Skip to content

CREATE Trusted Research Environment Security Model

Document Ref: CREATE-TRE-ISMS-D-SecurityModel1.0 Version: 1.0 Effective Date: 30/01/2024 Review Date: 30/01/2025 Policy Owner: e-Research Information Security Committee

Introduction

The CREATE Trusted Research Environment is a secured environment for processing sensitive confidential data. This model applies to the scope as defined in the CREATE Trusted Research Environment Context and Scoping document. The governance systems align with the Five Safes Model (Ritchie, 2016), ISO/IEC 27001:2013, NHS Digital Data Security and Protection Toolkit, and industry best practices.

The measures, both technical and organisational, are designed to protect confidentiality, availability, and integrity of data. This framework, while providing a majority of secure data storage and processing requirements, does not replace the need for tailored risk assessments and professional judgment. Annual review by the e-Research Information Security Committee (e-RISC) ensures updates and changes are recorded.

Technical and Organisational Controls

Controls for “Safe Settings” and “Safe Computing”

  1. Physical Security

Infrastructure is housed in Virtus data centres, with TRE primary compute and storage in London 7 and OpenStack backups in London 4. These data centres adhere to ISO 27001:2013 standards, employing a ‘defence-in-depth’ approach with 24/7 on-site security, perimeter fence, vehicle traps, IP CCTV, authentication controls, biometric entry, rack-level locks, and more.

Additional card access is required for specific areas (King’s Cage, Racks, Pod).

  1. Network Security

King's Cyber Security provides firewalling, intrusion detection, and prevention at the network perimeter. Jisc offers DDoS protection. TRE is accessed via the e-Research Portal protected by King’s SSO with MFA (SAML 2.0). User access and authentication logs are retained for 6 months.

  1. Cloud Security

The private cloud, managed by the e-Research Team via OpenStack, follows industry best practices. Access is controlled via OTP MFA configured SSH gateways. The OpenStack API operates behind a TLS proxy, accessible only from e-Research systems or externally via VPN. Configuration files are restricted, and Horizon dashboard access is authenticated via King’s SSO with MFA (SAML 2.0).

  1. Host Security

Automated processes generate updated VM images every three months. Hypervisors are patched twice yearly, TRE images are patched weekly (Ubuntu) and monthly (Windows). Vulnerability scans are conducted every 90 days. Volume storage backend has at-rest encryption enabled.

  1. Data Encryption

All transport mechanisms (e.g., HTTPS, TLS) and data storage volumes are encrypted at rest. Platforms (e.g., Ubuntu, OpenStack) are regularly updated. Infrastructure backup and restore processes include daily and weekly backups with testing.

  1. Auditing and Monitoring

KCL Cyber security provides intrusion detection and incident response services. Identity Access management logs are stored for 6 months. Vulnerability scans, third-party penetration tests, and monitoring of authentication attempts are conducted regularly.

Controls for “Safe People”

  1. Training

All users must undergo annual Data Security Awareness training. Role-specific training may be required.

  1. Safe People Accountability

Records of staff responsibilities regarding confidential personal data processing must be maintained. Records of processing activities for confidential personal data must be kept.

  1. Access Management

All users must have a KCL user account for any access to the Trusted Research Environment. Privileged access rights are not granted without justification.

  1. Supplier Relationships

All suppliers must be vetted for necessary security controls. Suppliers with access to systems containing confidential patient information must provide evidence of DSPT, ISO 27001 certification, or equivalent assurances.

Controls for “Safe Projects”

  1. Application Process

All research projects using health and social care data must have a favorable opinion from a research ethics committee. Additional approvals may be required based on data sources.

Controls for “Safe Data”

  1. Data Minimisation

Personal confidential data must not be stored or processed unless necessary for an approved project.

  1. Data De-identification

Data de-identification must be applied to the extent possible without impeding project objectives.

  1. Data Quality

Validation mechanisms are applied to ensure collected data is accurate and fit for purpose.

  1. Transparency

Data fields, types, and processing methodologies should be communicated to data subjects. Data subject’s rights must be communicated.

  1. Safe Data Accountability

Users must submit and maintain entries in the King’s Data Protection Register for projects processing personal information.

Controls for “Safe Outputs”

  1. Statistical Disclosure Control

Outbound network access filtering prevents unauthorized data egress. Data Movers undergo “Safe Researcher Training” for data egress responsibility.

  1. Data Egress Portal

All data egress is managed through the Data Egress Portal by trained Data Movers. The Portal collects metadata, logs activity, and reviews outputs for re-identification risks.

Conclusion

The CREATE Trusted Research Environment is a robust framework for processing sensitive, confidential data in a secure and controlled environment. Aligned with existing standards and remaining under review to adapt as best practices evolve, these governance systems provide a comprehensive approach to safeguarding the confidentiality, availability, and integrity of data.

The commitment to annual review and updates by the e-Research Information Security Committee ensures the ongoing relevance and effectiveness of the model in maintaining a balance between data protection and usability. This systematic approach underscores the commitment to high standards of research integrity and data security within the CREATE Trusted Research Environment.

References

  • Burton, Murtagh, Boyd, & etal. (2015). Data Safe Havens in health research and healthcare. Bioinformatics, 31, 20, 3241-3248. doi:10.1093/bioinformatics/btv279
  • DSPT. (renewed annually). Data Security and Protection Toolkit. NHS Digital. Retrieved from www.dsptoolkit.nhs.uk/
  • Hubbard, T., & et, a. (2020, April 30). Trusted Research Environments (TRE) A Strategy to Build Public Trust and Meet Changing Health Data Science Needs. UK Health Data Research Alliance. Retrieved from ukhealthdata.org/wp-content/uploads/2020/04/200430-TRE-Green-Paper-v1.pdf
  • ICO. (n.d.). Guide to the General Data Protection Regulation. Information Commissioners Office. Retrieved from ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/
  • ISO/IEC 27001:2013. (n.d.). Information technology - Security Techniques - Information Security Management Systems. International Organisation for Standardization.
  • NCSC. (n.d.). Cyber Essentials. National Cyber Security Centre. Retrieved from www.ncsc.gov.uk/cyberessentials/
  • OpenStack. (n.d.). OpenStack Security Guide. OpenStack Docs. Retrieved from docs.openstack.org/security-guide/index.html
  • Ritchie, F. e. (2016). Five Safes: designing data access for research. doi:10.13140, RG.2.1.3661.1604
  • Safe Data Access Professionals Group. (2019). Handbook on Statistical Disclosure Control for Outputs. UK Data Service. Retrieved from ukdataservice.ac.uk/media/622521/thf_datareport_aw_web.pdf
  • Tim Hubbard, G. R. (2020, July 21). Trusted Research Environments (TRE) Green Paper (2.0.0). Retrieved from Zenodo: https://doi.org/10.5281/zenodo.4594704
  • UK Health Data Research Alliance, &. N. (2021, December 8). Building Trusted Research Environments - Principles and Best Practices; Towards TRE ecosystems. Retrieved from Zenodo: https://doi.org/10.5281/zenodo.5767586