From a56c3ef829a122664ed70f766a93f96c06c8e694 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Thu, 10 Aug 2023 13:16:07 +0100 Subject: [PATCH] :wrench: Switch to headings --- docs/source/pillars/computing_technology.md | 52 ++++++-- docs/source/pillars/data_management.md | 26 ++-- docs/source/pillars/information_governance.md | 116 +++++++++++++----- docs/source/pillars/supporting.md | 16 ++- 4 files changed, 155 insertions(+), 55 deletions(-) diff --git a/docs/source/pillars/computing_technology.md b/docs/source/pillars/computing_technology.md index 273d4598..629b57a3 100644 --- a/docs/source/pillars/computing_technology.md +++ b/docs/source/pillars/computing_technology.md @@ -23,7 +23,9 @@ The required compute resources will vary according to the scale of data and comp The ability of the TRE operator to provide and manage devices, workspaces, interfaces and applications used by researchers to interact with underlying systems and data. -**End user computing interfaces:** This group of {term}`application components ` is a collection of systems and software that allows people to interact with the TRE. +### End user computing interfaces + +This group of {term}`application components ` is a collection of systems and software that allows people to interact with the TRE. This may include desktop, command-line and/or code-submission interfaces. ```{list-table} @@ -51,7 +53,9 @@ This may include desktop, command-line and/or code-submission interfaces. - Optional ``` -**Software tools:** This {term}`application component ` is the tools used by researchers inside a TRE, such as programming languages, IDEs and desktop applications. +### Software tools + +This {term}`application component ` is the tools used by researchers inside a TRE, such as programming languages, IDEs and desktop applications. ```{list-table} :header-rows: 1 @@ -93,7 +97,9 @@ This may include desktop, command-line and/or code-submission interfaces. - Mandatory ``` -**Code Version Control System:** This {term}`application component ` is the systems and tools providing version control and collaboration features for code developed inside the TRE. +### Code Version Control System + +This {term}`application component ` is the systems and tools providing version control and collaboration features for code developed inside the TRE. ```{list-table} :header-rows: 1 @@ -110,7 +116,9 @@ This may include desktop, command-line and/or code-submission interfaces. - Recommended ``` -**Artefact Management Application:** This {term}`application component ` is a service that manages and organises third-party software artefacts such as packaged code libraries or containers. +### Artefact Management Application + +This {term}`application component ` is a service that manages and organises third-party software artefacts such as packaged code libraries or containers. ```{list-table} :header-rows: 1 @@ -131,7 +139,9 @@ This may include desktop, command-line and/or code-submission interfaces. - Optional ``` -**Advanced or Cluster Computing System:** This {term}`application component ` involves the use of advanced, powerful computer resources to solve complex problems and process large amounts of data, possibly using specialised hardware. +### Advanced or Cluster Computing System + +This {term}`application component ` involves the use of advanced, powerful computer resources to solve complex problems and process large amounts of data, possibly using specialised hardware. ```{list-table} :header-rows: 1 @@ -174,7 +184,9 @@ This may include desktop, command-line and/or code-submission interfaces. The ability of the TRE operator to deploy, change or remove physical or virtual infrastructure. -**Infrastructure Deployment Process:** This {term}`business process ` involves setting up and configuring infrastructure components and resources to support applications or services. +### Infrastructure Deployment Process + +This {term}`business process ` involves setting up and configuring infrastructure components and resources to support applications or services. This requires development, installation, configuration, and validation. ```{list-table} @@ -209,7 +221,9 @@ This requires development, installation, configuration, and validation. - Recommended ``` -**Infrastructure Removal Process:** This {term}`business process ` involves retiring or removing infrastructure assets that are no longer needed or outdated, ensuring proper data handling and disposal. +### Infrastructure Removal Process + +This {term}`business process ` involves retiring or removing infrastructure assets that are no longer needed or outdated, ensuring proper data handling and disposal. ```{list-table} :header-rows: 1 @@ -225,7 +239,9 @@ This requires development, installation, configuration, and validation. - Mandatory ``` -**Availability Management Process:** This {term}`business process ` involves ensuring all IT infrastructure meets the agreed levels of availability. +### Availability Management Process + +This {term}`business process ` involves ensuring all IT infrastructure meets the agreed levels of availability. ```{list-table} :header-rows: 1 @@ -246,7 +262,9 @@ This requires development, installation, configuration, and validation. - Recommended ``` -**Network Management Application:** This {term}`application component ` is an application used to manage network infrastructure, ensuring proper functioning, security, and