SATRE Kick-off sessions
SATRE (Standardised Architecture for Trusted Research Environments) is a collaborative research project between the University of Dundee, Ulster University, UCL, Health Data Research UK, The Alan Turing Institute, Research Data Scotland, and funded by DARE UK. We’re building a reference TRE architecture and accompanying implementation, using a community driven approach. More details on the project can be found on our initial blog post.
During March 2023, the SATRE project team ran a number of ‘kick-off’ sessions for the community, to introduce different stakeholders to the project and gather input on our approach, ways of working, areas of focus and more.
Over 100 people signed up for the sessions, and over 75 attended — thank you to all those who participated at this early stage. Your feedback and thoughts have been instrumental in driving our approach and work! This level of engagement was extremely encouraging and reflected the high level of community interest already present within the Trusted Research Environment (TRE) space, which we in SATRE are keen to work with.
The sessions were designed to introduce the community to the SATRE project and background of the team, and facilitate breakout discussions with those present on key issues SATRE should consider across the project.
What became clear across the sessions is the amount of different considerations there are for us as we progress towards our reference specification and implementations for TREs, and how necessary it will be to ensure co-creation of the community is present at every step of our work.
Below is a summary of the key themes that arose from the sessions. It’s important to note that the summaries below only reflect conversations from the sessions, and do not represent any specific research outputs from the SATRE project. You can find the slides used on the day, and a recording of one of the presentations, here.
For any questions, thoughts, ideas, feedback, or anything else, please get in touch with the team at satre-contact@dundee.ac.uk.
💡 Shared understanding — where to begin
Terms and concepts
One of the most fundamental discussion points was the importance of understanding where the foundations are for building a shared understanding of what a TRE is, does and looks like. This was reflected by the difficulty of even knowing how to define a TRE, and how the idea of a TRE is different to that of a Data Safe Haven (DSH), Secure Research Environment (SRE), Secure Data Environment (SDE), or any other community term. Ideas for distinguishing characteristics include:
- The difference between environments where data is held, wrangled and cleaned, vs environments where work is actually done
- The difference between the environment where research is carried out, and the holistic view of everything to do with TRE provision (including information governance processes & policies, cost structures etc.)
As SATRE formulates a reference specification, it will be important for the project to be clear on how it defines terms it uses, and the implications of these specific definitions. Any specification/implementation should be accompanied by a glossary outlining the team’s understanding of these different ideas.
Differences approaches
Another salient consideration was how to accommodate different approaches of different organisations within a common architecture. Different organisations have different governance requirements, functionality requirements (for instance, which programming languages to support in an environment), and, as referenced above, different understanding of key concepts.
Any specification the SATRE team builds will need to be clear on where a standardised, common approach is possible and required (due to community consensus on a suitable approach, or regulatory requirements), and where the specification is designed to accommodate different approaches, understandings and configurations of governance & security.
🔧 Practicalities of a reference implementation
Costs & operation
It was widely accepted that cost may be a significant barrier to engaging with any reference implementation built to meet the reference specification.
TREs are often very expensive to run, both in terms of technical running costs and staffing costs, and there is a lack of clarity as to where the burden of this cost sits. It was observed that many in-house TREs exist because existing solutions are too expensive for some organisations to run — a reference specification that necessarily results in expensive implementations due to its requirements will not be useful for many teams within the community.
There is work to be done for reference implementations to be clear on costs involved, where and how the costs are distributed, and to begin to identify pathways to reduce the costs of TRE provision as much as reasonably possible.
Usability
As well as fulfilling regulatory and security requirements, any reference implementation needs to be heavily focused on ease of use for researchers, and ease of management for operators.
It will be key for SATRE to actively engage the researcher community throughout the project, to ensure any reference implementation is well suited to the needs of those who will use it. It will also be crucial to engage teams responsible for both the management of the implementations, and the governance surrounding the implementations, in order to make day-to-day operation of TREs as easy and smooth as possible.
☀️ Where are we going?
What is the aim of standardisation?
It is important to be clear on what standardisation will achieve. Considerations include:
- Making it easy for users to carry out research
- Making it easy for the public to understand and trust the standard
- Giving data providers & data subjects confidence in providing their data for groundbreaking research
- Making it easy for teams to get started with building & running a TRE
- Moving towards interoperability and federation across TREs.
By thinking about the aims of standardisation more concretely, we can pin-point more clearly additional questions we need to focus on.
For instance, on the question of trust — what would it take for any standard to be well-trusted across domains? Ideas discussed included approval from a regulatory organisation (for instance the ICO), rigorous user testing, penetration testing and documenting of any implementation, alignment & buy-in from pre-existing projects, alignment with pre-existing standards (for instance the NHS Data Security Protection Toolkit (DSPT), ISO27001 & Cyber Essentials Plus), and more.
Diving more deeply into the specific aims of standardisation will allow the community to elucidate what is key to focus on.
Why is SATRE’s work important?
As is probably apparent, there is a lot to work on for the SATRE team!
Whilst we are committed to delivering on our outputs of a reference specification & implementations in line with this specification, it is important to note that a lot of the issues raised in the kick-off sessions will require longer-term, continued work beyond the specific funding window for this project (which lasts until October 2023).
Nevertheless, what became clear from these sessions is that the most useful output for the community is to have some TRE design openly available to which teams can make reference — either to adopt, or to challenge and improve. Within this short window, it will be difficult (even impossible) to crystallise what a final community-driven, common reference specification looks like. However, by beginning this journey and taking this approach, SATRE is able to build credibility and legitimacy for an open, community-driven approach to TRE provision that will provide a benchmark for future work.
Next steps
Following the feedback kick-off sessions, the SATRE team has put together a provisional list of technical and governance features for a community-driven reference specification. We are now ready to share this with the community to identify which of these features teams see as essential, nice-to-have or unimportant for a reference specification.
Teams are able to answer these questions independently via an online form, arrange sessions with the SATRE team to discuss, or join a focus group of multiple organisations to align answers within one response.
To fill out the form independently, please access it on this link.
To arrange a call with the SATRE team, or join a Collaboration Café, please get in touch with us at satre-contact@dundee.ac.uk.
Thank you for all your input so far into the project — we look forward to continuing collaboration with you! ✨
