Project discussion: SATRE & Open Source TREs#

Chair: Simon Li (University of Dundee)

We have a RSE-TRE working group on a Standard Architectures and open source TREs, supported by DARE-UK through some of its driver projects, including SATRE and TELEPORT.

Notes#

This started off with a Mentimeter poll.

Mentimeter: What should this group’s initial goals be?#

  • Some groups feel beholden to SDEs at the moment

  • TREs not one size fits all, requires a “Goldilocks” approach

  • Publish a vendor-neutral standard architecture for TREs

  • Identify resources needed to ensure the long term viability of this working group

  • IG reqs => tech controls

  • I’d be interested in vendor specific implementations of tech controls, e.g. implementation of AWS guardrails

  • Policy controls agreement

  • Clarify: TRE Definition | TRE Functional Requirements | TRE Operational Standards | TRE Technical Standards | TRE Reference Architectures

  • Platform-agnostic architecture, followed by platform-specific reference implementations for AWS, Azure and also on-premise (e.g. using VMware)

  • Identify existing open-source or potential open-source TREs

  • TRE definition

  • Assessment of existing TREs

  • Provide guidance and oversight of TREs for the medium/long term.

  • Formulate the terms of what a TRE WG reach is?

  • ‘Safe setting’ - needs more work

  • Provide guidance on what areas of information governance should be standardised

  • Definition of TRE (SDE)

  • Create an inclusive community space (GitHub repo) for that community to own the vision for a standard architecture for TREs.Agree on a Contribution Guideline Document

  • (Truly) community driven development

  • Engaging all stakeholders, developers, managers, data-subjects!

  • Find out who the current TRE owners/providers are

Who can be involved#

  • KCL happy to share technical details of their TRE

  • Dundee (leading SATRE project)

  • RISG Consulting

  • SAIL

  • Turing

  • Oxford

Specification#

  • What level of detail should we be aiming for?

  • How does this work with (or against) SATRE?

Information Governance and Technical Specifications#

  • A lot of interest in this area

  • What could we learn by inspecting an ISO2700 system?

  • Sharing precise details is difficult. Could we move towards pan-TRE standard operating procedures (SOPs)?

  • Existing ISMS lists/tools to be shared