performance. +### Network Management Application + +This {term}`application component ` is an application used to manage network infrastructure, ensuring proper functioning, security, and performance. ```{list-table} :header-rows: 1 @@ -275,7 +293,9 @@ This requires development, installation, configuration, and validation. - Mandatory ``` -**Infrastructure analytics application:** This {term}`application component ` is an application which enables the TRE operator to record and analyse data about the usage of the TRE. +### Infrastructure analytics application + +This {term}`application component ` is an application which enables the TRE operator to record and analyse data about the usage of the TRE. ```{list-table} :header-rows: 1 @@ -301,7 +321,9 @@ This requires development, installation, configuration, and validation. ## Capacity management -**Capacity Planning Process:** This {term}`business process ` involves forecasting and determining the resources required to meet the demands of an application or system, ensuring that adequate resources are available when needed. +### Capacity Planning Process + +This {term}`business process ` involves forecasting and determining the resources required to meet the demands of an application or system, ensuring that adequate resources are available when needed. ```{list-table} :header-rows: 1 @@ -327,7 +349,9 @@ This requires development, installation, configuration, and validation. - Mandatory ``` -**Billing Process:** This {term}`business process ` involves generating and managing invoices and bills for projects within the TRE. +### Billing Process + +This {term}`business process ` involves generating and managing invoices and bills for projects within the TRE. It involves calculation, issuance, and recording of payments and receipts. ```{list-table} @@ -347,7 +371,9 @@ It involves calculation, issuance, and recording of payments and receipts. ## Configuration management -**Configuration Management Process:** This {term}`business process ` involves the TRE operator identifying, maintaining, and verifying information on IT assets and configurations in the TRE organisation. +### Configuration Management Process + +This {term}`business process ` involves the TRE operator identifying, maintaining, and verifying information on IT assets and configurations in the TRE organisation. ```{list-table} :header-rows: 1 diff --git a/docs/source/pillars/data_management.md b/docs/source/pillars/data_management.md index e381a04b..60600677 100644 --- a/docs/source/pillars/data_management.md +++ b/docs/source/pillars/data_management.md @@ -15,7 +15,7 @@ SATRE Pillars Capability Map ## Data lifecycle management -_The ability of the TRE operator to manage how and where data is stored, how it moves, changes and is removed._ +The ability of the TRE operator to manage how and where data is stored, how it moves, changes and is removed. ```{list-table} :header-rows: 1 @@ -83,7 +83,7 @@ _The ability of the TRE operator to manage how and where data is stored, how it ## Identity and access management -_The ability of the TRE operator to ensure the right people (identities) can only access the tools and data they need._ +The ability of the TRE operator to ensure the right people (identities) can only access the tools and data they need. ```{list-table} :header-rows: 1 @@ -127,7 +127,7 @@ _The ability of the TRE operator to ensure the right people (identities) can onl ## Output management -_The ability of the TRE operator to ensure outputs are safely published and shared._ +The ability of the TRE operator to ensure outputs are safely published and shared. ```{list-table} :header-rows: 1 @@ -155,7 +155,7 @@ _The ability of the TRE operator to ensure outputs are safely published and shar ## Information search and discovery -_The ability to query and browse the data within an environment at various levels of abstraction._ +The ability to query and browse the data within an environment at various levels of abstraction. ```{list-table} :header-rows: 1 @@ -176,7 +176,7 @@ _The ability to query and browse the data within an environment at various level ## Information security -_This capability relates to the ability of the TRE operator to protect against the unauthorised use of information, especially electronic data._ +The ability of the TRE operator to protect against the unauthorised use of information, especially electronic data. Measures taken to ensure information security can be further categorised into: @@ -190,7 +190,9 @@ These measures include vulnerability management of TRE infrastructure (whether p (vulnerability-management)= -**Vulnerability Management:** The ability of the TRE operator to identify, assess, report on, manage and remediate technical vulnerabilities across endpoints, workloads, and systems. +### Vulnerability Management + +The ability of the TRE operator to identify, assess, report on, manage and remediate technical vulnerabilities across endpoints, workloads, and systems. ```{list-table} :header-rows: 1 @@ -223,7 +225,9 @@ These measures include vulnerability management of TRE infrastructure (whether p (security-testing)= -**Security testing:** Security testing enables the TRE operator to gain assurance in the security of a TRE by testing or attempting to breach some or all of that system's security. +### Security testing + +Security testing enables the TRE operator to gain assurance in the security of a TRE by testing