For ONS data: researchers must be an ONS Accredited Researcher, and the forms required to apply for this status will be made available during the application process. Further details are available from: ONS Approved Researcher Scheme
For non-government data: researchers must be based at a UK academic institution or an ESRC-funded research centre, and be an ESRC Accredited Researcher. PhD and research students can request access but will need to apply jointly with their supervisors
The satisfactory completion of training
An agreement by the user and their institution to a User Agreement

Please Get in touch if you have any queries about whether you are eligible to access data via the Secure Lab.

Are there any special requirements for accessing the Secure Lab?

1. Each user needs their own static routable IP address.

2. The endpoint device which accesses the Secure Lab (i.e. your workstation) must:

Be owned and managed by the organisation from which the Secure Lab will be accessed
Have a direct connection to the internet; proxy servers may not be used
Have a dedicated, static, public IP address (1-2-1 Network Address Translation is allowed)
Have no other network connections present except for the one being used to access the Secure Lab, this includes using VPNs

3. The following security measures must also be observed:

When the Secure Lab is accessed, only the wired Ethernet is used, and that the wireless is not connected simultaneously
The user only accesses the Secure Lab from their designated office, not from any other location
That good security measures are observed by the user, for example, locking screens when leaving the workstation unattended
Not allowing screens to be visible to people other than Secure Lab users working on the same Secure Lab project.

How is the Secure Lab different to the ONS Secure Research Service (SRS)?

The Secure Lab is very similar to the SRS and you will find familiar statistical software, including Stata, SPSS and ArcGIS. You can use Microsoft Office to write papers and design your presentations.

However, there are two important differences:

You log in to the Secure Lab at your institution, either from your office desktop PC, or from a secure room provided by your institution, depending on the nature of the data. You no longer need to travel to an ONS office to access the data.
You produce all your work within the Secure Lab system. Because you can log in from your institution whenever you wish to, there is no two-tier system of intermediate and final outputs. Instead, all of your work, from initial data exploration to writing your final paper, is done in your user area on our system. We provide you with project folders that are shared with colleagues approved to work on the same project. When you are ready to publish we check your final outputs before releasing them to you.

We are working closely with the ONS to ensure that all economic and social data currently available in the SRS will be available from the UK Data Service.

Is there a charge for using the Secure Lab service?

The Secure Lab service is part of the UK Data Service and is funded by the ESRC. We do not currently charge UK HE/FE researchers for using the service.

What's the Secure Lab User Agreement?

The Secure Lab User Agreement outlines the terms and conditions of use of the service, is signed by the researcher and a suitable officer at their institution (for example from a contracts office) and is returned before or during training.

The agreement includes:

liability for the researcher to complete the training;
information security responsibilities (not giving out password, not disclosing or compromising any Personal Information);
penalties and breaches;
output release policy;
acknowledgements and copyright requirements.

The agreement demonstrates that the prospective researcher understands the seriousness of the undertaking, and that they and their institution understand the penalties that may be imposed for breaches of security or confidentiality.

Can I or my University amend the User Agreement?

No. Many Universities have agreed to sign the agreement as it stands. We cannot tailor the agreement for each specific University/request. It is an agreement that fulfils the requirements of numerous parties such as the ONS, ESRC and the University of Essex.

What's included in the Secure Lab training?

The training course includes relevant legal and ethical responsibilities, required security procedures, guidance on Statistical Disclosure Control of outputs, penalties for breaches, as well as practical instruction on how to access and use the system.

Further details are available from attend a training course.

Using the Secure Lab

I click on the Secure Lab login page but I don't get through to the username and password page?

Have we got your correct IP address? Usually this error occurs because you are trying to access the service from a computer that our secure server firewall doesn't recognise
Have you recently changed your computer? Check with your IT support to confirm your computer's IP address and check that it is a 'static routable' IP address (dedicated to your computer and that doesn't change every time you start the machine)

Please email us with your confirmed IP address and we will update our firewall if necessary.

When I click on the SDS Desktop icon, the SDS window doesn't launch. Nothing happens

This could be a software error on your PC.

Un-install your Citrix client software and install the latest version (visit the Citrix website to download the latest version of Citrix Receiver)
Restart your computer and try again. Your IT support may have to do this for you

The Citrix software is the small software application that you installed on your computer just before we provided you with your username and password.

Can I download data from the Secure Lab?

Given the potential sensitivity, confidentiality and disclosiveness of the data, it is not possible for you to download any data from the system but you can view and analyse the data on your local computer via remote access. You may not, however, copy any analytical outputs from your screen, but you can share interim results with registered colleagues within the Secure Lab. The service carries out Statistical Disclosure Control checks on outputs ready for publication before these can be released and sent to you by email.

How do I link external business data to ONS business data?

