Aridhia’s Digital Research Environment (or DRE) is designed to offer distributed research, healthcare and precision medicine environments a way of accessing the powerful analytic capabilities required to make sense of disparate sources of privileged data, in order to translate clinical research into mainstream clinical practice.

A Trusted Research Environment (or TRE) is a secure environment which facilitates collaborative research with a focus on data protection. A TRE typically has features like scalable compute and storage, a repository of data analysis tools, underpinned by a strong security model which ensures that data is shared safely. Aridhia’s TRE is a secure collaborative environment for small, distributed research teams; you can learn more about it on our blog and TRE Page.

Aridhia’s TRE is a multi-tenanted SaaS service, offering Workspaces for individual research teams and projects who want to get up and running straight away.

Aridhia’s DRE is a single-tenanted instance of a TRE which is dedicated to one organisation. The DRE provides both FAIR (a meta-data catalogue, with configurable search and approval and governance systems for secure transfer to workspaces) and Workspaces services (dedicated research spaces for a team to work on their data using built-in tools). The DRE offers unlimited users, enterprise-level data storage, and integration options such as Single Sign-On.

Both the DRE and TRE are managed services, with Aridhia providing all maintenance, support, and operations services.

The Principles for a Secure Development Environment are well documented. Aridhia develop their research environments in accordance with these principles.

The DRE and TRE allow users to develop their own code in line with the SDE principles; particularly when it comes to working in a secure development environment. Users benefit from features such as inbound and outbound airlocks, code backup via GIT, firewalled access control and role-based access.

We have supported a range of users over the years from specialist researchers to data scientists, data stewards, clinical researchers and everything in between. The platform can be used flexibly to meet the requirements and knowledge of its users.

Typically, we support Medical Science-based research projects and the DRE is deployed to customers who want to share data in a secure manner both within and across organisations.

We support many different types of organisations including Hospitals, Research Organisations, Pharmaceutical companies and universities.

The TRE and DRE have different pricing models but generally our services are priced on a per-workspace, subscription-based model.

When using a DRE, organisations are responsible for their own direct Azure costs and Aridhia charge for use of Workspaces and FAIR Data Services as well as support and other professional services. This model allows our customers to benefit directly from discounts or promotions from Microsoft directly.

For those users of a TRE, they will typically be charged on a per-workspace basis which covers all costs from Azure infrastructure up to professional services from Aridhia.

Please contact us to discuss your requirements further.

The Aridhia DRE is for organisations who need an enterprise-level research environment. The DRE provides Workspaces for collaborative data science and FAIR Data Services for dataset search, classification, and efficient metadata browsing. Additionally, the DRE has various customisation options including branding, SSO, and integration with other Azure services.

The Aridhia TRE is for individual research teams who need collaborative Workspaces for their project, and have the budget to get going on a SaaS style service immediately. This is also a good option if you are looking to try the DRE for size; a TRE subscription can be upgraded to DRE at a later date if required.

Absolutely not!

With both the TRE and DRE, Aridhia will build, deploy and maintain the service for you. We provide all the infrastructure needed for the platform to run as well as support from experienced professionals when needed. This is all included in the price of the service.

When buying a DRE, Aridhia will work with you to make sure that the setup meets your needs in areas like compliance, performance, and look and feel. We will then create Azure subscription resources and infrastructure as agreed; this typically takes a month or so.

For our TRE, you can get started as soon as the contract is signed; within 24 hours in many cases.

The DRE can be customised on a few levels. Examples include; the approval workflows in FAIR, the homepages of both FAIR and Workspaces, FAIR roles and access levels, branding, SSO, pseudonymisation service, external storage options, and integration with other Azure services.

As a lower-cost SaaS style offering, the TRE is less customisable, but each workspace can be customised with its own apps, VMs, and extra storage. A homepage can also be set on the workspace level.

