The Trustworthy Research Environment (TRE) and management of Information Security

This is a legacy web page. The Trustworthy Research Environment and its ISO27001 Certified ISMS are now closed. If you need to access sensitive data at the University, please contact IT Services about using their Data Safe Haven.

The Trustworthy Research Environment is a highly secure data analytics resource operated by the Centre for Health Informatics, and hosted here on campus.

The TRE provides researchers with a secure place to store, analyse and process health data. Strict controls are in place to prevent unauthorised access to or inappropriate usage of the data. The TRE operations team also review all data exports from the TRE, and operate an ‘output checking’ service that aims to prevent any disclosure of confidential information. Information Governance support can also be provided, to help project teams complete data sharing agreements with their data controllers. We have produced guidance documents to help researchers manage their TRE projects, which can be downloaded below.

The TRE infrastructure comprises virtualised workstations, application servers, data storage servers, and numerous firewalls and network devices. These are all wrapped up together in an environment that is isolated from the internet, where data is encrypted in transit and at rest. The virtual workstations contain analytical tools such as STATA and R and are accessed via 2-Factor authenticated remote desktop connections. Along with any required software applications and storage volumes, the virtual workstations are allocated to individual projects and only accessible to members of that project. The TRE is DSP Toolkit (formerly IG Toolkit) certified and has its own connection to the NHS HSCN (formerly N3 network).

In 2018, the Trustworthy Research Environment was certified to ISO27001 by Lloyds Register. ISO27001 is an international standard for an Information Security Management System (ISMS). The scope of the Centre for Health Informatics ISMS is the TRE: the IT infrastructure, the building it occupies, the data it stores, the people who operate it, and the end-users and their computer connections.

Information Security is the core principle of the TRE. The primary objective is to maintain the:

  1. Confidentiality – the data is only accessible to authorised individuals
  2. Integrity – ensuring no data becomes lost or corrupted
  3. Availability – best efforts to maintain access to the TRE and its data at all times

To enquire about hosting your research within the TRE, please contact us:

Further information about the TRE, ISO27001 and our Information Security documentation management system can be found on our FAQs page.

Training for the TRE

We can provide three training courses about how to keep health data confidential are available. Please contact us for enquiries and booking.

  1. Safe Researcher Training – This 5 hour course and subsequent online test were developed by the Office for National Statistics and are one step of their Approved Researcher Scheme. This is also a prerequisite for those working on research projects using the Trustworthy Research Environment.
  2. How to manage disclosure risk in your publications – Research using confidential data like health records brings an obligation that you don’t publish small numbers. Small numbers can be easy to spot in a frequency table, but for lots of other outputs it’s less clear. This 1.5 hour session is an opportunity for researchers and those involved in output checking to learn from practices at safe settings including the Trustworthy Research Environment.
  3. Privacy by Design Training – Dig deeper into data protection law and how it applies to IT and software for health research. This 2-hour session is for technical staff and managers who want an overview of key issues and how to comply with GDPR.

Page last updated 21/06/19