Secure Environment for Analysing Data (SEAD)

Access the self-contained, scalable and secure cloud data analysis service. Find out about costs, features and how to register your interest

Released
10/11/2023

What is SEAD

The Australian Bureau of Statistics (ABS) developed SEAD to address the demand for secure cloud-based data access services across the Australian government. It aims to support government agencies in incorporating the Office of the National Data Commissioner (ONDC) Data Sharing Principles into regular operations, safely manage data sharing, and access modern data science tools by leveraging ABS investment and expertise.

The SEAD service introduces an innovative solution which provides a series of secure, self-contained environments known as “SEADpods” within the cloud-based infrastructure that also underpins the ABS DataLab. These SEADpods operate independently from the DataLab but adhere to the same Safe Settings risk management controls, in line with the Five Safes framework.

The SEAD service enables government agencies engaging this service, referred to as “SEAD partners”, to adopt a SEADpod and inherit exclusive administration of that self-contained environment through self-service features. This arrangement allows them to maintain full control and management of their data, users, projects, and outputs in accordance with their legislative, policy, and risk requirements, while the ABS continues to uphold the system's Safe Settings protections.

Features

The SEAD service: 

Note: The SEAD service does not permit SEAD partners to access ABS data held in the DataLab. To enquire about access to ABS data, please see our other data service offerings

Who can access SEAD

Distinguishing itself from the DataLab which services end-users from government and academic sectors, SEAD is designed for use by individual government departments. SEAD enables areas within departments to service their own end-users who may be internal or external to that department and have contemporary analysis requirements.  

SEAD is currently offered to:

  • federal agencies
  • state and territory departments
  • local government bodies

Why partners are choosing SEAD

The SEAD service can be applied to a variety of use cases. Some of our most common SEAD partner use cases include:

  • "we need contemporary analysis tools"
  • "our current solution is too expensive or unstable"
  • "we need a proven system setup soon"
  • "we need a secure platform for 3rd party users to engage with our data"
  • "we need an easy way to securely share data in-house"
  • "we don’t have resources to manage software licensing"
  • "we don’t have staff to setup and manage a new system"

Recognition

Since its release in June 2022, the growing demand and positive feedback from existing SEAD partners demonstrate its position as a valuable addition to the Australian data landscape. Notably, SEAD has received mentions in the:

  • 2023 United Nations Economic and Social Commission for Asia and the Pacific (UN ESCAP) Expert Meeting on Data Governance
  • 2023 Melbourne Institute Public Economics Forum
  • 2023 Life Course Centre Data for Policy Summit
  • 2023-24 ABS Corporate Plan
  • 2022-23 ABS Annual Report
  • 2021-22 Department of Finance Annual Report

System security and risk management

System security

The ABS has extensive experience in keeping data secure as Australia’s national statistical organisation and as an Accredited Data Service Provider (formally Accredited Integrating Authority). 

The SEAD system is hosted in Microsoft Azure and meets 'PROTECTED' level security standards as prescribed in the Australian Government Information Security Manual (ISM). It is subject to Independent Security Registered Assessors Program (IRAP) certification, ongoing security audits and robust IT security testing and patching. 

The technology underpinning the SEAD system includes:

  • data encryption at rest to mitigate against unauthorised access to microdata
  • Azure Storage accounts to securely hold individual research products and allow querying from authorised users
  • cloud servers (including backup servers) hosted exclusively onshore, with access only authorised for use in Australia unless approved by the ABS
  • closed network virtual machines to provide secure, isolated research spaces for the analysis of microdata
  • guarded access through multi-factor authentication and workspace segmentation inhibiting data sharing between projects
  • the SEAD Product Storage Account is protected with Microsoft Defender providing threat detection against malicious/unusual behaviour

The ABS employs the above with a focus on industry standard security posture management to provide a safe and secure platform for policy and program delivery work.

For more information about SEAD system security or compliance with IRAP, please Contact us.  

Managing risk using the Five Safes

The SEAD service enables partners to leverage the existing Safe Settings protections maintained by the ABS. 

Responsibility for upholding the remaining Five Safes controls moves to the SEAD partner, with each element in this context as follows:

Safe Data

Has appropriate and sufficient protection been applied to the data?