Yes, workspaces can be configured to work with Machine Learning and AI services, but it is not included in the standard setup to save on costs. If you have a specific use case in mind, please get in touch with us to discuss it.

Absolutely. Aridhia act as the data processor and takes no ownership of the code, data or analytics performed inside the DRE or TRE. You remain the data controller. At the end of your project, the data can be removed from the DRE or TRE and the workspace deleted.

We have been working with multiple clients who have built their own TRE but found it far more complicated than they first anticipated, requiring a significant investment in software development. Our findings are summarised in one of our blogs.

By buying from Aridhia, you are benefiting from 14+ years in the industry and a product which is compliant with ISO27001/27701, HITRUST, Cyber Essentials and other standards. Building your own also means you will have to anticipate the ongoing maintenance costs of the platform: this is included in your DRE or TRE subscription. We are confident that the Total Cost of Ownership of buying from Aridhia versus building your own TRE is significantly lower.

Aridhia’s Enablement team has worked with several customers in the preparation and curation of data. We can also help advise on other parties who can assist you here.

Yes! All users of Aridhia’s services have access to a portal with walkthroughs, videos and tutorials on how to get the most from the TRE or DRE.

These services can be added to the platform at an additional cost. More information about them can be found by contacting Aridhia or on our Knowledge Base.

At the end of a project, output can be checked via the Airlock process. The outbound airlock allows users to request to remove their data, analysis, and reports from a workspace or transfer it to a new workspace.

The output is held until the request is approved at which point the requesting user can download their artefacts.

The DRE is a cloud-native platform which takes advantage of the scale and flexibility offered by Microsoft Azure. There is no limit to the number of users who can access the DRE and a single instance of the DRE can host up to 450 separate Workspaces, additional instances can be added should more Workspaces be required.

A Workspace has up to 10 TB of storage by default, which can be extended to 100 TB if needed and a shared Database server can be scaled up or down to match requirements, additional Databases can be added to Workspaces if needed.

The DRE uses Kubernetes to run various shared compute services, which can scale as needed. Additional compute can be added to a Workspace, from low-spec VMs to high performance GPU machines.

Aridhia completed the ISO27001 certification in June 2019, maintaining this certification through multiple audits and has now also achieved an ISO 27701 certification as of June 2022. Our services are HITRUST CSF certified and we also hold several UK-specific certifications.

This means that your users can work in the knowledge that their data and compute is stored safely in a secure environment.

We have a dedicated Security team who are happy to advise on matters relating to information security of the DRE or TRE.

Find more information on our Security and Compliance page.

Aridhia’s certifications cover the build and running of the DRE and TRE services. Your organisation’s Information Security team should be able to advise you on whether you need a certification to cover other activities which you are performing.

Yes. The DRE has native support of a Federated Node: an implementation of the Common API. Data controllers can implement local deployments of the Federated Node and, upon Data Access Request approval, delivery of secure access tokens to allow the user to run pre-approved queries and analytics. Find out more here.

CFR Part 11 compliance is a regulatory standard expectation for any software utilised in the submission process. Compliance would require systems and software validation of the user’s customised system and hence validation and compliance would have to be documented by the sponsor once all software solutions have been added to the workspace environment. Hence, the workspace environment compliance with CFR Part 11 can be obtained but will require validation and documentation efforts by the sponsor. Aridhia can assist in this regard, of course.

Aridhia does not offer validation service per se, but we do provide guidance and recommendations from some of our technology partners and collaborators who do provide such services.

Data management in the DRE is the responsibility of the owner or sponsor. FAIR Data Services do not ensure compliance with CDISC standards although FAIR can facilitate the implementation of CDISC standards and allow the owner to track the status of data standards of the various forms of data ingested in the DRE.

According to the FDA’s guidance for industry on computerised systems used in clinical trials, an audit trail is defined as: “A secure, computer-generated, time-stamped electronic record that allows reconstruction of the course of events relating to the creation, modification, and deletion of an electronic record.” Its purpose is to accurately record changes made to documents.

