Table 2: Safe people.

Safe people

Customisable controls relevant to some TREs

The DAA is entered into by the UO (via signature by an authorised signatory) rather than by the individual AR(s). The UO shall ensure: AR(s) are aware of their obligations AR(s’) compliance with the DAA terms. (AR(s) shall be advised of their obligations when accessing the TRE via ‘Terms of Use’, which may present as a “click through” set of terms accepted at the point of data access.) that access credentials are not shared by its ARs, so that access to and use of the Data in the TRE is by AR(s) and not by any other persons. that departures of any AR(s) are reported to the HO, and the AR(s) do not attempt to access the Data or the TRE after termination or expiry of the Agreement. that AR(s) are affiliated with them and warrants that the AR(s) are appropriately trained and skilled in data protection, confidentiality, governance, and security. The HO: issues credentials to the ARs provided by the UO, and revokes permissions on notification that an AR is leaving the UO or should no longer have access. will impose restrictions or suspension of TRE access to the UO and/or ARs if they are subject to an investigation, incident, or breach. The AR(s) shall keep confidential the Data, and any access credentials to the Data and shall report any incidents or breaches to the UO and HO as soon as possible.

Researcher accreditation/information governance and data protection training requirements. TRE policy regarding penalties and remediation required for non-compliance, offences, and breaches.