SEAD partners retain the responsibility for the security of their data within their SEADpod, by managing data ingress and egress within their data governance safeguards. SEAD partners must also ensure that appropriate confidentialisation and treatments are applied to any form of data, code or packages before being made accessible to their users.

Safe People 

Is the researcher authorised to access and use the data appropriately?

SEAD partners oversee user access to their SEADpod, ensuring that only authorised researchers can utilise and interact with their data. SEAD partners are responsible for providing the appropriate people vetting and onboarding processes for access to their SEADpod.

Safe Projects 

Is the data to be used for an appropriate purpose?

SEAD partners have the autonomy to approve and manage projects within their SEADpod, streamlining their workflow and data analysis. It is the SEAD partner's responsibility to ensure appropriate project governance. 

Safe Outputs 

Are the statistical results non-disclosive?

SEAD partners are responsible for ensuring all outputs are validated prior to release from the system against organisational tolerances, to ensure appropriate governance and legal obligations are adhered to (e.g., preventing the re-identification of an individual or organisation).

Note: ABS system administrators hold an overarching administrator role but will not view or interact with SEAD partner data or activities unless requested. 

Available features

SEAD leverages the underlying systems and resources that support the operation of the DataLab. This ensures that both SEAD and DataLab users have access to the same software and virtual machine offerings outlined below. 

Software

To access the latest version of each application in SEAD, refer to the ‘Manage’ option in the portal to transition to the most recent VM version available. VM versions are updated annually, allowing for a suitable transition period for migration.

SEAD runs on the Windows operating system and is equipped with the following standard tools:

 VM Version
 2024avd2025
LibreOffice 7.57.6.7.1
Acrobat Reader 
Azure Storage Explorer1.33.01.33.0
Notepad ++ 8.5.28.6.5
QGIS3.303.36
WinMerge2.162.16.40
Git 2.42.45.0
Stata MP18MP18
CUDA 12.1.112.1.1
R.4.1.34.4.1
Rstudio2023.032024.04
Rtools4244
Python (Anaconda3 distribution)3.93.11
Jupyter Notebook & JupyterLab 
Spyder 
PostgreSQL1516
Posit (package manager)
*Approved CRAN and PyPI packages are available in DataLab
 
7Zip23.0123.01

SEAD can also accommodate the following non-standard tools upon request:

SAS9.4 (EG 8.2)9.4 (EG 8.2)
Azure Databricks                                                                                   

All software is licensed, maintained and administered by the ABS through the SEAD service. All data is hosted onshore by Microsoft Azure cloud computing services and accessed through a virtual desktop.   

If you have an enquiry regarding software and software versioning, please submit a request via the Contact us page.

Note: Microsoft Word and Excel are not currently available, as these applications require an internet connection which is not supported in a secure system like SEAD. Libreoffice is the alternative offered in the system, with similar capabilities to Microsoft Office. Firefox and Edge are available to support access for Databricks and for methods such as Jupyter notebooks in order to use Python/R. These browsers cannot be used to browse the internet.

Virtual machine sizes

Standard virtual machines
NameWindows serverCPURAM
SmallSmall Windows 10 DSVMCPU Cores 28GB
MediumStandard Windows 10 DSVMCPU Cores 216GB
LargeStandard Windows 10 DSVMCPU Cores 2-864GB

 

Above large virtual machines
NameWindows serverCPURAMApprox cost per hour ($AUD)
X-LargeStandard Windows 10 DSVMCPU Cores 16128GB$1.80
XX-LargeStandard Windows 10 DSVMCPU Cores 32256GB$3.80
XXX-LargeStandard Windows 10 DSVMCPU Cores 64504GB$6.40

Larger machines than those outlined above are available on request at an additional cost. 

Cost overview

Potential SEAD partners can request a quote to adopt a SEADpod based on the following cost recovered components charged up front:  

SEADpod delivery charges

Starting from approximately $65,000 per annum, these charges cover information technology and administration support, system development, maintenance and licensing involved in subscribing to the SEAD service.

These charges will vary based on marginal cost of service levels agreed to in a Memorandum of Understanding (MoU).  

