The Newcastle Commitment to Open Collaboration for Trusted Research Infrastructure

Tuesday 5th December 2022

Data saves lives. Those working for public good have a responsibility to use personal data, including linked patient and social data at scale, to better understand and thereby improve society, health and wellbeing.

Infrastructure for trusted research includes the secure environments where analysis takes place, called Trusted Research Environments (TREs), the governance processes that manage activity in these environments as well as the technology that underpins those governance processes.

Those of us maintaining these infrastructures must ensure we protect this personal data, to prevent harm to individuals and maintain wider public trust for using such data in research. While no system can guarantee absolute security, we must ensure we handle data appropriately and securely, following local regulatory and legal frameworks and minimising the risk of data being inappropriately shared.

Further, there is an additional obligation on these groups to work together. It is unsafe to work alone. Working together provides efficiency and interoperability, but more importantly, it will result in more secure, robust and capable infrastructure and more robust research outcomes.

There are several challenges facing those building and maintaining trusted research infrastructure:

• Trustworthiness and transparency: Currently the information shared publicly about the policies, processes and systems used to protect sensitive data is limited and insufficient to verify that the data is being appropriately protected. Validating that the systems used to protect sensitive data are appropriate is difficult when neither the design nor the deployed systems are independently auditable against broadly accepted and agreed standards.

• Accessibility and usability: Many organisations do not have the resources to independently develop trustworthy and usable policies, processes and systems. Environments can be extremely cumbersome to gain access to and use, raising barriers to access to data-driven research methodologies, or encouraging researchers to work outside secure environments, risking data breach.

• Effectiveness and efficiency: Currently many organisations are independently developing their own policies, processes and systems to work safely with sensitive data. Much of this work involves independently solving the same problems repeatedly.

An open, collaborative and community driven development model meets these three challenges in a way that no other approach can.

• Applying open, collaborative approaches to information governance process and policy development as well as to technology development means these can be co-designed and co-engineered, with technologists, policy communities, professionals and data subjects working together.
• Open policies, processes and systems are transparent and verifiable.
• Modern open source collaboration tools are uniquely scalable, both for code and for other artefacts: a global community can work together, at the same time, to add capability.
• System infrastructure designs can be fully described in software code, an approach known as Infrastructure-as-Code (IaC), which renders the designs fully auditable and decouples design from deployment for particular institutions or purposes.
• Open software is less likely to have security flaws, as it can be reviewed by a global community of developers and security professionals.
• Each time a capability is added to the shared infrastructure, every site - university, research institute or hospital - can benefit with little additional effort.

As people who regularly design, develop and operate the policies, processes and systems which enable working safely with sensitive data, we commit:

• To openly share the policies and processes we use to work safely with sensitive data, working together to more closely align these under a common framework.
• To collaboratively develop the systems to support these policies and processes.
• Wherever practicable to standardise common approaches, formats and features which are platform agnostic.
• To work closely with a wide range of stakeholders, including the public and interested parties, to develop usable, effective and scalable solutions that support their needs and meet their concerns.
• To collaboratively design and develop TREs and other technology to support information governance using open, IaC approaches.
• Wherever practicable, to add ideas for new capabilities and features to existing open projects rather than creating new ones.
• To design our projects to be extensible and our communities to be easy and welcoming for others to contribute to.
• To be active stewards of these open projects, welcoming contributions of all kinds from the wider community.
• To actively share, review and revise this declaration on an ongoing basis

Outstanding discussion & objections

The above is the current live and used commitment. Any ongoing discussions about amendments to this process will be linked here!