or attempting to breach some or all of that system's security. ```{list-table} :header-rows: 1 @@ -257,7 +261,9 @@ These measures include vulnerability management of TRE infrastructure (whether p (encryption)= -**Encryption:** The ability of the TRE operator to deploy and manage encryption to protect information assets, including data for TRE research projects. +### Encryption + +The ability of the TRE operator to deploy and manage encryption to protect information assets, including data for TRE research projects. Here we define 'project' data as the data brought in for work which is very likely to be sensitive and 'user' data, as the working files of a project which might hold copies of all or part of the project data or otherwise reveal sensitive data (_e.g._ through hard coded row/column names). @@ -297,7 +303,9 @@ Here we define 'project' data as the data brought in for work which is very like (physical-security)= -**Physical security:** The ability of the TRE operator to manage and protect physical assets from unauthorised access, damage or destruction. +### Physical security + +The ability of the TRE operator to manage and protect physical assets from unauthorised access, damage or destruction. Physical security controls can provide TREs using highly sensitive data an extra layer of security, even if technical controls are already in place for less sensitive data: diff --git a/docs/source/pillars/information_governance.md b/docs/source/pillars/information_governance.md index 655290dd..a28cb283 100644 --- a/docs/source/pillars/information_governance.md +++ b/docs/source/pillars/information_governance.md @@ -17,7 +17,9 @@ For example, some requirements will arise from national legislation such as GDPR ## Governance Requirements -**Requirements Gathering and Monitoring:** This {term}`business process ` involves collecting, documenting, and managing the functional and non-functional requirements for the TRE based on the TRE organisation's goals and data assets. +### Requirements Gathering and Monitoring + +This {term}`business process ` involves collecting, documenting, and managing the functional and non-functional requirements for the TRE based on the TRE organisation's goals and data assets. ```{list-table} :header-rows: 1 @@ -35,7 +37,9 @@ For example, some requirements will arise from national legislation such as GDPR - Mandatory ``` -**Controls:** This {term}`business process ` involves measures, safeguards, or mechanisms implemented to manage or mitigate risks and ensure the integrity, confidentiality, availability, and reliability of systems, processes, or data. +### Controls + +This {term}`business process ` involves measures, safeguards, or mechanisms implemented to manage or mitigate risks and ensure the integrity, confidentiality, availability, and reliability of systems, processes, or data. ```{list-table} :header-rows: 1 @@ -51,7 +55,9 @@ For example, some requirements will arise from national legislation such as GDPR - Mandatory ``` -**Resource Allocation Process:** This {term}`business process ` involves assigning, distributing, and managing resources (such as personnel, finances, equipment, or time) within the TRE organisation to meet objectives and priorities effectively. +### Resource Allocation Process + +This {term}`business process ` involves assigning, distributing, and managing resources (such as personnel, finances, equipment, or time) within the TRE organisation to meet objectives and priorities effectively. ```{list-table} :header-rows: 1 @@ -71,7 +77,9 @@ For example, some requirements will arise from national legislation such as GDPR What the organisation does to measure and control quality of processes, documentation and outputs. -**Document and SOP Management Process:** This {term}`business process ` involves creating, organising, updating, and controlling documents and Standard Operating Procedures (SOPs) within the TRE organisation. +### Document and SOP Management Process + +This {term}`business process ` involves creating, organising, updating, and controlling documents and Standard Operating Procedures (SOPs) within the TRE organisation. ```{list-table} :header-rows: 1 @@ -91,7 +99,9 @@ What the organisation does to measure and control quality of processes, document - Mandatory ``` -**Quality Management Process:** This {term}`business process ` involves the generation and dissemination of reports or dashboards that provide insights and metrics on the performance and effectiveness of quality management processes and activities. +### Quality Management Process + +This {term}`business process ` involves the generation and dissemination of reports or dashboards that provide insights and metrics on the performance and effectiveness of quality management processes and activities. ```{list-table} :header-rows: 1 @@ -107,7 +117,9 @@ What the organisation does to measure and control quality of processes, document - Mandatory ``` -**Internal Audit Process:** This {term}`business process ` involves an independent evaluation process within the TRE organisation that assesses and improves its internal controls, risk management, and governance. +### Internal Audit Process + +This {term}`business process ` involves an independent evaluation process within the TRE organisation that assesses and improves its internal controls, risk management, and governance. ```{list-table} :header-rows: 1 @@ -127,7 +139,9 @@ What the