The Five Safes Framework for Trusted Research Environments (TREs)

The Five Safes Framework are best practices that allow us, as TRE providers, to maintain trust and transparency in managing data. This comprehensive approach allows for overall safe use of sensitive data. We can think of the Five Safes as an equaliser, considering how each principle will be balanced individually and as a whole. At HIC, we apply proportionate risk mitigation, including the use of our TRE.​

1. Safe People can access the TRE after training, approvals, and agreements are in place. Approved Users are bound by legal, ethical and security guidelines to handle data responsibly.
2. Safe Projects are reviewed for potential patient and public benefit. Contractual agreements may be required where an external third party is involved.​
3. Safe Settings (Our TRE) is used to access the data on secure technology systems.​ This provides a secure and controlled space where the data is accessed and analysed.
4. Safe Data is provided as pseudonymised personal data to protect privacy. We also apply data minimisation techniques and conduct data impact assessments to mitigate risk. These safeguarding measures help protect individuals’ privacy when researchers access the data extract.
5. Safe Outputs ensures only summary data can leave the TRE, and this is after disclosure control to prevent any release of individual-level data. All results are reviewed by HIC staff to confirm the data is truly anonymous, with no risk of re-identifying individuals from findings. This process also applies to outputs from AI/ML models.

You can read more generally about the Five Safes at Research Data Scotland, and for HIC TRE specific processes in our Knowledge Base.