Skip to content
Contact us Researcher login

What are Trusted Research Environments?

Learn about Trusted Research Environments and how they help researchers access data.

About Trusted Research Environments

Data controllers have a legal and ethical responsibility to protect sensitive data. To keep data safe when it is used for research, data controllers often store public sector data in secure locations known as Trusted Research Environments (TREs): secure physical or digital environments which can only be accessed by approved researchers.

In the past, researchers could only analyse data after transferring it onto their own computer, making the data vulnerable to leaks or misuse. In recent years, TREs have been developed to allow research to be carried out inside a secure, controlled environment.

Data cannot be taken out of a TRE. Researchers can only export their aggregated analysis results, and only after they have been reviewed by output checkers to ensure that no sensitive person-level data is included.

Trusted Research Environments exist across the UK. In Scotland, they are often referred to as data safe havens, while in the rest of the UK they are sometimes called secure data environments or secure research environments.

The Five Safes framework

To keep data secure, Trusted Research Environments are guided by the Five Safes framework – a set of principles designed to ensure safe and secure access to data for researchers.

Icons representing the Five Safes: People, Projects, Settings, Data, and Outputs
The Five Safes
  1. Safe People: Researchers accessing the data are trained and accredited.
  2. Safe Projects: Data must be used ethically, for research that delivers clear public benefit.
  3. Safe Settings: The physical and digital settings used to access data are controlled and secured.
  4. Safe Data: Researchers can only access data that has been pseudonymised.
  5. Safe Outputs: All research outputs are checked to ensure individuals cannot be identified.

To find out more about the Five Safes framework, read our explainer: What is the Five Safes framework?

Example: The National Safe Haven

One example of a Trusted Research Environment in Scotland is the National Safe Haven, which houses health data controlled by Public Health Scotland and other data controlled by the Scottish Government.

To access data in the National Safe Haven, researchers are granted access via a secure digital or physical environment. Since the start of the COVID-19 pandemic, remote digital environments have become the most common way of accessing data in the National Safe Haven.

To access the TRE remotely, researchers can use their own device to log on via a controlled virtual private network (VPN), with additional security measures including a two-factor authentication process to confirm the researcher’s identity before they can access data. Researchers are unable to export any data from the TRE until it has been aggregated and approved by the data controllers.

Physical environments are dedicated computers where usage is controlled, internet access is not possible, and no external devices can be connected. To access the TRE, researchers need to book a timeslot with a research co-ordinator and visit a secure access point at the Royal Infirmary of Edinburgh’s BioQuarter or selected universities across Scotland. Just like digital environments, no data can be taken out of the physical TRE until it is aggregated and approved by the data controller.

As TREs have developed organically over time, other TREs such as the National Records of Scotland TRE and Scotland’s Regional Safe Havens have developed their own processes for ensuring secure data access.

Regional Safe Havens

In Scotland, there are four Regional Safe Havens: Trusted Research Environments which each hold data for their respective regions.

  • Grampian Data Safe Haven (DaSH) (Aberdeen) – A trusted research environment established by the University of Aberdeen and NHS Grampian for the Grampian and Scottish population.
  • Health Informatics Centre (HIC) (Dundee) – A TRE for the Scottish Government and the NHS Tayside, NHS Fife and NHS Forth Valley Health Boards.   
  • DataLoch (Edinburgh) – Developed in partnership by the University of Edinburgh and NHS Lothian, DataLoch brings together health and social care data for South-East Scotland.
  • West of Scotland Safe Haven (Glasgow) – A secure environment for hosting data and providing data linkage to NHS Scotland health data sources. It is a collaboration between NHS Greater Glasgow & Clyde Research & Innovation and the Robertson Centre for Biostatistics.

The advantages of Trusted Research Environments

TREs provide researchers with a single location to access valuable datasets specifically for their research, with both the data and the tools for analysing it held in the same place. Data can’t be taken out of a TRE. Instead, researchers bring their analysis to the data. Before their results can be taken out of the TRE, they are checked for disclosure risks to make sure they are safe for publication.

This greatly reduces the risk of sensitive data being leaked or misused and ensures that data controllers have more control over how data is handled.

Because TREs are developed with data security as a priority, the public can be confident that the data is held securely. This is particularly important when handling sensitive public sector data, such as health data, which requires complex privacy protections. The more secure the data access process is, the lower the risk of data misuse.

TREs also help make research time-efficient and cost effective. By holding data in one location, TREs reduce the costs and time associated with transferring and storing duplicates of large datasets, leading to more timely results that can be used to inform policy and improve lives.

Limitations of the current systems

Because TREs have grown organically over time without a standardised approach, the current systems can be complex and time-consuming for researchers, leading to delays in research.

Part of our work at Research Data Scotland involves creating the Researcher Access Service: a digital platform to improve the end-to-end researcher journey. Our initial work on the Researcher Access Service will improve the upfront information that is available to researchers; work to digitise the application process (including a portal for applicants to track the status of their application throughout); and introduce a risk-based triage approach to information governance, fast-tracking simpler projects that don’t require complex privacy considerations.

By simplifying the process of accessing data for research, we hope to make it quicker for data users to undertake research, leading to more timely conclusions without sacrificing the security of current systems.

Find out more about the work we're doing to improve access to data.

Find out more about TREs

Discover more about data

Illustration of a desktop computer with two keys on the screen.

Intro to public sector data

Learn more about what public sector data is and how it's used in research.

Learn more
Illustration of a lock.

What is the Five Safes framework?

Discover what the Five Safes framework is and how it's used to keep data secure.

Learn more
Illustration of a filing cabinet with numbers spilling out of an open drawer.

What is data de-identification?

One way of keeping data confidential is to remove personal information. Learn more about this process, known as de-identification.

Learn more

Subscribe to our updates 

To stay updated with Research Data Scotland, subscribe to our mailing list and follow us on X (Twitter) and LinkedIn

Sign up here Sign up here
Illustration of an envelope with a letter sticking out and a mobile phone with a person

Was this information helpful?

Back to the top