organisation does to measure and control quality of processes, document - Mandatory ``` -**Supplier Management and Monitoring Process:** This {term}`business process ` involves a structured approach to managing and monitoring relationships with external suppliers, vendors and contractors, including selection, contract management and compliance oversight. +### Supplier Management and Monitoring Process + +This {term}`business process ` involves a structured approach to managing and monitoring relationships with external suppliers, vendors and contractors, including selection, contract management and compliance oversight. ```{list-table} :header-rows: 1 @@ -149,7 +163,9 @@ What the organisation does to measure and control quality of processes, document - Mandatory ``` -**Asset Management Process:** This {term}`business process ` involves a systematic approach to acquiring, operating, maintaining, and disposing of assets within an organization, aimed at maximizing their value and minimizing risks. +### Asset Management Process + +This {term}`business process ` involves a systematic approach to acquiring, operating, maintaining, and disposing of assets within an organization, aimed at maximizing their value and minimizing risks. ```{list-table} :header-rows: 1 @@ -166,7 +182,9 @@ What the organisation does to measure and control quality of processes, document - Mandatory (where physical assets are in scope) ``` -**Issue Management Process:** This {term}`business process ` involves a systematic approach to identifying, tracking, resolving, and managing issues or problems that arise within a TRE organisation, aiming to minimize their impact and ensure timely resolution. +### Issue Management Process + +This {term}`business process ` involves a systematic approach to identifying, tracking, resolving, and managing issues or problems that arise within a TRE organisation, aiming to minimize their impact and ensure timely resolution. ```{list-table} :header-rows: 1 @@ -186,7 +204,9 @@ What the organisation does to measure and control quality of processes, document - Mandatory ``` -**Quality Management Data:** This {term}`data object ` consists of data, including training records and configuration data, collected and used to monitor, evaluate, and improve the quality of processes, or services within the TRE organisation. +### Quality Management Data + +This {term}`data object ` consists of data, including training records and configuration data, collected and used to monitor, evaluate, and improve the quality of processes, or services within the TRE organisation. ```{list-table} :header-rows: 1 @@ -203,7 +223,9 @@ What the organisation does to measure and control quality of processes, document - Recommended ``` -**Quality Management System Application:** This {term}`application component ` is a software application or platform used to manage and automate quality management processes, including document control, corrective actions, audits, and performance tracking. +### Quality Management System Application + +This {term}`application component ` is a software application or platform used to manage and automate quality management processes, including document control, corrective actions, audits, and performance tracking. ```{list-table} :header-rows: 1 @@ -224,7 +246,9 @@ What the organisation does to measure and control quality of processes, document What the organisation does to ensure information risk is measured and managed to an acceptable level. -**Risk Assessment Process:** This {term}`business process ` involves the systematic evaluation and analysis of potential risks, threats, or vulnerabilities, including their likelihood, potential impact, and the effectiveness of existing controls or mitigation measures. +### Risk Assessment Process + +This {term}`business process ` involves the systematic evaluation and analysis of potential risks, threats, or vulnerabilities, including their likelihood, potential impact, and the effectiveness of existing controls or mitigation measures. ```{list-table} :header-rows: 1 @@ -244,7 +268,9 @@ What the organisation does to ensure information risk is measured and managed to - Mandatory ``` -**Risk Treatment Process:** This {term}`business process ` involves the selection and implementation of strategies, controls, or measures to manage or mitigate identified risks, such as risk avoidance, risk transfer, risk reduction, or risk acceptance. +### Risk Treatment Process + +This {term}`business process ` involves the selection and implementation of strategies, controls, or measures to manage or mitigate identified risks, such as risk avoidance, risk transfer, risk reduction, or risk acceptance. ```{list-table} :header-rows: 1 @@ -260,7 +286,9 @@ What the organisation does to ensure information risk is measured and managed to - Mandatory ``` -**Risk Ownership Process:** This {term}`business process ` involves the assignment of responsibility and accountability to individuals or entities for managing and mitigating specific risks within the TRE organisation. +### Risk Ownership Process + +This {term}`business process ` involves the assignment of responsibility and accountability to individuals or entities for managing and mitigating specific risks within the TRE organisation. ```{list-table} :header-rows: 1 @@ -285,7 +313,9 @@ What the organisation does to ensure information risk is measured and managed to What the