The conflicting goals of protecting and maintaining control over sensitive or confidential data while also thriving to give third parties access to the data pose a significant challenge. Trusted Research Environments (TREs) / Secure Research Environments (SREs) have been established in the last decade that, if properly set-up and operated, help ease this problem through providing high security guarantees of a highly controlled and monitored environment with trust.
In many settings, both academia and industry have a need to safeguard access to highly sensitive / confidential data that is commonly referred to as closed data. This sensitivity/confidentiality requirements can arise from e.g. commercial value or privacy requirements and warrants careful data management through support of technical-, organizational- and legal measures intertwined within a TRE.
The FAIR Guiding Principles for scientific data management and stewardship addresses infrastructures supporting reuse of scholarly data specifically targeted at machine-readability and –actionability of this data. While the guiding principles cover the management of all research data and aid in identifying necessary steps towards FAIR research data, they do not provide a best practice guideline / template or design decisions to make closed data FAIR per se.
We found that many TREs/SREs are similar in architecture design and technical implementation. There is however a lack of openly available guidelines and design decision explanation for setting up and running TREs.
We thus aim at establishing a WG that will
- identify and publish a blue-print/reference architecture for the technical architecture, roles and processes commonly found in such trusted research environments based on the evaluation of existing solutions
- make it easier for institutions to set up data infrastructures that allow researchers to gain access to sensitive data (irrespective of whether that sensitivity stems from privacy/GDPR reasons or is due to the commercial/IPR sensitivity of the data). It will demonstrate that such data, in spite of not being freely share-able can still be FAIR, made available for research.
- demonstrate how results obtained on such closed data can still be made reproducible and transparent to the degree permitted by data sensitivity, establishing a clear public metadata record on the research performed as well as supporting findability of the data, linked to clear access request/permission processes and public verification of access by specific trusted parties.
- increase interoperability between such environments on a technical, legal and organizational level, hopefully enabling easier set-up of ad-hoc joint TREs in settings where specific data sources need to be joined but may not be passed on to a third party for hosting.
- make it easier to set-up data visiting platforms where trusted code can be executed, with monitoring and result inspection processes clearing results for return to a researcher so that, in some cases, even a completely shielded interaction with sensitive data may be possible.
The goal is to document, abstract from and establish best practices for balancing these differing requirements for access limitations and flexibility of interaction / analysis, understanding associated risks, with the goal of making data accessible and usable to research that otherwise would not be possible.
Based on an extremely well-attended BOF Session held at P21 in Gothenburg (>100 participants, more than 80 participants registering their name in the collaborative meeting notes), we are currently preparing a concrete Charter document to establish a Working Group. While discussion and consolidation is happening in the run-up to the plenary meeting, we will use the BOF session at P21 to finalize the document, get broad agreement on the activities to be performed, discuss the feedback received in order to submit it for approval after the plenary.
