Get in Touch
16 May

|Technology

Aligning a Trusted Research Environment (TRE) with the Five Safes Framework

What Are Trusted Research Environments?

A Trusted Research Environment (TRE) is a secure, controlled workspace designed to support data science and AI strategy consulting in regulated sectors such as healthcare, policing, and higher education. These environments enable researchers to analyse sensitive datasets like patient records or criminal justice data without compromising privacy or data protection standards.

Trusted Research Environments use a wider Secure Data Environment (SDE) to pseudonymise data allowing these data sets to be used for research purposes without any of the information ever being identifiable by a researcher. 

Example Use Case:

Imagine a researcher studying hospital wait times. Normally, they would not have access to patient-level data due to confidentiality concerns. A TRE replaces identifiable fields like the name, with pseudonymised values, allowing them to run meaningful analysis without ever knowing who the data belongs to.

The SDE changes a name like John Doe to a series of figures, numbers and symbols such as 26dg_6 74h_Y within the dataset, meaning the data would be anonymised to the researcher. The TRE provides the researcher with all the toolsets they need to work on the project. They have no direct access to the source of the data. They also have no access to the data as it moves through the system until it is in an approved state to be used (i.e. non identifiable).

TRE Functionality: How It Works

The Trusted Research Environment (TRE) is an isolated environment within the Secure Data Environment (SDE). With a few clicks in a user interface, the TRE operator can provision a research environment with all the relevant access, network, and security controls in a defined template. A backend API makes all the necessary changes to the environment and even creates security groups so the researcher can be given access quickly. Along with using Entra ID B2B, researchers can be “guests” of an environment, removing the need for additional login credentials and another account to remember a password for. 

The benefits of the TRE are data protection, public confidence in data governance and efficiency as a platform. Any organisation facilitating research projects would benefit from a TRE. 

What is the Five Safes Framework?

The Five Safes Framework is widely used to ensure secure and ethical access to sensitive datasets for research purposes. Commonly adopted in healthcare and increasingly in public sector digital transformation, the Five Safes help build trust by protecting identifiable data and ensuring data usage benefits society.

The Five Safes include:

  • Safe Data: Data is treated to protect any confidentiality concerns.
  • Safe Projects: Research projects are approved by data owners for the public good.
  • Safe People: Researchers are trained and authorised to use data safely.
  • Safe Settings: A SecureLab environment prevents unauthorised use.
  • Safe Outputs: Screened and approved outputs that are non-disclosive. 

Five Safes Alignment with Trusted Research Environments

Safe Data

TREs enforce pseudonymisation and ensure researchers cannot access raw or identifiable data. This separation between data preparation and analysis supports both data governance solutions and Purview data classification services.

Safe Projects

A TRE aligned with the SATRE specification would require an organisation to have an approval process for research projects, to include Data Access Approvals to access source data with the Data Owner’s consent. Clearly specifying what data can be used for research, what data is identifiable and which project it can be used for. 

Safe People

The TRE provides a standard set of tools for researchers to use. Only approved code repositories and approved binaries can be used for their research. This also allows the TRE operator to provide training for researchers on how to use the systems. The systems also prevents any access to researchers unless they have been approved to use the system, using the principles of least privilege throughout the system. They will only be able to access areas of the TRE that have been specified and approved through the organisation’s approval process. 

Safe Settings

The TRE uses a zero-trust architecture. By assuming no one should have access unless specified, only researchers in project 1 listed in the approval process will have access to project 1. There is no way to access project 2. The tools in use have been architected in a way that prevents unauthorised data ingress and egress from the research project. 

Safe Outputs

All outputs from research projects stay within the TRE unless a research output process has been completed. This allows the outputs of a research project to be reviewed by the TRE operator before any data is egressed. The egress is managed safely, and data moving is handled by the TRE operator and not the researcher, allowing the TRE to conform the best practice regarding data encryption in transit. 

Conclusion

Trusted Research Environments provide a secure, scalable solution for enabling responsible data access in research. When aligned with the Five Safes Framework, TREs empower organisations to extract valuable insights from sensitive data without compromising privacy or needing data governance consulting. For sectors like healthcare, government, and policing, they offer a critical foundation for ethical, data-driven innovation.

How can Simpson Associates help you?

Simpson Associates are a Microsoft Solutions Partner with partner of the year award win in 2024/2025. we can provide expertise around SDEs and TREs, having previous experience working with Microsoft and a number of clients. We have access to subject matter experts in the field with real hands-on knowledge of both the technologies.

At Simpson Associates, we have hands-on experience in developing a unified data governance solution using Microsoft Purview. We have also worked with clients like the Sovini Group to implement a Fabric platform solution. If you have questions regarding TREs or want Fabric consulting services, feel free to reach out to us via email or our live chat.

Blog Author:

Peter West, Azure Cloud Engineer at Simpson Associates