Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updates support and data management #285, #287 #305

Merged
merged 1 commit into from
Oct 11, 2023
Merged

Updates support and data management #285, #287 #305

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions docs/source/pillars/data_management.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,9 +37,9 @@ The ability of the {ref}`TRE operator <infrastructure_roles>` to manage how and
- You should keep records of data handling decisions.
- Decisions that are made as part of the process discussed above should be recorded and made available for inspection by all stakeholders.
- Recommended
* - 3.1.3
* - 3.1.3.
- {ref}`Information asset owners <data_roles>` must classify data sets according to a common process and data classification methodology.
- To classify the data, information asset owners must have a good understanding of the data sets and the process of classification.
- To classify the data, information asset owners must have a good understanding of the datasets and the process of classification.
Once classified, data can be stored in a TRE with an appropriate security controls (see {ref}`later section on security levels and tiering <security-level>`), which can factor in the requirements for confidentiality, integrity and availability of the data.
- Mandatory
* - 3.1.4.
Expand All @@ -52,7 +52,7 @@ The ability of the {ref}`TRE operator <infrastructure_roles>` to manage how and
- The data egress process needs to ensure that information governance requirements are adhered to.
In particular, it should require that an egress request has been approved by all required parties.
- Mandatory
* - 3.1.6
* - 3.1.6.
- Egress must be limited to the {ref}`information asset owners <data_roles>` or their delegates.
- Egress of data from a TRE must be a specific permission associated with individual users
This permission must be given by information asset owners.
Expand All @@ -77,7 +77,7 @@ The ability of the {ref}`TRE operator <infrastructure_roles>` to manage how and
- Mandatory
* - 3.1.10.
- You should have a method of providing proof of deletion/removal of files.
- {ref}`information asset owners <data_roles>` may require certification of the deletion of files.
- {ref}`Information asset owners <data_roles>` may require certification of the deletion of files.
You should have a method of providing proof of deletion if challenged.
- Recommended
* - 3.1.11.
Expand Down
2 changes: 1 addition & 1 deletion docs/source/pillars/supporting.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -225,7 +225,7 @@ The ability of the {ref}`TRE operator <infrastructure_roles>` to provide suitabl
- Guidance
- Importance
* - 4.9.1.
- You should have identify areas where legal advice may be required and ensure that you have ready access to it.
- You should identify areas where legal advice may be required and ensure that you have ready access to it.
- It is likely that legal advice will be necessary for several issues around the handling of sensitive data, and managing project contracts.
{ref}`TRE operators <infrastructure_roles>` should have ready access to legal advice, including a way to solicit advice and carry out associated actions.
- Recommended
Expand Down