Blogs & News
SATRE: Standardised Architecture for Trusted Research Environments – Data Management
This is the fourth in a series of five blogs, assessing the Aridhia DRE, our enterprise TRE, against the SATRE specification. The first blog provided an overview of the SATRE specification, and discussed the importance of open specifications for Trusted Research Environments. The second and third blogs scored the Aridhia DRE against the SATRE Information Governance, and Computing Technology sections. This blog evaluates the DRE against the SATRE Data Management Specification.
Data Management in the Aridhia DRE
Overall Score 54/62
The Data Management section of SATRE is concerned with the management of data and metadata, data discoverability, supporting different data types, data access controls, secure ingress and egress of data, and user management and authentication.
We scored the Aridhia DRE at 54 from a possible 62, because it provides a wide range features in this area:
- • FAIR Data Services is the DREs native metadata catalogue, which supports a number of existing metadata standards (e.g. OMOP), and allows users to provide their own custom catalogue templates.
- • All Data Access Requests in the DRE are managed in a fully audited and configurable DAR process.
- • Data egress and ingress can be managed through our secure airlock feature.
- • All users log-in with Multi-Factor Authentication (MFA) and Role-Based Access Control (RBAC), ensuring that users only have the permissions they need.
See below for more detail on how the DRE scores against each item in the SATRE Data Management Specification.
(Note on scoring – where a field has been marked as NA, it is not counted as part of the total possible score for that section.)
SATRE 3.1 – Data lifecycle management
Score: 21/24
The Aridhia DRE provides users with a variety of technical controls to ensure data is handled in a secure and compliant way, including Role Based Access Control (RBAC) for all users, a comprehensive audit log, and a secure airlock for data ingress and egress.
| Item | Statement | Importance | Score |
|---|---|---|---|
| 3.1.1 | You must have processes in place to assess the legal and regulatory implications of handling the data through its full lifecycle. | Mandatory | 2 |
| 3.1.2 | You should keep records of data handling decisions. | Recommended | 2 |
| 3.1.3 | Information asset owners must classify data sets according to a common process and data classification methodology. | Mandatory | 2 |
| 3.1.4 | You must have a data ingress process which enforces information governance rules/processes. | Mandatory | 1 |
| 3.1.5 | You must have a data egress process which enforces information governance rules/processes. | Mandatory | 2 |
| 3.1.6 | Egress must be limited to the information asset owners or their delegates. | Mandatory | 2 |
| 3.1.7 | Your data egress process could sometimes require project-independent approval. | Optional | 1 |
| 3.1.8 | You must keep a record of what data your TRE holds. | Mandatory | 2 |
| 3.1.9 | You must have a policy on data deletion. | Mandatory | 2 |
| 3.1.10 | You should have a method of providing proof of deletion/removal of files. | Recommended | 2 |
| 3.1.11 | You should log how input data is modified. | Recommended | 1 |
| 3.1.12 | You must, to a reasonable extent, prevent unauthorised data ingress or egress. | Mandatory | 2 |
| 3.1.13 | Data held within the TRE should be the minimum required for analysis or research. | Recommended | NA |
SATRE 3.2 – Identity and access management
Score: 12/12
The Aridhia DRE allows customers to set the level of information users must provide to register an account, and all users log-in using multi-factor authentication (MFA). All data access is managed through a fully configurable Data Access Request (DAR) process, where data owners approve access to their datasets.
| Item | Statement | Importance | Score |
|---|---|---|---|
| 3.2.1 | You must have processes in place to assess the legal and regulatory implications of handling the data through its full lifecycle. | Mandatory | 2 |
| 3.2.2 | You should keep records of data handling decisions. | Mandatory | 2 |
| 3.2.3 | Information asset owners must classify data sets according to a common process and data classification methodology. | Mandatory | 2 |
| 3.2.4 | You must have a data ingress process which enforces information governance rules/processes. | Mandatory | 2 |
| 3.2.5 | You must have a data egress process which enforces information governance rules/processes. | Optional | 2 |
| 3.2.6 | Egress must be limited to the information asset owners or their delegates. | Optional | 2 |
SATRE 3.3 – Output management
Score: 5/8
This section primarily covers policy questions which are outside of our responsibility as a platform provider. However, our data usage agreements framework, configurable DAR process and data airlock feature provide data owners with a variety of tools for managing data access and project outputs.