In other words, an audit trail is the history of all actions performed in a document, including the responsible person for the action, when, which action was taken, and any other relevant details. Audit trails enable tracking the document time-sequence development to ensure they have not been altered in any way that would compromise accuracy or reliability. FDA 21 CFR Part 11 regulation requires the system used to manage electronic records to provide a secure, computer-generated, and time-stamped audit trail. Audit trail capabilities within the DRE can ensure compliance with FDA regulations.

The DRE has a Recovery Point Objective of 24 hours, meaning we run a nightly job to backup all production data using the Azure Backup service. Backups can be stored in the Azure region which best fits your business needs. By default, we hold backups for 14 days, which we can extend if required. We can also add additional backup points e.g. monthly or annual backups. Backup costs are contained within the overall Microsoft Azure bill, which is either paid directly to Microsoft or to Aridhia, depending on which Azure tenancy is being used.

Aridhia helps clinical and life sciences pioneers in Research Hospitals, Universities, Pharmaceutical Companies & Global Medical Networks who want to advance their medical research and improve outcomes more quickly.

We do this by providing a safe, secure digital research environment for projects of any size or scale; local or global. This is built to enable greater collaboration, knowledge sharing and access to the potential of machine learning.

Aridhia was founded in 2008 and has now spent over a decade working to develop and support the Aridhia Digital Research Environment (DRE).

Aridhia are currently working with a mix of customers in many sectors. We list some of them on our website here, where you will also find some use cases with more information.

Yes. The DRE adheres to the SATRE specification and is fully SATRE compliant. Find out more here.

Yes. The Aridhia DRE has been and continues to be built using a ‘security first’ approach. It adheres to requirements as set out in the Five Safes framework. More information on how the DRE maps to this can be found here.

Of course. This is what the platform is designed to support. Each workspace includes tools to help you upload data or scripts from your local machine and you can store them in your workspace for further use or development. Each environment comes with tools like Jupyter and RStudio to help you run and use your scripts and data.

Yes. The DRE can host multi-modal data, including images, sound, and genomic data, and provide a means for users to identify and request biosamples in line with appropriate cohorts of clinical data. You can find out more about our work in this area with the Liver Cancer Collaborative here.

You can. One of the core principles of the workspace is that it is a space for collaboration. You can invite colleagues who sit next to you or those who work on the other side of the planet. Workspaces can be used to bring in specialists to help your analysis or collaborators to work alongside.

Workspaces are flexible and can be allocated storage and compute on demand. However, read here for the the default workspace configuration.

No. Each workspace exists in its own subnet so all of the files, data, VMs and other assets in the workspace can be accessed there and there only.

All data access requests (DAR) submitted in the Aridhia DRE are fully traceable. FAIR Data Services offers a configurable, fully audited DAR process that allows data owners to track the progress of DARs and view historic requests. On approval, all data transfers to a workspace include a transfer receipt which contains full details of the request and transfer.

Data is moved from FAIR to Workspaces after the data owner has approved a request, and the requester has actioned the transfer. The data will end up in the workspace inbox where it can then be picked up and moved into the files and database. For some data, there may be additional approval steps before this process can happen.

There are data delivery options available to data controllers who wish to provide access to data without the need for transfer of structured CSV data. This may be to support very large and frequently updating databases or a storage area of referenceable unstructured data such as images or genomic data. In these cases, read only access can be provided direct from a workspace to remote databases or storage buckets upon approval of a Data Access Request.

Yes. The DRE has native support of a Federated Node: an implementation of the Common API. Data controllers can implement local deployments of the Federated Node and, upon Data Access Request approval, delivery of secure access tokens to allow the user to run pre-approved queries and analytics. Find out more here.

