Strengthening outcomes through review
Evaluation ensures the system remains fit for purpose.
This may include:
- Periodic review of Spoke operations
- Assessment of scientific output quality
- Financial sustainability review
- Participant satisfaction and governance effectiveness
- Assessment of decision impact
Spoke steering committees are expected to conduct reviews at least every two years.
Evaluation supports continuous improvement, evidence-based funding decisions and strategic realignment.
Risk Management
Risk management is embedded at all stages.
Key risk domains include:
- Data risks – such as misuse, re-identification or breach of licence conditions
- Security risks – including unauthorised access or system compromise
- Legal and regulatory risks – such as privacy breaches or failure to meet statutory obligations
- Operational risks – including participant withdrawal or loss of capability
- Reputational risks – arising from contested or misunderstood outputs
Risk is addressed through a combination of governance rules, contractual obligations and technical controls. The goal is not to eliminate all risk, but to ensure that risks are understood, proportionate and defensible.
Monitoring
Monitoring focuses on how systems are used, not on analytical outcomes, ensuring accountability.
Operational monitoring includes:
- Logging of user access and activity
- Recording of data use and analytics
- Retention of audit logs
- Review of access permissions
Data providers may request audit logs relating to access to their data.
Monitoring deters misuse, supports incident response, enables investigation of disputes and provides confidence to participants and regulators. It reinforces behavioural norms by making it clear that activity occurs within an accountable system.
