TRE Design and Implementation

Our Trustworthy Research Environment (TRE) platform is fast to implement, fully managed and certified compliant with the most stringent standards of security and data protection.

ARO is one of the only service providers in the UK accredited by health data custodians to deliver a fully compliant managed TRE service. Our flexible platform enables seamless, secure sharing of regulated and sensitive data within and between research teams.

More than data

Only a handful of companies in the UK have the specialist knowledge and credentials for building trustworthy research environments. Of these, ARO is arguably the most experienced.

As well as up-to-date expertise and accreditations in the technical principles and best practices for TRE design and implementation, we have a sound grasp of institutional processes, research ethics and the regulations governing IT infrastructure, data ownership and security in healthcare settings.

Healthcare expertise

With over 60 years of collective experience delivering technology solutions in highly regulated environments, we’re one of the UK’s only service providers accredited by regulatory health data custodians to deliver secure, compliant access to sensitive health data for research programs.

Our cloud computing platform is housed in an accredited and approved UK facility with secure connections to public and private networks including HSCN and data sources. All infrastructure is wholly owned by ARO and located in the UK to ensure data sovereignty and an unbroken chain of custody.

We understand the time, resource and budget parameters that researchers typically work within, and have designed a service to deliver a range of operational and administrative benefits, including:

  • Speed to implement. Users can be up and running in under 12 weeks and project managers can plan with confidence and reduce lead times.
  • Fixed budget framework. Costs can be accurately predicted, with cloud-flex capability to support short term spikes or longer-term structural program changes.
  • Fully managed service. We handle everything, including hardware provisioning, operating system, application layer, accreditation and compliance, user access and management, and help desk support.
  • Expert help. Our standards and methodology for deploying Health Research Infrastructure have helped shape national standards such as Health Data Research UK (HDRUK). 

Spend your valuable time and budget on research, not IT. ARO’s Trustworthy Research Environment solution is designed, implemented and fully managed by our highly experienced technical and consulting teams to maximise data value without compromising data security.”

Our technical expertise

TRE Design & Implementation. Only better.


On-shore service

UK-based infrastructure to ensure compliance and data sovereignty.


Certified compliant

Certified to ISO27001; NHS DSP and Cyber Essentials Plus accredited; NHSD-audited.


Health specialists

Experienced in clinical trial data management compliant with NHS data sharing agreements.

Impact where it matters

Fast to implement

Standard implementation in only 8 to 12 weeks.

Pay as you go

Fixed monthly billing and no data ingress/egress charges. 

Scale on demand

Quickly add bandwidth, storage or services with no additional resource required.

TREs (Trusted Research Environments) or ‘Data Safe Havens’, are secure computing environments that provide remote access to public sector data.

TREs provide researchers access to valuable data specifically for their research. This data is used by researchers to save and improve lives.

As TREs handle sensitive public sector data such as health data, they are developed with complex privacy protections. This lowers the risk of data misuse and gives the public confidence that their data is secure. Data is also held in one location which makes research more time-efficient and cost effective.

A TRE environment implements various security measures. These may include encryption of sensitive information (both in transit and at rest), access controls to restrict unauthorised access, and comprehensive isolation methods. Data within the TRE is often anonymised or de-identified to mitigate privacy risks, and compliance with relevant regulations ensures adherence to industry standards.

Implementing a TRE depends on different factors such as project complexity, data sensitivity, and compliance requirements. Depending on the complexity of the research environment and specific demands of the project, implementation can take several months to a year or more.

Latest Insights

View all Resources
Sign up for regular insights here.
Sign up here