Project discussion: SATRE & Open Source TREs#
Chair: Simon Li (University of Dundee)
We have a RSE-TRE working group on a Standard Architectures and open source TREs, supported by DARE-UK through some of its driver projects, including SATRE and TELEPORT.
Notes#
This started off with a Mentimeter poll.
Mentimeter: What should this group’s initial goals be?#
Some groups feel beholden to SDEs at the moment
TREs not one size fits all, requires a “Goldilocks” approach
Publish a vendor-neutral standard architecture for TREs
Identify resources needed to ensure the long term viability of this working group
IG reqs => tech controls
I’d be interested in vendor specific implementations of tech controls, e.g. implementation of AWS guardrails
Policy controls agreement
Clarify: TRE Definition | TRE Functional Requirements | TRE Operational Standards | TRE Technical Standards | TRE Reference Architectures
Platform-agnostic architecture, followed by platform-specific reference implementations for AWS, Azure and also on-premise (e.g. using VMware)
Identify existing open-source or potential open-source TREs
TRE definition
Assessment of existing TREs
Provide guidance and oversight of TREs for the medium/long term.
Formulate the terms of what a TRE WG reach is?
‘Safe setting’ - needs more work
Provide guidance on what areas of information governance should be standardised
Definition of TRE (SDE)
Create an inclusive community space (GitHub repo) for that community to own the vision for a standard architecture for TREs.Agree on a Contribution Guideline Document
(Truly) community driven development
Engaging all stakeholders, developers, managers, data-subjects!
Find out who the current TRE owners/providers are
Who can be involved#
KCL happy to share technical details of their TRE
Dundee (leading SATRE project)
RISG Consulting
SAIL
Turing
Oxford
Specification#
What level of detail should we be aiming for?
How does this work with (or against) SATRE?
Information Governance and Technical Specifications#
A lot of interest in this area
What could we learn by inspecting an ISO2700 system?
Sharing precise details is difficult. Could we move towards pan-TRE standard operating procedures (SOPs)?
Existing ISMS lists/tools to be shared