organisation does to create and maintain research projects and work packages within the TRE. -**Study Onboarding Process:** This {term}`business process ` involves onboarding or initiating a research study, including setting up necessary infrastructure, obtaining approvals, and defining protocols or methodologies. +### Study Onboarding Process + +This {term}`business process ` involves onboarding or initiating a research study, including setting up necessary infrastructure, obtaining approvals, and defining protocols or methodologies. ```{list-table} :header-rows: 1 @@ -301,7 +331,9 @@ What the organisation does to create and maintain research projects and work pac - Mandatory ``` -**Compliance Checking Process:** This {term}`business process ` involves verifying and ensuring adherence to applicable laws, regulations, standards, or internal policies within the TRE organisation. +### Compliance Checking Process + +This {term}`business process ` involves verifying and ensuring adherence to applicable laws, regulations, standards, or internal policies within the TRE organisation. ```{list-table} :header-rows: 1 @@ -322,7 +354,9 @@ What the organisation does to create and maintain research projects and work pac - Mandatory ``` -**Study Closure Process:** This {term}`business process ` involves the formal conclusion of a research study or project, including final data analysis, reporting, documentation, and archiving. +### Study Closure Process + +This {term}`business process ` involves the formal conclusion of a research study or project, including final data analysis, reporting, documentation, and archiving. ```{list-table} :header-rows: 1 @@ -338,7 +372,9 @@ What the organisation does to create and maintain research projects and work pac - Mandatory ``` -**Study Management Portal:** This {term}`application component ` is an online platform that provides centralised access to manage research studies including onboarding studies, control of access and administration of compliance tasks. +### Study Management Portal + +This {term}`application component ` is an online platform that provides centralised access to manage research studies including onboarding studies, control of access and administration of compliance tasks. ```{list-table} :header-rows: 1 @@ -355,7 +391,9 @@ What the organisation does to create and maintain research projects and work pac - Optional ``` -**Data Asset Register:** This {term}`data object ` is a database or other electronic record that documents and manages information about the TRE organisation's data assets, including their characteristics, ownership, usage, and other relevant details. +### Data Asset Register + +This {term}`data object ` is a database or other electronic record that documents and manages information about the TRE organisation's data assets, including their characteristics, ownership, usage, and other relevant details. ```{list-table} :header-rows: 1 @@ -373,7 +411,9 @@ What the organisation does to create and maintain research projects and work pac - Mandatory ``` -**Study Register:** This {term}`data object ` is a centralised record or database that tracks and manages information about research studies and projects. +### Study Register + +This {term}`data object ` is a centralised record or database that tracks and manages information about research studies and projects. ```{list-table} :header-rows: 1 @@ -393,7 +433,9 @@ What the organisation does to create and maintain research projects and work pac Ability to ensure that people with access to data are correctly identified and they are suitably qualified. -**Identity Verification Process:** This {term}`business process ` involves confirming or authenticating the identity of individuals or entities, often through the verification of personal information, credentials, or biometric data. +### Identity Verification Process + +This {term}`business process ` involves confirming or authenticating the identity of individuals or entities, often through the verification of personal information, credentials, or biometric data. ```{list-table} :header-rows: 1 @@ -409,7 +451,9 @@ Ability to ensure that people with access to data are correctly identified and t - Mandatory ``` -**User Onboarding Process:** This {term}`business process ` involves introducing and integrating researchers and data consumers onto a TRE's systems, processes, including training, access provisioning, and orientation. +### User Onboarding Process + +This {term}`business process ` involves introducing and integrating researchers and data consumers onto a TRE's systems, processes, including training, access provisioning, and orientation. ```{list-table} :header-rows: 1 @@ -425,7 +469,9 @@ Ability to ensure that people with access to data are correctly identified and t - Mandatory ``` -**Identity and Access Management Services:** This {term}`application component ` is a system to govern and control user identities, access privileges, authentication, and authorization within an organisation. +### Identity and Access Management Services + +This {term}`application component ` is a system to govern and control user identities, access privileges, authentication, and authorization within an organisation. ```{list-table} :header-rows: 1 @@ -445,7 +491,9 @@ Ability to ensure that people with access to data are correctly identified and t - Mandatory ``` -**Authentication Application:** This {term}`application