Bookmarks
ONS Secure Research Service
Description
The Secure Research Service (SRS) operates within the Five Safes Framework, which is a set of principles that safeguard access to the sensitive data that are available for use by appropriately trained and accredited members of the research community. SRS is an accredited data processor under the Digital Economy Act 2017 (the Act). What this means is that the SRS does not own the data that is made available through the service and data owners are separately identified in the Act. Whenever the SRS acquires data that is to be made available to the research community, an agreement is signed with the data owners that specifies the conditions under which data can be accessed and any restrictions that may be placed on individual datasets. As part of this process, data owners typically wish to know information about how Five Safes will apply to their dataset.
Active Users: 2000 | Active Projects: 900
Pricing: Centrally funded - no charge at the point of access.
SAFE People - Login & Access
• Accredited Researcher Status Required - Training, Public record, Sign Declaration, Research project Accreditation
✓ Login: Citrix workspaces – encrypted tunnels and unique account logon
✗ Minimum Requirement: Assured Organizational Connectivity or willingness to travel to ONS offices.
✗ International Access: Not in general. Exceptions may be possible.
SAFE Settings - Compute & Services
✓ Private Cloud
✓ 6 Citrix servers in farm provide computing power. 96GB mem 32 cores per server. Additional SQL servers are also available for the manipulation of relational data.
✗ No ability to modify OS
✗ Managed Data analytics capabilities: None provided
✗ No federated queries
✗ No federated analytics
SAFE Settings - Security Certifications and Measures
✓ Security Certifications: ISO27001 and DEA Accredited
✓ Security Measures: Dedicated Security Team. ObserveIT monitors all screen and keyboard activity. Splunk used to monitor events captured to GPG 13 DTER standard
✓ No VM direct access
✓ No VM access control (no USB, copy/paste, internet access whitelisted or internal mirrors)
SAFE Settings - Software access
✓ Default software: Office, SAS, SPSS, STATA, R, Python
✓ Code/library import: Governance process where 2 people check code
✗ Collaboration Software: No
SAFE Data - Data Access Mechanisms
✓ Data Provisioning: Minimized read-only links within project spaces to research-ready datasets
✓ Reduce re-identification risk by: SRS output checking procedures available on request. No internet access
✓ Receive Data: Via Transfer Services - MoveIT and ONS AWS S3 Storage
✓ Linked Data: Manual Linkage via transfer services
✓ Sensitive Data: Ingest procedures exist which are checked by ONS staff
✓ Open Data: Via Transfer Services - MoveIT and ONS AWS S3 Storage
✓ Record Linkage: Not as service, but this can be carried out by ONS staff prior to ingestion
SAFE Outputs - Data Output/export
✓ Aggregate level graphs and tables. Aggregate level graphs and tables, individual level, anonymized data, Weights and code for a trained AI algorithm, Source code developed with the environment
✓ Export plans: None Specified
✓ Data transmit to other SAFE Settings: Via Transfer Services
✓ Statistical disclosure control process in place