Close
Research at UCL involves a wide range of technical, legal, and governance terminology, much of it expressed through acronyms or abbreviated names. These terms span information governance, data protection, Trusted Research Environments, and assurance processes managed through the Information Governance Advisory Service.
This page provides a single, practical glossary of the most commonly encountered acronyms and shorthand used. Please scroll down the glossary or select one of the options below to go to the section you need:
1. Core Organisations & Services
2. Governance, Security & Assurance Frameworks
3. Roles, Responsibility & Accountability
4. Trusted Research Environments & Secure Computing
5. Information Governance Advisory Service Process Terms
6. Data Protection & Legal Concepts
7. Assessment, Planning & Registration
8. Contracts, Sharing & Third Parties
9. Ethics, Health & NHS‑Specific Governance
10. Training & Competence
1. Core Organisations & Services
UCL – University College London
The higher‑education institution acting as Data Controller for the majority of UCL‑led research projects.ARC – Advanced Research Computing
A UCL centre providing secure computing infrastructure, Trusted Research Environments, and research information‑governance services.ISD – Information Services Division
UCL’s central IT and digital services organisation, supporting infrastructure, identity, and security services.IG Advisory Service – Information Governance Advisory Service
A service delivered by ARC that supports researchers in meeting information‑governance requirements, including project assurance and use of Trusted Research Environments (ARC.Infogov.SupportQueue: infogov@ucl.ac.uk)DPO – Data Protection Office
The UCL office responsible for institutional compliance with data‑protection legislation and for research registration involving personal data.RIS – Research and Innovation Services
UCL’s central professional service supporting research funding, contracts, governance, compliance, and post‑award management.JRO – Joint Research Office
UCL and UCL NHS Partners offices supporting health and clinical research governance and contracting.
2. Governance, Security & Assurance Frameworks
IG or Info Gov – Information Governance
The overarching framework that ensures research information is handled lawfully, ethically, securely, and in line with institutional and legal requirements.ISMS – Information Security Management System
A formal, documented system that defines how information security risks to research data are identified, managed, monitored, and improved.ISO 27001 – Information Security Management Standard
An international standard that specifies the requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System; it underpins the UCL Research Data ISMS.DSPT – Data Security and Protection Toolkit
An NHS assurance framework used to assess and demonstrate compliance with data‑security and information‑governance standards for health and care data.
3. Roles, Responsibility & Accountability
SIRO – Senior Information Risk Owner
A senior UCL executive with ultimate accountability for information‑risk management within the organisation (UCL's equalivant to a Caldicott Guardian).IAO – Information Asset Owner
The individual formally accountable for how information is collected, accessed, used, stored, and protected within a research project.IAA – Information Asset Administrator
An individual who supports the Information Asset Owner with day‑to‑day management of access, documentation, and governance processes.AR – Approved Researcher
An individual who has completed the required governance checks, training, and onboarding and has been formally authorised to access and work with data within a Trusted Research Environment or other controlled research setting.PI – Principal Investigator or CI - Chief Investigator
The lead researcher on a project; in many cases, the PI / CI acts as the Information Asset Owner.
4. Trusted Research Environments & Secure Computing
TRE – Trusted Research Environment
A secure computing environment designed to enable analysis of sensitive or highly confidential data while reducing the risk of unauthorised access or disclosure.ARC TRE – ARC Trusted Research Environment
UCL’s modern Trusted Research Environment provided by ARC, offering scalable and controlled analysis environments, providing secure access to highly confidential and regulated datasets.DSH – Data Safe Haven
A UCL Trusted Research Environment providing secure access to highly confidential and regulated datasets.HPC – High‑Performance Computing
A high‑performance computing environment providing large‑scale compute, memory, and storage resources for computationally intensive research, typically used for modelling, simulation, or data‑analysis workloads rather than as a controlled data workspace.Study
A governance‑level research unit representing a research activity or protocol, owned by an Information Asset Owner (IAO), under which approvals, datasets, shares, projects, participants, and assurance records are grouped.Share (DSH)
A controlled folder‑level workspace within the Data Safe Haven, with access restricted to approved users.Project (ARC TRE)
A scoped sub‑environment within the ARC TRE, configured for a specific dataset, research activity, and user group.
