5 Things to Know When Using Computerized Systems in Clinical Trials


Technology is revolutionizing the clinical landscape. As the decentralization and virtualization of clinical trials becomes more commonplace — a trend hastened by the COVID-19 pandemic — clinical investigations are becoming more streamlined. Efficiencies that were once unimaginable are becoming standard practices. To keep pace with the evolution of clinical trials, organizations that conduct clinical investigations are increasing their investments in beneficial new technologies as never before, as indicated by a recent Greenphire survey that revealed 84% of sponsors and contract research organizations are actively seeking to boost their use of technology to better support decentralized clinical trials. (1)

“We’ve entered into a new era of clinical development, and things are changing with the virtualization of clinical trials,” said MaryAnne Rizk, Ph.D., chief strategy officer of the decentralized trial provider Medable. “We emphasize so much on speed and progression, but we also need to make sure that we’re improving the quality of data.” (2)

To help organizations ensure that the technologies they use in clinical activities maintain the highest levels of data quality and drive greater patient centricity, the U.S. Food and Drug Administration (FDA) has provided the Computerized Systems Used in Clinical Trials guidance. (3) The guidance document provides clinical organizations with a blueprint to help them ensure that their data is created, modified, maintained, archived, retrieved, and transmitted in a way that conforms with regulatory expectations. The following are the five most important aspects of the guidance that must be taken into consideration when using digital systems in clinical trials.

#1: Making Security Paramount

The FDA guidance outlines the agency’s requirements for the physical and logical security of computerized clinical trial management systems. Regardless of the complexity of the system in use, meeting these expectations requires that it meet several security benchmarks, including:

  • Access to the system and its data must be restricted to authorized personnel. Staff should be aware of access limitation security measures and standard operating procedures should be in place to prevent unauthorized system access.
  • Access to study data at sites should only occur through the system’s software. Data should only be altered, browsed, queried, or reported via external applications at sites if those applications enter through secure portals to the designated software.
  • Any system provided by a sponsor exclusively for use as a clinical trial management system should remain dedicated to the purpose for which it has been intended and validated. If the system is also used for other purposes, the study software must be logically and physically isolated as necessary.
  • The system must have controls in place to prevent, detect, and mitigate the effects of viruses on study data and software.

#2: Maintaining Audit-Readiness With Audit Trails

An audit trail is defined in the guidance document as “…a secure, computer generated, time-stamped electronic record that allows reconstruction of the course of events relating to the creation, modification, and deletion of an electronic record.” The purpose of an audit trail, as specified in 21 CFR Part 11.10(e), is to protect the authenticity, integrity, and confidentiality of electronic documents. (4)

The FDA requires that agency personnel must be able to read audit trails at study sites and at any other location where associated electronic study records are maintained. Unlike paper-based systems that make audit-related information difficult to track and provide to the agency upon request, a proven digital system enables organizations to ensure that their audit trails are easy to trace and readily available from any authorized access point.

#3: Assuring Documentation Reliability With Unique Electronic Signatures

The FDA’s guidance defines an electronic signature as “a computer data compilation of any symbol or series of symbols, executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual's handwritten signature.” Much like audit trails, electronic signatures help ensure that regulatory documentation is reliable and accurate prior to submission. That’s why the guidance calls for the “attributability” via electronic signatures of all data entered into and changed within an electronic system. Hence, unique electronic signatures must be ascribable to all employees and other authorized parties involved with a trial. To prevent accidental or intentional damage to clinical trial documents and files, electronic signatures must even be maintained for former employees.

To ensure that data can be attributed to the person who is responsible for it or who has worked with it, the computerized system’s data entry screen should always display the printed name of the individual making entries or changes. This provides the assurance that the correct person is dealing with information that matches the appropriate electronic signature. If the display name doesn’t match that of the person entering or changing data in the system, that user should log in under their own name before proceeding to prevent compliance mishaps.

#4: Minimizing Validation Burdens

Software validation is defined in the guidance as the “confirmation by examination and provision of objective evidence that software specifications conform to user needs and intended uses, and that the particular requirements implemented through the software can be consistently fulfilled.” The time and resources required to validate and document the validation of a computerized system can lead to serious and costly delays unless the system has a proven track record of rapid, efficient, and thorough validation.

