Bookmarks
ORCHID
Description
ORCHID is a secure data processing environment run by the University of Oxford. It supports the Oxford-Royal College of GPs Clinical Informatics Digital Hub: orchid.phc.ox.ac.uk. ORCHID operates within the Five Safes Framework. The environment currently does not have break-down costs in terms of specific technical requirements, rather these are encompassed into any costs presented to applicants at the application stage.
Active Users: 100 | Active Projects: 50
SAFE People - Login & Access
✓ Accredited Researcher Status Required – Information governance training, data sharing agreements, research project approval
✓ Login: User Registration, VDI over a VPN, Authentication: 2FA
✓ Minimum Requirement: No minimum requirement
✓ International Access: No
SAFE Settings - Compute & Services
✓ Private Cloud.
✓ Virtual Windows desktops as point of entry.
✓ Further compute environments including an R Studio service (8vCPU’s 32GB RAM) and a STATA MP16 environment (8vCPU’s, 32GB RAM). Additional requirements can be supported as required although these need to be discussed at the application stage of the project.
✓ Users are not able to modify the base VM, however they can request additional software or modules via an approval process.
✗ Managed Data analytics capabilities: No
✗ No federated queries
✗ No federated analytics
SAFE Settings - Security Certifications and Measures
✓ Security Certifications: NHS DSPT Toolkit
✓ Security Measures: Independent User Provisioning service, VPN required for access, Password rotation, managed data provisioning, No external network access from secure areas, Secure data ingress/egress, Network security controls.
✓ No VM direct access, Access only through VDI.
✓ No VM access to local media or devices from secure areas (no USB, copy/paste disabled, no internet access).
SAFE Settings - Software access
✓ Default software: Word, Excel, SQL Server Enterprise Manager, Notepad++, 7Zip, Rstudio, STAT MP8 v16, Tableau, MS SQL Server 2016, Matlab, SAS, MS Visual Studio 2019, C/C++/C#, Python
✓ Code/library import: Files can be submitted for approval to the web transfer service.
✓ Collaboration Software: Shared File Store, MS Teams, Local source control, Wiki services.
SAFE Data - Data Access Mechanisms
✓ Data Provisioning: Researchers are able to import data into data analysis software hosted in a secure environment. Read-only access is granted for specific data tables in the database.
✓ Reduce re-identification risk by: Individual training, read-only access control policy, code retention, statistical disclosure control policies
✓ Receive Data: Data can be imported into a secure environment through the web transfer service. All files submitted are subject to an approval process by ORCHID administrators.
✓ Linked Data: Identifiable data fields are hashed using a salt outside of the secure environment and then imported through a secure file share by the ORCHID administrator.
✓ Sensitive Data: Sensitive data can be imported into the secure environment by the ORCHID administrator and added to a file share within the secure environment or added as tables to the secure database.
✓ Open Data: Open data can be transferred into the secure environment using the web transfer tool.
✗ Record Linkage: No record linkage services
SAFE Outputs - Data Output/export
✓ Aggregate level graphs and tables, individual level, anonymised data
✓ Other Export plans: No
✓ Data transmit to other SAFE Settings: no
✓ Statistical Disclosure Control: ORCHID users should make themselves aware of the policy on disclosure controls throughout their use of data. Any data transferred out of ORCHID will be through a authorisation process to ensure controls are met.