CREATE Trusted Research Environment (TRE) Overview¶
What is a Trusted Research Environment?¶
Trusted Research Environments (TREs) provide highly secure computing environments that enable approved researchers to access sensitive datasets. Also known as 'Data Safe Havens' or 'Secure Data Environments', TREs are the emerging standard for processing sensitive datasets in particular those coming from the NHS.
How to Determine if Your Project Needs TRE¶
If your project involves handling sensitive data, there is a high likelihood that you will need the Trusted Research Environment (TRE) to ensure the security and confidentiality of the data. Sensitive data typically includes information that, if compromised, could result in harm to individuals, breach privacy, or violate regulatory requirements.
What is Sensitive Data?¶
Sensitive data encompasses information that requires special protection due to its nature. This may include, but is not limited to:
- Personally Identifiable Information (PII)
- Health Records
- Financial Data
- Confidential Research Data
To assess whether your project requires TRE for assurance, please complete our Data Risk Model available here. The Data Risk Model helps in determining the Risk Profile Class for your project. Projects falling to Class 3 and above are identified as having a higher risk and will typically require the implementation of TRE.
By completing the Data Risk Model, you can obtain a Risk Profile Class for your project, providing a clearer understanding of the security measures needed, with TRE being a recommended solution for higher-risk projects.
Ensure that your project aligns with the security standards and practices outlined in the TRE framework to safeguard sensitive data effectively.
CREATE TRE Key Components¶
-
OpenStack on Premises: * The infrastructure is based on OpenStack deployed on-premises. * This provides a private cloud environment, managed by the e-Research Team.
-
Encrypted Data: * Project data within the Trusted Research Environment is encrypted to ensure confidentiality and integrity.
-
Controlled Access: * Access to the TRE is tightly controlled and requires proper authentication. * Privileged access rights are granted based on projects needs.
-
Controlled Data Ingress and Egress: * The flow of data into and out of the Trusted Research Environment is strictly controlled. * Ingress and egress mechanisms are implemented to prevent unauthorized data access or transmission. * Data movement is managed through controlled processes and protocols to maintain security.
These key components form the foundation of the Trusted Research Environment design, ensuring a secure and controlled environment for processing sensitive research data.
For more detailed information on the Trusted Research Environment architecture, please refer to the section Architecture
.