# Project discussion: SATRE & Open Source TREs

_Chair: Simon Li (University of Dundee)_

We have a RSE-TRE working group on a Standard Architectures and open source TREs, supported by DARE-UK through some of its driver projects, including [SATRE](https://dareuk.org.uk/driver-project-satre/) and [TELEPORT](https://dareuk.org.uk/driver-project-teleport/).

## Notes

This started off with a Mentimeter poll.

### Mentimeter: What should this group's initial goals be?

- Some groups feel beholden to SDEs at the moment
- TREs not one size fits all, requires a "Goldilocks" approach

- Publish a vendor-neutral standard architecture for TREs
- Identify resources needed to ensure the long term viability of this working group
- IG reqs => tech controls
- I'd be interested in vendor specific implementations of tech controls, e.g. implementation of AWS guardrails
- Policy controls agreement
- Clarify: TRE Definition | TRE Functional Requirements | TRE Operational Standards | TRE Technical Standards | TRE Reference Architectures
- Platform-agnostic architecture, followed by platform-specific reference implementations for AWS, Azure and also on-premise (e.g. using VMware)
- Identify existing open-source or potential open-source TREs
- TRE definition
- Assessment of existing TREs
- Provide guidance and oversight of TREs for the medium/long term.
- Formulate the terms of what a TRE WG reach is?
- 'Safe setting' - needs more work
- Provide guidance on what areas of information governance should be standardised
- Definition of TRE (SDE)
- Create an inclusive community space (GitHub repo) for that community to own the vision for a standard architecture for TREs.Agree on a Contribution Guideline Document
- (Truly) community driven development
- Engaging all stakeholders, developers, managers, data-subjects!
- Find out who the current TRE owners/providers are

### Who can be involved

- KCL happy to share technical details of their TRE
- Dundee (leading SATRE project)
- RISG Consulting
- SAIL
- Turing
- Oxford

### Specification

- What level of detail should we be aiming for?
- How does this work with (or against) SATRE?

### Information Governance and Technical Specifications

- A lot of interest in this area
- What could we learn by inspecting an ISO2700 system?
- Sharing precise details is difficult. Could we move towards pan-TRE standard operating procedures (SOPs)?
  - [Dundee SOPs](https://www.dundee.ac.uk/corporate-information/standard-operating-procedures-hic)
  - [Manchester documents](https://github.com/connectedhealthcities/chc-gm-isms)
- Existing ISMS lists/tools to be shared