2.5 Information Security - What the organisation does to safeguard research to ensure the confidentiality, integrity and availability of research resources and data. Information Security is delivered via the combination of Information Governance, TRE Builder/Developer and Information Security roles, a threat modelling process and 4 sub-capabilities. The threat modelling process provides input to the sub-capabilities and informs the controls across the entire architecture by calculating the likelyhood and impact of a realised threat.