Trusted Research Environment (TRE) data security
How our TRE provides security, confidentiality, and privacy when handling data.
HIC is accredited to the world’s leading standard for information security. This demonstrates that we handle sensitive data safely, legally, and ethically – giving assurance to the public. Our Trusted Research Environment (TRE) is built to protect data confidentiality and privacy at every stage.
Sensitive data is received via secure encrypted transmission and is stored, quality assured, and processed on secure servers, in secure work areas. We follow best practice for data infrastructure, including multi-layered security controls, role-based access, and continuous monitoring.
Our accreditations
HIC is fully accredited under:
- ISO 27001 – international standard for information security management systems
- NHS Digital’s Data Security and Protection Toolkit
These accreditations demonstrate our commitment to data protection, responsible research, and public trust.
Infrastructure and the flow of data
The diagram above shows a simplified view of how data moves through our standard processes. Our TRE is built with security and privacy at its core. HIC are ‘secure-by-design’, meaning that protections are built into every layer of infrastructure – from how data is stored, to who can access it, to how results are checked before they leave the TRE.
This infrastructure is fully managed by HIC and follows the Five Safes Framework. By hosting the TRE in the cloud, we also benefit from industry-standard security, uptime, and resilience, helping protect against unauthorised access and system outages.
HIC acts as a ‘gatekeeper’, helping ensure that data access decisions follow the right ethical and legal processes. Our processes support safe, responsible research that puts data privacy first – while still enabling important health discoveries.