If you plan to implement a commercially available software system, first consider its effectiveness in meeting the validation documentation requirements delineated in section VIIIB(2) of FDA’s guidance document. Specifically, the vendor should provide or facilitate the creation of the following documentation:

  • Written design specifications that describe what the software is intended to do and how it is intended to do it.
  • A written test plan based on the design specification, including both structural and functional analysis.
  • Test results and an evaluation of how these results demonstrate that the predetermined design specification has been met.

Modern, cloud-based software solutions ease validation burdens and facilitate the risk-based approach to validation favored by the FDA.

#5: Accommodating Regulator Access

Organizations conducting clinical investigations not only must maintain compliance with FDA record retention requirements but should also be capable of providing investigators with immediate access to study information on demand. As the guidance states, the organization “should be able to provide hardware and software as necessary for FDA personnel to inspect the electronic documents and audit trail at the site where an FDA inspection is taking place.”

The data and documentation generated throughout the course of clinical activities comes from a variety of sources — from spreadsheets maintained at study sites to data collected from patients’ wearable devices and every imaginable source in between. The computerized system your organization uses for clinical activities must be able to connect the data from these sources and collect it all within a central and secure repository that can be readily accessed by regulatory investigators and authorized users alike. This can be an extremely heavy lift if your IT resources aren’t up to the task.

A cloud-based software solution makes it easy to link and access data in real time across multiple regions and agencies. Cloud-based systems also compensate for IT resource limitations and help eliminate the data silos that too often hinder clinical studies.

Computerized Systems and the New Era of Clinical Monitoring

Innovations like cloud technologies are creating unprecedented opportunities in clinical investigations, especially with regard to the novel ways they’re enabling organizations to establish remote clinical trial monitoring systems. With the advent of powerful new tools, however, comes the responsibility to use them prudently. The use of a remote monitoring system in clinical trials should be focused on its contribution to regulatory compliance.

From the FDA’s perspective, compliance isn’t simply achieved by implementing a computerized clinical trial monitoring system that makes remote monitoring possible. The key to compliance is ensuring your organization can expertly apply the clinical trial monitoring system in a manner that enables you to identify and mitigate the risks that could imperil your trials.

“We expect that you understand any technology you are using, how it’s working, and how it helps answer any questions that might be posed by FDA,” said FDA Health Scientist Policy Analyst Ansalan Stewart, Ph.D. “Just because you throw a new technology on there, that alone is not going to address risk. You have to know what you’re using and how it’s working.” (5)

To learn how proven clinical trial management solutions can accelerate the achievement of your clinical goals, visit MasterControl’s clinical trial software page.


  1. Centering on the Patient by Decentralizing Clinical Trials,” by Carolyn Gretton, PharmaVOICE, Nov./Dec. 2020.
  2. Risk-Based Thinking in Clinical Trials,” DIA DIRECT webinar, Aug. 17, 2021.
  3. Guidance for Industry – Computerized Systems Used in Clinical Trials,” FDA website, content current as of April 13, 2015.
  4. Code of Federal Regulations Title 21 Part 11 Subpart B – Electronic Records,” FDA website, revised as of April 1, 2020.
  5. 5. Supra note 2.


James Jardine is a marketing content writer at MasterControl, Inc., a leading provider of cloud-based quality and compliance software solutions. He has covered life sciences, technology and regulatory matters for MasterControl and various industry publications since 2007. He has a bachelor’s degree in communications with an emphasis in journalism from the University of Utah. Prior to joining MasterControl, James held several senior communications, operations and development positions. Working for more than a decade in the non-profit sector, he served as the Utah/Idaho director of communications for the American Cancer Society and as the Utah Food Bank’s grants and contracts manager.

Free Resource

How to Use Risk-Based Monitoring and Clinical CAPA to Ensure Compliance

Enjoying this blog? Learn More.

How to Use Risk-Based Monitoring and Clinical CAPA to Ensure Compliance

Download Now
[ { "key": "fid#1", "value": ["GxP Lifeline Blog"] } ]