UK LLC’s Trusted Research Environment (TRE) adheres to the highest national and international standards of information security to ensure the safest possible use of data. UK LLC is ISO 27001 certified and is accredited by the UK Statistics Authority as a processing environment under the Digital Economy Act (DEA) 2017.
For that reason, we have invested heavily in developing a comprehensive and robust information security management system (ISMS). Our ISMS is regularly tested by external independent experts in information security from the UK Statistics Authority and Alcumus ISOQAR. These audits ensure that our security and safeguards are robust.
ISO 27001 is seen as the ‘gold standard’ and demonstrates that information security – the confidentiality, integrity and availability of data – is considered and built into everything an organisation does.
Our TRE contains de-identified data about people enrolled in partner Longitudinal Population Studies (LPS). Protecting the confidentiality and security of LPS participants’ data and maintaining the integrity and availability of data accessed by approved researchers, are of critical importance to us.
This is to provide assurance that they are practising good data security and that personal information is handled correctly. The DSPT is an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards.
This exacting standard ensures that UK organisations have a sufficiently robust ISMS to include in their TRE de-identified data from government departments, e.g. Department for Work and Pensions.
The UK Statistics Authority’s Research Accreditation Panel oversees the independent accreditation of processors. This is measured against a framework of security controls (based on ISO 27001) and data capability controls. Experts in information security from the UK Statistics Authority audit us on an at least annual basis.
This legal basis within UK GDPR and the Data Protection Act 2018 is separate to, and in addition to, the actions and legal basis of the collaborating studies which establishes the basis for participants’ data to be collected, processed and shared for research purposes.
We use the research provisions of the Digital Economy Act 2017 to link to administrative records (such as those held by HM Revenue and Customs, the Department for Work and Pensions, and the Department for Education and its devolved equivalents). We will access existing de-identified data from these sources from the UK’s statistical authorities and agencies.
The Digital Economy Act provides a legal basis for the transfer of confidential information by public authorities for research purposes in a way that does not breach any duty of confidentiality owed to the individual by the public authority.