Yes. The most common DRE configuration to support imaging use-cases involves the deployment of a DRE-native XNAT server with secure connectivity from Workspaces. Users are isolated to ensure that they cannot view or edit other users’ credentials, and can use the full range of XNAT services available, such as imaging analysis pipelines and the built-in OHIF viewer. Find out more here.

Yes. Tools such as OpenSpecimen provide extensive APIs for exporting sample data in a format that can be loaded into FAIR and made findable and accessible. The Cohort Builder allows users to explore the samples available and request those relevant to their study as part of a data access request. Find out more here.

In a workspace, R Shiny apps can be deployed easily and they run in the workspace infrastructure. We also support containerised apps although the ability to deploy these is not self-service. Within a VM, users can download and use their own software, or they can make use of the built-in software that comes in a Data Science Machine.

Yes, this is possible. Workspaces usually operates a “bring-your-own-licence” model unless there is a pre-agreement with your organisation.

Please speak to the team at Aridhia if you are interested is using these software and we will be happy to discuss the setup with you.

XNAT can be deployed within the DRE environment, with access controlled on a per user and workspace basis. This allows approved workspace users to access restricted sets of images for viewing, annotation, and the development of analysis pipelines.

Data Controllers can configure FAIR to use Synapse as a source for data hosting as an alternative to the default embedded PostgreSQL DB

FAIR has an embedded PostgreSQL DB that can be used to host data. Data owners can also choose to host their own external PostgreSQL DB.

Data Controllers can configure FAIR to use MSSQL as a source for data hosting as an alternative to the default embedded PostgreSQL DB.

Our customers have combined sample metadata from OpenSpecimen with clinical data to provide researchers with a way to request cohorts of samples aligned with clinical data for multimodal analysis. Find out more here.

NONMEM can be deployed on a workspace virtual machine and can interact with the shared file system to allow for secure data access.

On condition that access credentials are configured and provided, workspace users can interact with RDS instances in a strict read-only manner, as though the database was local to their workspace, accessible from the no code SQL tools, Shiny and containerised apps, and the virtual machine.

Access tokens provided to a workspace can be used to allow for connectivity between a workspace and a secure storage account. These tokens can be time bound and used within the workspace upon approval of a data access request.

Provided access credentials are configured and provided, workspace users can interact with remove database systems in a strict read-only manner as though the database was local to their workspace, accessible from the no code SQL tools, Shiny and containerised apps, and the virtual machine.

Using a workspace virtual machine, users can access Azure batch for long running computational tasks. They can also benefit from the use of Cromwel, an implementation of the GA4GH Task Execution Service, specialised in running and orchestrating genomic pipelines.

Using a workspace virtual machine, users can access Azure MLOps for running machine learning algorithms. Jupyter Lab is available with the default DSVM toolset and provides appropriate tooling for interacting with Azure MLOps.

Using a workspace virtual machine, users can access Azure OpenAI for using LLMs on appropriate data within a safe workspace environment. Find out more here.

Often data must be transformed into a format or model compatible with FAIR or more suited to researchers’ use-cases. Using Azure Data Factory, ETL pipelines can be established between data sources and FAIR to transform and load data.

The DRE can host Qlik servers with push integration from workspaces, allowing data modellers, researchers or others to push data frames to Qlik for presentation in a dashboard.

Workspaces can be configured to facilitate the use of PowerBI from a virtual machine for dashboard development and data analysis with access to the local file system and PostgreSQL DB.

Nextflow can be deployed and run within a virtual machine should further compute be required. Nextflow can be configured to use Azure Batch for orchestrated computation.

Aridhia have experience in building automated ETL pipelines using the OHDSI suite to transform data from EHR systems such as EPIC and Cerner into the OMOP standard to make available via the DRE FAIR Data Services component. Our customers have also made use of tools such as OHDSI ATLAS in workspaces to explore data and build cohorts.

Data from our customers such as The Royal Marsden Hospital and Great Ormond Street Hospital have syndicated metadata from their DRE platforms to the HDR Gateway.