# Explore Trusted Research Environments

{% hint style="info" %}
Apollo and Trusted Research Environments licenses are required to use Trusted Research Environments on the DNAnexus Platform. [Contact DNAnexus Sales](mailto:sales@dnanexus.com) for more information.
{% endhint %}

A Trusted Research Environment (TRE) is a secure, configuration-driven framework within the DNAnexus Platform. It enables data providers to maintain full ownership and control of their data while providing authorized researchers with a secure, automated workspace for data analysis.

With TREs, you can launch controlled data-sharing programs through configuration in the Platform. You can define governance policies, publish curated data offerings, and automate access decisions and data delivery in one operating model.

## Why Use a DNAnexus TRE?

Organizations often need to share sensitive biomedical data without increasing operational burden or weakening controls. DNAnexus TREs give you a repeatable way to publish discoverable data offerings and grant approved access in a policy-bound workspace.

TRE architecture is grounded in the **5 Safes Framework**. You can ensure that **Safe People** access **Safe Data** in **Safe Projects** and **Safe Settings** to produce **Safe Outputs**.

* **Safe People:** Researchers must be authorized by the TRE Admin before they can view showcase data, and must receive access request approval before gaining access to the full data inventory.
* **Safe Data:** Researchers can evaluate data relevance using the curated Data Showcase, while data providers keep full control of the complete data inventory.
* **Safe Projects:** All research projects must be associated with an approved access request and can only access the approved subset of data.
* **Safe Settings:** Data governance constraints and access policies are enforced in all research projects provisioned with research environment data.
* **Safe Outputs:** Automated data dispensing into researcher projects provides integrity protection and ensures consistent, policy-compliant data delivery.

## Separation of Duties

A DNAnexus TRE uses separation of duties to support compliance and security. Platform privileges are divided across specialized roles so the people who configure environments and approve access remain distinct from the people who analyze data. For a comprehensive breakdown of these personas and their access levels, see [Roles and Permissions](/user/trusted-research-environments/roles-and-permissions.md).

## How It Works: The TRE Lifecycle

The following diagram illustrates a simplified flow from creating a research environment to analyzing dispensed data in a secure workspace.

{% @mermaid/diagram content="flowchart LR
A\["**TRE Admin**<br/>Creates and configures TRE"] -->|"Authorized users<br/>discover TRE"| B\["**Authorized User**<br/>Submits data access request"]
B -->|"System notifies<br/>reviewers"| C\["**Reviewer**<br/>Evaluates and approves"]
C -->|"System dispenses<br/>data"| D\["**Researcher**<br/>Analyzes data under TRE policies"]

%% Styling
classDef lifecycleFlow fill:#66C9F9,stroke:#1F519D,stroke-width:2px,color:#000

%% Apply classes
class A,B,C,D lifecycleFlow" %}

1. A **TRE Admin** creates and configures the TRE, including its data inventory, security policies, and review pipeline, then publishes it to the **Active** state.
2. An **Authorized User** discovers the TRE in the **Resource Center** (the platform's directory of research environments), explores the data through the **Data Showcase** (a view-only Cohort Browser for pre-request exploration), and submits a data access request.
3. A **Reviewer** evaluates the request in the **Request Center** and records a decision with a traceable review history.
4. On approval, the system automatically dispenses the requested data into an access-controlled project where researchers, including the **Request Owner** and any **Collaborators**, can begin analysis under enforced TRE policies.

For a detailed breakdown of each role, see [TRE roles and permissions](/user/trusted-research-environments/roles-and-permissions.md).

Research environments move through Draft, Active, and Maintenance states that control what admins can change over time. Publishing an environment to the **Active** state is separate from making it public. For details, see [Managing Trusted Research Environments](/admin/trusted-research-environments.md).

## For Researchers

Authorized Users, Request Owners, and Collaborators follow this path to discover data and conduct research:

1. [Discover Research Environments and Explore Data](/user/trusted-research-environments/discovering-tres.md) — Browse the Resource Center, view TRE details, and explore available data in the Data Showcase.
2. [Submit a Data Access Request](/user/trusted-research-environments/submitting-access-request.md) — Create a request, select cohorts and data collections, add collaborators, and submit for review.
3. [Create Projects and Access Dispensed Data](/user/trusted-research-environments/creating-projects.md) — After approval, create a project where the platform dispenses the requested data into a secure workspace.

## For Reviewers

Reviewers evaluate data access requests and register approval or rejection decisions:

* [Review Data Access Requests](/user/trusted-research-environments/reviewing-access-requests.md) — Access your review queue, evaluate request details, and register decisions with justification.

For TRE Admins who configure and manage environments, see [Managing Trusted Research Environments](/admin/trusted-research-environments.md). For the API reference, see the [Trusted Research Environments API](/developer/api/trusted-research-environments.md).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://documentation.dnanexus.com/user/trusted-research-environments.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.