component ` is a software system that verifies and validates the identities of users or entities accessing a system through multifactor authentication. +### Authentication Application + +This {term}`application component ` is a software system that verifies and validates the identities of users or entities accessing a system through multifactor authentication. ```{list-table} :header-rows: 1 @@ -461,7 +509,9 @@ Ability to ensure that people with access to data are correctly identified and t - Mandatory ``` -**User Identity Attributes:** This {term}`data object ` consists of characteristics or attributes associated with a user's identity, such as username, email address, role, permissions, or affiliations. +### User Identity Attributes + +This {term}`data object ` consists of characteristics or attributes associated with a user's identity, such as username, email address, role, permissions, or affiliations. ```{list-table} :header-rows: 1 @@ -482,7 +532,9 @@ Ability to ensure that people with access to data are correctly identified and t Ability to deliver, track and maintain adequate training levels to ensure competence of all people within the TRE organisation. -**Curriculum Creation and Management Process:** This {term}`business process ` involves designing, developing, and managing educational curricula, courses through training needs analysis for required competency. +### Curriculum Creation and Management Process + +This {term}`business process ` involves designing, developing, and managing educational curricula, courses through training needs analysis for required competency. ```{list-table} :header-rows: 1 @@ -511,7 +563,9 @@ Ability to deliver, track and maintain adequate training levels to ensure compet - Mandatory ``` -**Certification Management Process:** This {term}`business process ` involves managing and overseeing certifications or qualifications held by individuals or entities, including tracking expiry dates, renewals, and compliance requirements. +### Certification Management Process + +This {term}`business process ` involves managing and overseeing certifications or qualifications held by individuals or entities, including tracking expiry dates, renewals, and compliance requirements. ```{list-table} :header-rows: 1 @@ -531,7 +585,9 @@ Ability to deliver, track and maintain adequate training levels to ensure compet - Recommended ``` -**Learning Management System:** This {term}`application component ` is a software platform or application that facilitates the administration, delivery, and tracking of educational or training programs, often including course materials, assessments, and learner progress tracking. +### Learning Management System + +This {term}`application component ` is a software platform or application that facilitates the administration, delivery, and tracking of educational or training programs, often including course materials, assessments, and learner progress tracking. ```{list-table} :header-rows: 1 @@ -547,7 +603,9 @@ Ability to deliver, track and maintain adequate training levels to ensure compet - Optional ``` -**Courses Data:** This {term}`data object ` consists of information or data associated with educational courses, including course materials and syllabi, assessments. +### Courses Data + +This {term}`data object ` consists of information or data associated with educational courses, including course materials and syllabi, assessments. ```{list-table} :header-rows: 1 diff --git a/docs/source/pillars/supporting.md b/docs/source/pillars/supporting.md index 78c0c497..95342ffa 100644 --- a/docs/source/pillars/supporting.md +++ b/docs/source/pillars/supporting.md @@ -154,7 +154,9 @@ The implementation and management of quality IT services that meet the needs of All activities aimed at ensuring a continuous level of engagement is maintained between the TRE operator and its customers, stakeholders and other interested parties. -**Stakeholder relationships:** Activities aimed at engaging with TRE stakeholders. +### Stakeholder relationships + +Activities aimed at engaging with TRE stakeholders. ```{list-table} :header-rows: 1 @@ -213,7 +215,9 @@ The ability of the TRE operator to access suitable and timely legal advice. -**Legal advisory:** The ability of the TRE operator to provide suitable and timely legal advice. +### Legal advisory + +The ability of the TRE operator to provide suitable and timely legal advice. ```{list-table} :header-rows: 1 @@ -230,7 +234,9 @@ The ability of the TRE operator to access suitable and timely legal advice. - Recommended ``` -**Data protection:** Ability to ensure data is used fairly, lawfully and transparently; for specified, explicit purposes; and in a way that is adequate, relevant and limited to only what is necessary. +### Data protection + +Ability to ensure data is used fairly, lawfully and transparently; for specified, explicit purposes; and in a way that is adequate, relevant and limited to only what is necessary. ```{list-table} :header-rows: 1 @@ -246,7 +252,9 @@ The ability of the TRE operator to access suitable and timely legal advice. - Recommended ``` -**Contract management:** What the organisation does to ensure that all contracts are effectively managed within required frameworks. +### Contract management + +What the organisation does to ensure that all contracts are effectively managed within required frameworks. ```{list-table} :header-rows: 1