5. Information Governance Advisory Service Process Terms
IG Portal – Information Governance Advisory Service Portal
A platform used to record governance information, upload evidence, and track assurance status.CaseRef – Case Reference
A unique identifier assigned to a research project within IG records; used across governance documentation.Study Agreement or SoA – Statement of Accountability
A formal declaration signed by the Information Asset Owner confirming responsibility for compliant handling of research information.ARA – Approved Researcher Agreement
A formal agreement that sets out the responsibilities, obligations, and permitted activities of an Approved Researcher, including requirements relating to data protection, confidentiality, acceptable use, and compliance with governance controls.Stage 1 / Stage 2 – Governance Stages
Internal shorthand referring to phases of the governance assurance process, such as accountability confirmation and contract review.
6. Data Protection & Legal Concepts
GDPR – General Data Protection Regulation
The UK/EU legislation governing the lawful processing of personal data.DPA 2018– Data Protection Act 2018
UK legislation that governs how personal data must be processed, stored, and protected, supplemented by the UK General Data Protection Regulation; it sets out individuals’ rights and organisations’ obligations when handling personal data.Legal Basis / Lawful Basis
The lawful justification under data‑protection legislation for processing personal data, such as consent, performance of a task in the public interest, or compliance with a legal obligation, which must be identified and documented for each research activity involving personal data (UCL's Lawful Basis for Processing Personal Information).Personal Data
Information relating to an identified or identifiable living individual.PII – Personally Identifiable Information
Data that can directly or indirectly identify an individual.Sensitive Data
Data that may cause harm, distress, disadvantage, or risk if disclosed or misused, including personal data or data relating to vulnerable individuals or groups; sensitive data is assessed in context and may, but does not necessarily, fall within Special Category Data under data‑protection law.Special Category Data
Personal data revealing sensitive attributes such as health, genetics, ethnicity, or biometrics, requiring enhanced protection.Confidential Data
Information that is not intended for public disclosure and must be protected to prevent unauthorised access, disclosure, or misuse, but which does not necessarily meet the threshold of highly confidential or legally restricted data.Highly Confidential Data
Information that requires the highest level of protection due to legal, ethical, or contractual obligations—such as identifiable NHS data or other regulated datasets—and which typically must be stored and analysed only within approved Trusted Research Environments under strict access controls.Tiers
A UCL classification scheme used to categorise data, studies, or technical environments according to their information‑risk level, with higher tiers requiring stronger governance controls, security measures, and assurance processes (UCL Research Data Information Security Management System Data Classification and Environment Tiering Policy).
7. Assessment, Planning & Registration
Research Registration
The mandatory process for registering research projects involving personal data with the Data Protection Office.DPIA – Data Protection Impact Assessment
A structured assessment used to identify and mitigate risks to individuals’ rights and freedoms arising from data processing.DMP – Data Management Plan
A document describing how research data will be collected, stored, secured, shared, and preserved across the research lifecycle.
8. Contracts, Sharing & Third Parties
DSA – Data Sharing Agreement
A legal agreement governing how data is shared between UCL and external organisations.DPA – Data Processing Agreement
A contract defining responsibilities where a third party processes data on behalf of UCL.NDA – Non‑Disclosure Agreement
A confidentiality agreement restricting disclosure of sensitive information.
9. Ethics, Health & NHS‑Specific Governance
REC – Research Ethics Committee
A body responsible for reviewing the ethical acceptability of research involving human participants.UCL REC – UCL Research Ethics Committee
The institutional ethics committee for non‑NHS research.HRA – Health Research Authority
The UK body overseeing ethics and governance approvals for health and social care research.HRA REC – Health Research Authority Research Ethics Committee
An ethics committee operating under the HRA for NHS and social‑care research.HRA CAG – Health Research Authority Confidentiality Advisory Group
A committee advising on lawful access to confidential patient information without consent, operating under the authority of the HRA.IRAS – Integrated Research Application System
The HRA online system used to prepare, submit, and manage applications for research approvals and permissions, including ethics review and health‑research governance approvals.Section 251
A legal provision allowing specific uses of confidential patient information without explicit consent under defined conditions, confirmed by CAG.
10. Training & Competence
- e‑LfH – e‑Learning for Healthcare
The national online training platform used to access NHS‑approved learning, including Data Security Awareness (Level 1), allowing users to complete mandatory information‑governance and data‑security training and obtain certificates as evidence of completion.
- IG Training / Approved Reaercher Training / AR Training / Data Security Awareness
Mandatory NHS data‑security training covering information governance, cyber security, and safe handling of personal and confidential data; commonly referred to as Data Security Awareness training or DSA Level 1, labelled in e-LfH as l 'Data Security Awareness (NHSD)'.