Inclusions: 

  • business administration support (including ABS account management, training, reporting and code/package support)
  • Information and Communications Technology (ICT) support (including system security maintenance, feature design, testing, technical support and development)
  • licensing (including Microsoft Azure, Azure Active Directory and all relevant software), security monitoring and account provisioning
  • relevant infrastructure governance measures (Privacy Impact and Information Security Registered Assessor Program (IRAP) assessments)

Additional charges apply for customised SEAD services. These services may include additional administrative support, data confidentialisation and output clearance, all in accordance with SEAD partner tolerances and instructions. 

System usage charges

Starting from approximately $2,000 per annum, per active Virtual Machine (VM), inclusive of standard software licensing.

An annual cost projection is produced in negotiation with the SEAD partner, based on estimated use. All charges reflect actual data and system usage passed on from Microsoft Azure to the ABS.

Inclusions:  

  • initial account setup
  • standard cloud user/administrator account access
  • standard project workspace (1TB each) and VM (Large, E8-2s v3, 8 CPU & 64gb Memory)
  • standard software licensing (R, Python, STATA, LibreOffice etc)

Additional charges apply for non-standard software, such as SAS, Databricks, or other requested software. 

Note: The above charges apply to the SEAD service only; costs cannot be transferred or negotiated with the DataLab service. All charges adhere to the ABS user charging policy, exclude GST and may be subject to periodic review. Inactive VM (unused for over 30 days) and administrator accounts will incur minimal maintenance fees.  

Applying for the SEAD service

Step 1. Ensure you meet eligibility criteria

For criteria, refer to Who can access SEAD.

Potential SEAD partners should ensure that their use case aligns with the SEAD services provided. For more information and a summary on how the ABS handles privacy as part of the SEAD service, refer to the SEAD Privacy Impact Assessment.

Note: The ABS currently does not offer additional managed services, such as data confidentialisation, input validation, and output vetting.

Step 2. Register your interest for a suitability assessment

To register your interest and schedule an initial consultation, please Contact us to discuss your requirements. We encourage potential SEAD partners to have an initial discussion with the ABS to determine if SEAD is the right service for you. 

Step 3. Proceed with requirements gathering

Once the ABS receives confirmation to proceed following the initial consultation, potential SEAD partners are requested to complete a system usage and software requirements form. This form is used to provide a tailored quote. 

The drafting of the Memorandum of Understanding (MoU) and requirements gathering process will begin. The MoU will outline the terms, conditions, and responsibilities for both parties, providing a clear framework for the partnership.

Step 4. Setup and trial period

Following the potential SEAD partner's acceptance of the quote and completion of a networking specifications form, the ABS will facilitate setup of the partner SEADpod and initiate a complimentary 30-day trial period. Partner organisations will be required to setup Azure Storage Explorer, via their IT department.

The ABS will assist in initial account setup and provide instruction guides and relevant training on how to use the system. 

Note:  The ABS does not provide any training for users on conducting analysis or modelling within the system itself.

Step 5. Service commencement

If the SEAD partner's requirements are met following the completion of the trial, the MoU will be finalised. The SEAD partner's service will formally commence upon agreement by both parties, and invoicing is paid. 

The ABS will continue to provide ongoing account and system support, licensing and development services as outlined in the MoU. The SEAD partner takes on the responsibility of administering their SEADpod in accordance with their governance and legislative requirements.  

The ABS will provide a service usage report every 6 months to assist the SEAD partner in managing their costs and usage. 

Accessibility and inclusiveness

The ABS is actively working to comply with Web Content Accessibility Guidelines (WCAG) 2.1 at Level AA, which describe how to make web content more usable and accessible for everyone. Our goal is to provide information that is accessible to all, including people with disabilities.

Recent accessibility reviews confirm that the SEAD cloud platform meets the necessary organisational standards as it:

  • runs on Windows 11, which enables the utilisation of existing accessibility features and functions
  • utilises virtual machines that are subject to Microsoft compliance obligations
  • contains statistical tools that are either WCAG compliant or provide integration with Windows Accessibility features

Note: Any Windows accessibility features not enabled by default can be requested, and will be considered in line with relevant data sensitivities.

Privacy policy

The ABS privacy policy and SEAD privacy notice outline how the ABS handles any personal information that you provide to us.

The SEAD Privacy Impact Assessment considers the potential privacy impacts on people whose personal information may be used as part of the SEAD service.

Back to top of the page