Standard Architecture for Trusted Research Environments (SATRE)

👀 What is SATRE?

The SATRE project provides a Standard Architecture for Trusted Research Environments (TREs). It incorporates knowledge and best practices from multiple institutions and sectors across the UK. This includes all aspects of TRE provision such as information governance procedures, computing technology, data management and other capabilities.

It aims to standardise the capabilities of TREs, making it easier for users, operators, and developers to work with sensitive data, and making the operation of TREs more transparent to data owners and the general public.

This specification should be useful if you are:

• a TRE Operator wanting to evaluate or improve their TRE with the suggested capabilities

• a Developer or Builder of new TREs looking for guidance in their thinking and decision making

We encourage all TREs in the UK to evaluate themselves against the SATRE specification, and to contribute to the project.

Getting started

If you are familiar with SATRE and want to evaluate your own TRE you can jump straight to the evaluation section which includes an Excel spreadsheet you can use for your evaluation.

If this is your first time here we recommend reading the rest of this page to understand the background behind SATRE, followed by:

• Frequently asked questions

• The specification

• How to evaluate your TRE

❓ Why do we need TREs?

Personal or sensitive data which have been collected for operational, commercial or governmental reasons need to be managed securely and safely. A TRE enables researchers to access the data in a secure environment following best practice. This should ensure that research projects and data consumers are properly authorised and that researchers only access the data they need, whilst minimising risk of data release or exposure.

❓ Why are we doing this now?

The need for trusted research environments (TREs) is clear. Influential reports including the UK Government’s Goldacre review and ‘Data Saves Lives’ policy paper, have highlighted the need for change in how sensitive data are handled. These papers set out a vision for the potential impact of research enabled by TREs.

At present operators have to interpret a range of frameworks, legislation and guidance when building and running a TRE. These include:

• Office for National Statistics: 5 Safes

• UK Health Data Research Alliance: TRE Green Paper

• UK Health Data Research Alliance: TRE Principles and Best Practices

• Design choices for productive, secure, data-intensive research at scale in the cloud

• ISO27001

• Digital Economy Act

• Handbook on Statistical Disclosure Control for Outputs

This makes for inconsistent governance standards and makes it hard for researchers to work consistently in different environments.

A common specification for TREs will improve governance and practice across the sector, simplify researcher and operator journeys. Furthermore, it will lay a foundation for interoperability that is required to maximise the impact of research by providing a trusted ecosystem for working with currently disparate and siloed data.

❓ Who are we?

The SATRE team contains representatives from several existing UK TREs, which host many different types of sensitive data. We will use the reference architecture specified here to bring these into closer alignment and make it easy for others to do the same. This supports DARE UK’s aim of developing a coordinated national data research infrastructure.

👐 Contributing

We welcome contributions from anyone who is interested in the project. There are lots of ways to contribute, not just writing code! Find out more about how to contribute to the SATRE Specification.

🙇 Acknowledgements

We are grateful for the following support for this project:

• UKRI via the DARE UK Phase 1 driver projects programme (SATRE)