Menu

TRE Security FAQs

FAQs about Information Security, ISO27001, Q-Pulse and the Trustworthy Research Environment

This is a legacy web page. The Trustworthy Research Environment and its ISO27001 Certified ISMS are now closed. If you need to access sensitive data at the University, please contact IT Services about using their Data Safe Haven.

These FAQs cover 3 topics:

 

The Trustworthy Research Environment (TRE)

What is the TRE?
The Trustworthy Research Environment is a secure data analytics facility hosted within the Division of Informatics, Imaging and Data Science.
Who can use the TRE?
The TRE was built for members of projects involving HeRC and CHC in the Centre for Health Informatics. We do also consider applications from other projects.
What is the key purpose of the TRE?
To provide a secure place for researchers to work on their data. The TRE infrastructure can support demanding computer resource requirements such as multiple processors and large amounts of memory and storage in a scenario where information security is the primary concern. It is not intended to be a substitute to existing UoM CFS services such as Incline.
What kind of data is appropriate for the TRE?
The implemented security controls mean the TRE can safely store personal data, and also mitigates the risks to anonymised data sets such as linkage and reidentification.
How do I get an account in the TRE?
Complete a TRE project application form and email it to ‘tre-support@manchester.ac.uk’. It will be reviewed at the next TRE Project Board meeting (which is held every 2 weeks). Users of approved projects need to complete an induction process, which includes documentation, training and logging in securely for the first time.

 

Information Security Documentation and Q-Pulse

When I log onto Q-Pulse, I have a large number of documents in my list to be acknowledged. Do I need to read and acknowledge all of these?
Yes. Your reading list corresponds with your role and responsibilities.
What happens after I've clicked the 'Acknowledge' button and provided my digital signature?
Q-Pulse records this as part of your training record. An ISO27001 auditor considers this a record of your ‘competence’ to carry out your role and responsibilities.
How can I check which ISMS documents I have acknowledged?
At present it is not possible for you to view this within Q-Pulse. Each time you click ‘acknowledge’, that document will be removed from the list, so we recommend you keep your own record if it’s necessary for you to know. However, Q-Pulse will automatically notify you of pending reading list items, so you do not need to maintain your own record of documents to be read. The Q-Pulse administrator can provide details of the reading list corresponding with each role at CHI upon request.
How do I feed back any change requests for an ISMS document?
Log onto Q-Pulse and click on the ‘Change Request’ icon next to the relevant document.

 

ISO27001

What is ISO27001?
ISO/IEC 27001:2015 is the primary international standard for Information Security. It builds on ISO9001 (Quality Management) with a focus on protecting information assets.
Why do we need certification in ISO27001?
An ISO27001 certified TRE is more likely to gain the interest and trust of potential collaborators and data providers. Additionally, to achieve this certification, we will have made significant improvements to physical and IT security, data management, IT infrastructure, Information Governance and Service Quality: all of which make this a better place to work and study.
Do we have an ISMS?
Yes, our Information Security Management System comprises Documentation (policies and procedures (Q-Pulse)), Technical Controls (firewalls, secure door access), Secure IT (the TRE and secure network protocols), Asset Management (asset management/Q-Pulse), Improvement (incident management, reporting and monitoring, staff awareness and communications, documentation revision, internal audits (Q-Pulse) and Leadership (driving the culture change towards information security). A recent external audit concluded that our ISMS is in a good state.