Secure Unified Research Environment
The Secure Unified Research Environment (SURE) was developed by the Sax Institute as part of the Population Health Research Network (PHRN). The PHRN was established to create data linkage infrastructure that will facilitate population health research to improve health outcomes and enhance the delivery of health care services in Australia.
SURE is a remote-access computing environment that allows researchers to store and analyse linked health-related data files. Each researcher is provided with a highly secure remote virtual computing desktop for each research study on which they are an investigator which replaces their local computing environment. Each study workspace is logically separated so files cannot be transferred between studies or between the study workspace and the local computing environment.
Advantages for Data Custodians
SURE offers a range of benefits to data custodians, researchers and other stakeholders involved in data linkage research including:
- The SURE facility provides enhanced information security that is consistent across all SURE users so there is strong protection of privacy and confidentiality;
- The SURE facility improves accessibility for researchers as it is remotely accessible and provides new opportunities for collaboration between researchers from different institutions;
- The SURE facility is a high performance computing environment with enhanced speed, storage and analytic software and tools.
The SURE is a central server accessible only via an encrypted Virtual Private Network (VPN) through a firewall and requires four means of researcher identification for access. The SURE providing a safe and secure alternative to researchers storing the data extract themselves, ensures that data custodians' own security requirements and standards are met and the risks of unauthorised access to data is minimised.
SURE infrastructure users are required to agree with terms and conditions to protect information security. In particular, the operation of SURE is guided by agreements, at an individual and institutional level, covering areas such as data security, incident and breach management.
Service Level Agreements are entered into with third party operational partners to ensure that the levels of security in place comply with standards required by the SURE Team at the Sax Institute.
A planned, documented and comprehensive approach is taken to the information security management of the SURE infrastructure. This approach includes:
- Risk analysis - this analysis defines the requirements for information security management;
- Implementation of controls - controls are implemented in relation to people, technology and processes to minimise information security risks; and
- Continuous monitoring and review - ensures that systems in place for the management of information security are adapted as needed in response to changes in the environment in which the SURE infrastructure is operating.
The major domains of SURE information security management are:
- Personnel and third party security;
- Acceptable usage;
- Logical security;
- Data security;
- Physical security;
- Incident management;
- Business continuity; and
- Breaches and infringements.
Who can access it?
Applicants are required to:
- be part of an approved research project (see below);
- complete SURE application process; and
- successfully complete SURE user training program.
Research projects are required to:
- have human research ethics approval; and
- involve the analysis of linked health-related datasets (with approval from the relevant data custodian for use of each dataset).
Access criteria for SURE may be updated over time to take account of developments in the scope and funding arrangements of SURE.
How does it work?
Access and functionality
The SURE facility is accessed via the internet using Citrix technology. Access requires a username, password and one-time access code provided by an authentication token. A user sees a facsimile of the screen of their remote virtual computer desktop on their local computer screen and key strokes and mouse movements made on the local computer are transmitted to the remote computer in the SURE facility.
Inside the facility, each research study is additionally confined within its own security
perimeter - there is no possibility of data exchange between research studies. The remote virtual computing environments provided to each user are powerful, highly-specified Microsoft Windows 7 desktops, furnished with a range of proprietary and open-source data manipulation and analysis software.
Transferring files into and out of SURE
The only way for a file to enter or leave SURE is via a portal called the Curated Gateway. All inbound data files uploaded to the Curated Gateway for use in SURE will be reviewed by a member of the SURE operations team for compliance with ethics committee approval and data custodian requirements. Files other than data files will be reviewed by the study's chief investigator prior to being accepted for use in SURE. Outbound files uploaded to the Curated Gateway for use outside of SURE will be reviewed by the study's chief investigator. Other parties may be involved in the review of inbound and outbound files passing through the Curated Gateway to enter or leave SURE, depending on individual study requirements. All files that pass through the Curated Gateway are logged and may be subject to audit by the Sax Institute.
Storage and archiving
Data will be centrally stored on servers located in a secure data centre with 24 hour security surveillance and strict access controls. Following completion of a research study, data files will be digitally archived in encrypted form and retained for the required period.
How much does it cost?
The PHRN has received funding administered by the Commonwealth Department of
Innovation, Industry, Science and Research through the Australian Government's National Collaborative Research Infrastructure Strategy (NCRIS) program and the Education Investment Fund (EIF) Super Science Initiative for the period 2008-2013. In addition, state and territory governments and academic partners are contributing to the PHRN through additional funding and in-kind contributions.
No user fees will be charged for SURE until 1 July 2012. Once user fees are introduced, a schedule of fees will be publicly available. User fees will support the operational costs of maintaining SURE and providing support services to users.
How can I access it?
To access SURE, users will be required to complete an individual user and study specific registration form, complete user training and sign an agreement of use. For more information, contact the PHRN NSW ACT Team at the Sax Institute on 02 9514 5950.
SURE is provided through the PHRN (established by the National Collaborative Research Infrastructure Strategy (NCRIS)) and has been designed, implemented and hosted by the SAX Institute, a national node of the PHRN. If you have any questions or need more information, please contact the Sax Institute on 02 9514 5950.
More information can also be obtained from the following links.