements that ensure their processes and systems are conformant to secure data processing standards – ISO 27001, IGToolkit/DSPT, ONS/UKSA Accredited Processor |
Non-Functional |
SO |