Security of data in the UK LLC Trusted Research Environment (TRE)

Security of data in the UK LLC Trusted Research Environment (TRE)#

Last modified: 10 Sep 2025

UK LLC employs a range of methods to ensure the security and confidentiality of LPS participants' personal data

UK LLC’s TRE adheres to the highest national and international standards of information security. We have developed a comprehensive and robust information security management system (ISMS) which is regularly audited by independent experts.

The UK LLC TRE contains de-identified data about people enrolled in partner LPS. Protecting the confidentiality and security of LPS participants’ data and maintaining the integrity and availability of data accessed by approved researchers, are of critical importance.

The security of data held in the UK LLC TRE is assured by a range of accreditations and safeguards.

  • ISO 27001 is an internationally-recognised ‘gold standard’ which demonstrates that data confidentiality, integrity and availability is built into everything an organisation does.

  • UK LLC is accredited as a data processor under the Digital Economy Act 2017. This is overseen by the UK Statistics Authority and ensures that an organisation’s ISMS is robust enough that de-identified data from government departments can be included in its TRE.

  • The UK General Data Protection Regulation (UK GDPR) and Data Protection Act form UK LLC’s legal basis, enabling the performance of research tasks for purposes in the public interest.

  • UK LLC completes the NHS England Data Security and Protection Toolkit (DSPT) every year, as a requirement for accessing NHS England patient data.

  • The well-established ‘Five Safes’ Framework underpins all projects undertaken in the UK LLC TRE.

More information on UK LLC’s data security and safeguards are available on the UK LLC website (https://.ukllc.ac.uk).