| Item | Statement | Importance | Score |
|---|---|---|---|
| 3.3.1 | You should have a system to help classify outputs. | Recommended | 1 |
| 3.3.2 | You should establish the intended outputs of each project from the outset. | Recommended | 2 |
| 3.3.3 | You must have a documented process for disclosure control of outputs from the TRE. | Mandatory | NA |
| 3.3.4 | You must have a process for assigning responsibility for output checking. | Mandatory | NA |
| 3.3.5 | You must have a documented policy for handling disclosure risks associated with any outputs that cannot be manually checked. | Mandatory | NA |
| 3.3.6 | You should have a statistical basis to guide the decisions of an output checker on the safety of outputs. | Recommended | 0 |
| 3.3.7 | You could create a semi-automated system for checks on common research outputs. | Optional | 2 |
| 3.3.8 | TRE outputs should be limited to the minimum required for sharing results of any analyses. | Recommended | NA |
SATRE 3.4 – Information search and discovery
Score: 2/2
The Aridhia DRE has its own native metadata catalogue, FAIR Data Services. More information on FAIR can be found here.
| Item | Statement | Importance | Score |
|---|---|---|---|
| 3.4.1 | You should provide a metadata catalogue of available datasets for users. | Recommended | 2 |
SATRE 3.5 – Security Levels and Tiering
Score: 6/6
The Aridhia DRE supports a variety of structured and unstructured data types, which are detailed in our service descriptions and Knowledge Base. The DRE provides administrators with a variety of pre-defined security controls (e.g. system user roles), but also allows these to be configured to meet the needs of particular projects or customers.
| Item | Statement | Importance | Score |
|---|---|---|---|
| 3.5.1 | You must be able to specify what categories of data your TRE is able to support. | Mandatory | 2 |
| 3.5.2 | Your TRE could support projects with differing security requirements through configurable security controls. | Optional | 2 |
| 3.5.3 | Your TRE could offer a pre-defined set of security control tiers. | Optional | 2 |
SATRE 3.6 – Research Meta-Data
Score: 4/4
The Aridhia DRE provides researchers with the ability to discover and understand data through dataset search, classification and efficient metadata browsing capabilities described via customisable dataset catalogues and associated dictionaries.
| Item | Statement | Importance | Score |
|---|---|---|---|
| 3.6.1 | You should have a consistent and easily accessible meta-data data model or similar to describe what a data asset contains. | Recommended | 2 |
| 3.6.2 | You could provide summary, abstracted or synthetic data to researchers without exposing the underlying data set. | Optional | 2 |
SATRE 3.7 – Meta-Data Search and Discovery Application
Score: 2/2
The FAIR Cohort Builder can be enabled on datasets held in the Aridhia DRE. This allows users to explore and summarise data before requesting access to it. The Cohort Builder also allows users to subset data, and only request those records that meet their project requirements.
| Item | Statement | Importance | Score |
|---|---|---|---|
| 3.7.1 | You could provide an interface application for data consumers and data subjects to query elements of the data. | Optional | 2 |
SATRE 3.8 – Data Archiving
Score: 2/4
The Aridhia DRE allows users to hibernate workspaces that are no longer in use: these are maintained in a read-only state.
| Item | Statement | Importance | Score |
|---|---|---|---|
| 3.8.1 | Archived data within the TRE should be read only. | Recommended | 2 |
| 3.8.2 | Long-term archives must be held in simple, standard formats to ensure accessibility. | Recommended | 0 |
Look out for the next blog in this series, where we will be looking at how the DRE measures up against the Supporting Services specifications.
April 15, 2024
ross
Ross joined the Aridhia Product Team in January 2022. He is the Product Owner for FAIR Data Services, and Aridhia's open source federation project. He works with our customers to understand their needs, and with our Development Team to introduce new features and improve our products. Outside of work, he likes to go hill walking and is slowly working his way through Scotland's Munros.