The UK Data Service is able to assist researchers wishing to link external business data to ONS business data in the Secure Lab. See our guide for further information.

What is Statistical Disclosure Control?

Statistical Disclosure Control (SDC) is the process of reviewing your work to ensure that your results (for example descriptive statistics and other analyses), cannot be used to identify an individual respondent.

There are a variety of statistical measures commonly used by researchers that we have to check. The SDC standards we adhere to have been agreed by other European countries, and can be found in the document guidelines for the checking of output based on microdata research.

We undertake SDC of all outputs that researchers request from their Member Logon areas. We do the checks manually - this gives us the flexibility to consider each project individually. For this reason, as with our European colleagues, we do not feel that SDC software is appropriate to use for checking outputs created by our members.

We provide SDC training for our members, so you are aware of the SDC rules that we apply.

How do I apply for an output to be checked?

We have created an SDC folder inside your login project folder. When you have finished your document, save a copy into this folder. You should then complete an Output Release Form available from our Get in touch page.

What outputs will be returned to me?

Outputs can only be removed from the Secure Lab environment subject to Statistical Disclosure Control checks by service staff - once checked and deemed safe these are emailed to you.

In the UKDS Secure Lab, we have a set of minimum requirements that an output must meet in order for us to make a thorough statistical disclosure check and determine whether an output can be released:

Information about the data source, sample, methodology must be included
Graphs, Figures etc. must be fixed images (e.g. JPEG)
Unweighted cell counts must be provided for everything – e.g. graphs, figures, percentages, models results
Tables/figures must be clearly numbered and labelled
Variables must be given meaningful names, not just the labels from the dataset
You must include some explanation of what each graph, figure etc. shows
You should not request a data file. We cannot release data or any STATA, SPSS or R files from Secure Lab
There should not be any of the following embedded items in the output (use the ‘Inspect Document’ function to check this):

embedded documents
invisible content
hidden text

You must include the data citation in the output (this can be found for each dataset at: http://discover.ukdataservice.ac.uk and in the Original Data folder in your project area)

If any of the minimum requirements are not met, your output will not be released. We will have to contact you for further information, thus delaying the release of your output and the outputs of other users.

Previous users may remember that we used to operate a ‘final’ (AKA ‘finished’) output policy. However we recognise that this is no longer always appropriate given the increasingly varied nature of the projects within the Secure Lab, hence the clear list of requirements above.

Secure Lab users working on the same project can easily share their intermediate findings through shared project folders. However, in some cases, we may release Intermediate Results - see What if a co-researcher is not eligible to use the Secure Lab?

Can I discuss outputs with an Approved/Accredited researcher on the same project as me?

You may discuss outputs with an Approved/Accredited researcher on the same project but this must be done discretely and privately. It is absolutely forbidden to write anything down from the screen and outputs may only be shared in the project folder in your Secure Lab Login area or in the form of 'final outputs' following Statistical Disclosure Control and release by a member of the UK Data Service Support team.

What if a co-researcher is not eligible to use the Secure Lab?

Results which have not been checked by UK Data Service staff and returned to you must not be shared or disclosed to anybody else. They should only be accessed by a colleague working on the same project (see Can I discuss outputs with an Approved/Accredited researcher on the same project as me?).

You are not permitted to share any actual results with a non-approved researcher (even if you think they are not disclosive) such as a regression coefficient or a frequency count.

You may, however, discuss the overall research proposal and the results without disclosing any actual results.

If you wish to show actual results to a colleague who is outside the UK or who is not eligible to use the Secure Lab then you may ask us to release intermediate outputs provided that (i) the colleague has registered with the UK Data Service and agreed to its End User Licence and (ii) these outputs are equivalent as possible to 'finished goods/final outputs' e.g. a table in a MS Word document that includes sufficient surrounding text to allow us to understand and check the output.

What are the penalties for a breach of the terms of access for data?

A breach in the terms of access may result in:

the immediate termination of the licence holder's access to the data and the termination of the licence - depending upon the seriousness of the breach, the termination of access may be permanent

sanctions being sought against the licence holder by the data owner

for government data that fall under the Statistics Act 2007, penalties as specified in S39 of the Act - this may include a fine and/or imprisonment

individual or institutional suspension from all ESRC data services

individual or institutional sanction from ESRC funding

Self-reported unintentional breaches will be penalised with discretion. Researchers who take full and prompt action to correct a self-reported and unintentional breach will not normally be penalised but may be asked to repeat training/induction.

Download and data formats

Use data

Publication

Manage data

Deposit data

Help - Frequently Asked Questions (FAQ)

Back to top

Discover UK Data Service

Help - Frequently Asked Questions (FAQ)

Back to top

Login/ Register

Discover UK Data Service