The Five Safes

The Five Safes#

Last modified: 08 Sep 2025

A decision-making framework to ensure secure access to data about individuals.

N.B. Text adapted from ’The Five Safes’ by the DRAGoN team at the University of the West of England.

UK LLC works within the Five Safes framework to ensure we are able to provide researchers with safe access to data in the TRE. The Five Safes framework enables open science while maintaining best practice in data protection. The Five Safes are:

Safe Data#

For data to be ‘safe’, the risk of identifying one or more individuals should be minimised. To ensure data are safe:

  • there are no direct identifiers (e.g. name, date of birth) included in the UK LLC TRE

  • there are no ‘free text’ fields that could include personal details

  • no geographic locations smaller than region (for England) or UK nation are identified

  • researchers are only given access to data from LPS that have approved the use of their data for that specific research project

  • researchers only have access to electronic health records relating to the health condition(s) named in their project application.

Safe Projects#

For a project to be ‘safe’, its use of data should be appropriate, lawful and ethical. To ensure projects are safe:

  • all project applications are reviewed not only by UK LLC but also by representatives of LPS and our Data Access Public Review Panel

  • Data Sharing Agreements ensure data are used in accordance with the data owners’ terms and conditions

  • projects must have ethical approval

  • projects are deemed to be in the public good.

Safe People#

For researchers to be ‘safe’, we need to be sure they are going to use the data appropriately. To ensure people are safe:

  • everyone accessing the UK LLC TRE must be an ’ONS Accredited Researcher’

  • before gaining access to the TRE, researchers must sign a Data User Responsibility Agreement (DURA) which outlines the terms under which they are allowed to access data in the TRE

  • researchers must be employed by a non-commercial UK institution

  • researchers understand that if they do not comply with the restrictions imposed by working in the TRE, their access can be revoked and their employer notified.

There is more information about the Rules for Researchers elsewhere in this guide.

Safe Settings#

For a setting to be safe, it should be secure and only accessible only by authorised (‘safe’) people. To ensure settings are safe:

  • UK LLC stores all its data in a single Trusted Research Environment (TRE) hosted by SeRP UK

  • All the data - from LPS and linked data sources - are in one place

  • Only researchers approved by UK LLC have access to the TRE

  • There is limited internet access from the TRE, which ensures only authorised research findings and outputs can leave the environment.

Safe Outputs#

For outputs to be safe they must be non-disclosive, i.e. it must not be possible to identify any individuals from research findings. To ensure outputs are safe:

  • UK LLC employs strict Statistical Disclosure Control (SDC) rules on all information leaving the TRE

  • All statistical outputs are checked by both the UK LLC Data Team and the SeRP UK team before being approved for release

  • All researchers accessing the TRE have ONS Accredited Researcher status, ensuring they understand the importance of SDC in safeguarding the confidentiality of LPS participants.

Contents