SALUS

---

What it is

SALUS is an early-stage demonstrator designed to explore how secure, controlled, and ethically governed data-sharing can improve emergency planning and crisis response for vulnerable individuals as well as wider multi-agency service provision.

What problem it addresses

Many organisations—including emergency services, healthcare providers, and utility companies—hold fragmented and siloed data about vulnerable individuals. The lack of a structured and secure way to share relevant data results in delayed responses and inefficiencies in providing support to those most in need.

SALUS aims to test and validate ABAC for real-time decision-making, ensuring that each organisation only sees the information it needs, when it needs it, for specific purposes, while maintaining data privacy and security.

How it contributes to the National Digital Twin vision

SALUS serves as a key testbed for secure and controlled data-sharing, demonstrating how sensitive information can be accessed dynamically across multiple organisations while maintaining strict governance and security protocols.

At its core, SALUS is advancing ABAC within the Integration Architecture (IA), ensuring that data visibility is tailored in real time based on user attributes, organisational roles, and predefined policies. Through a graph-based data visualisation approach, the demonstrator showcases how different stakeholders—such as healthcare providers, emergency services, and utility companies—can view and interact with a common dataset differently, depending on their specific needs and permissions.

Beyond its technical capabilities, SALUS is used to develop the legal, security, and ethical frameworks necessary for scalable, cross-organisation data-sharing. By exploring the challenges and opportunities of federated data governance, the demonstrator is laying the groundwork for trusted, interoperable information exchange that can be applied across multiple sectors in the National Digital Twin ecosystem.

---

Lead stakeholders & collaborators:

• Isle of Wight Council
• Hampshire & Isle of Wight Constabulary
• Hampshire & Isle of Wight Fire and Rescue
• Isle of Wight NHS Trust
• South East Coast Ambulance Service
• Southern Water
• Scottish and Southern Electric

Testing the feasibility of secure, controlled data-sharing

VISTA offers a real-world demonstration of how ABAC can be applied to emergency response data, ensuring that critical information is accessible only to the right people, at the right time, under the right conditions.

To bring this concept to life, we developed a graph-based visualisation tool that illustrates how different user attributes shape data access in real-time. This was tested in a multi-organisation workshop, where representatives from healthcare, emergency services, and local government were given access to the same dataset of synthetic vulnerable persons data—but each saw different levels of detail based on their assigned roles and permissions.

This hands-on exercise validated ABAC’s ability to dynamically tailor data visibility, ensuring that sensitive information remains protected while still enabling secure, cross-sector collaboration. By preventing unnecessary data duplication and enforcing policy-driven access rules, SALUS is paving the way for more efficient, scalable, and legally compliant data-sharing across multiple organisations.

Addressing real-world challenges in vulnerable population response

In emergency situations, having timely access to accurate information can mean the difference between rapid intervention and critical delays. SALUS is designed to ensure that emergency responders can securely access the right data at the right time, enhancing situational awareness, coordination, and decision-making across multiple agencies.

By implementing controlled, policy-driven data-sharing, SALUS helps strengthen trust between organisations, enabling cross-sector collaboration without compromising security. Healthcare providers, emergency services, and local authorities can work together more effectively, ensuring that vulnerable individuals receive the support they need while maintaining strict data protection measures.

SALUS also provides an opportunity to further develop the operating framework needed for the IA to function effectively. This includes defining the legal frameworks, such as data-sharing agreements, ethical guidelines, and security standards, that will underpin trustworthy and scalable cross-organisation data exchange. By shaping these frameworks, SALUS contributes to the wider governance, compliance, and interoperability efforts required to enable secure, federated data-sharing within the National Digital Twin ecosystem.

---

Refining the risk management framework for data-sharing

SALUS is helping to advance structured, risk-aware data-sharing models, ensuring that sensitive information can be exchanged securely and responsibly across multiple organisations. By incorporating insights from a newly developed data sharing risk framework, the demonstrator is evaluating the challenges, constraints, and mitigation strategies needed to enable trusted, cross-sector data-sharing in both routine and crisis situations.

A key aspect of this work is the development of structured governance models, ensuring that data-sharing is sustainable, legally compliant, and ethically responsible. This includes exploring how ABAC could enhance dynamic, context-aware permissions, allowing access policies to adjust in real time based on evolving needs and events.

SALUS is also being used to develop a policy management tool for the IA, serving as a testbed for different approaches, including:

• Defining a finite set of attribute labels, ensuring they are broad enough to allow for meaningful, granular access control while remaining manageable, enforceable, and scalable.
• Testing traditional policy management approaches, such as XACML-style frameworks with Policy Enforcement Points (PEPs) and centralised decision engines.
• Balancing complexity and efficiency, ensuring that policy models remain practical across multiple organisations while still enforcing robust, secure, and context-aware data-sharing.

Preparing for technical validation & further testing

As SALUS progresses toward technical validation, the focus is on ensuring that its data-sharing models and security mechanisms function effectively in real-world scenarios. This involves developing and refining test cases, using both live and simulated data, to evaluate how well the demonstrator supports controlled, multi-organisation data exchange.

Building on insights from the initial workshop, the next phase will involve working with stakeholders to evolve the data sharing risk framework, expanding multi-agency testing and incorporating feedback to refine user experience, access control mechanisms, and governance structures. This iterative approach ensures that SALUS evolves into a robust, scalable solution capable of supporting secure, policy-driven data-sharing across diverse sectors.

---

Architecture & frameworks used

• Built using NDTP’s IA for secure and structured data-sharing.
• Designed as a graph-based data visualisation tool, allowing users to see the impact of different attributes on data access.

Data & Interoperability Considerations

• Supports structured data exchange, aligned with the Information Exchange Standard (IES).
• Implements ABAC, ensuring that data visibility is dynamically adjusted based on user attributes.
• Exploring Policy-based Access Control (PBAC) as a future enhancement, allowing for policy-driven automation of access controls.

---

There are multiple ways to engage with SALUS, whether you are part of government, emergency response, healthcare, industry, academia, or the technical community:

• Collaboration & Partnerships – Government bodies, emergency response teams, and infrastructure operators can contribute data, expertise, or funding to expand VISTA’s capabilities.
• Adoption & Adaptation – Organisations can adopt or adapt VISTA for their own secure data-sharing needs, ensuring the tool is reused and extended for maximum impact.
• Technical Contributions – Developers, researchers, and data specialists can contribute to open-source development, refine data interoperability models, and submit improvements via GitHub.
• Testing & Feedback – Organisations and individuals can validate use cases, test functionality, and provide feedback to improve usability and effectiveness.
• Knowledge Sharing – Contributions to best practices, case studies, and policy recommendations are encouraged to guide future expansions.

If you’re interested in collaborating, adopting, or contributing, get in touch via ndtp@businessandtrade.co.uk.