The Role of a Secure Trusted Research Environment in Meeting NIH’s Updated Guidance to Genomic Data Sharing Policy

As the research community continues to rely on data shared by the National Institutes of Health (NIH), ensuring the security of that data continues to be an important requirement. Last year, the NIH issued an implementation update to the NIH Genomic Data Sharing Policy (GDS Policy), which outlines requirements for researchers accessing, storing, or processing large-scale human and non-human genomic data generated from NIH-funded research. The update was designed to continue to promote responsible data management and access under the GDS Policy and ensure the broad and responsible sharing of NIH genomic data for research that advances human health. 

Effective January 25, 2025, approved users of NIH controlled-access data under the GDS Policy must ensure that they maintain this data on IT systems that meet the standards set forth in the National Institute of Standards and Technology (NIST) Special Publication 800-171 (NIST SP 800-171).

As part of our commitment to supporting the research community, the Manifold platform, which serves as an AI-enabled Trusted Research Environment (TRE), endeavors to meet high standards of security and compliance. 

Key Elements of Compliance: Confidentiality, Availability, and Integrity

Our approach to safeguarding data is rooted in the fundamental security principles of Confidentiality, Availability, and Integrity and aligns with the standards across the control areas set forth under NIST SP 800-171. Here is how the NIST SP 800-171 control areas map to our security principles:

• Confidentiality: Manifold incorporates robust access controls, multi-factor authentication, least privilege access, data encryption, and secure storage practices that aim to ensure that only authorized users can access controlled information. Our experienced staff is trained on these requirements and held accountable for ensuring these controls are effective. 
• Availability: Manifold’s platform infrastructure is designed for availability and control, with processes for maintaining, scanning and monitoring the system for malicious code, unapproved changes and system integrity. The Manifold platform is built on a secure cloud infrastructure with automated backups. We regularly test and assess our systems against these controls to ensure they operate effectively and incorporate industry best practices and regulatory requirements. 
• Integrity: The Manifold platform aims to facilitate data integrity through various controls, including adhering to a system development lifecycle and third-party risk management process, third-party penetration testing, regular vulnerability scans, applying industry standard encryption at rest and in transit, version control, and audit logging. Any modifications to the data are logged, and these records help to verify that the data has not been compromised.

Security and compliance are essential to research, but should not be barriers to progress—they should empower it. As compliance requirements evolve, research environments must adapt to balance security, accessibility, and innovation. To learn more about Manifold’s approach to security and compliance standards within our platform, get in touch.