It is very nice to visit Lambda facility and thanks to warm welcome provided by all the teams. I can easily say one of the best CRO I ever visited. People here are wonderful and doing great job

Reputed Client of Israel

Awesome hospitality & fantastic office. All the best!

Reputed Client of Japan

Excellent hospitality and cooperation received throughout the audit. People are knowledgeable and extremely transparent. Looking for long time relation

Reputed Client of Asia

Facility is too good to conduct the BABE studies and adherence to protocol and quality assurance in conducting studies are meeting sponsor expectations and requirements.

Reputed Client of India

Facility is good, people r trained well and know the subject on which they r working. All the best.

Reputed Client of USA

Highly innovative and advanced research centre that possess bright future for the development of the country.

Reputed International Government Body

It is one of the best facility in India for BA/BE

Reputed Regulatory Authority

Lambda is a very professional CRO. All the staff here are experienced and very knowledgeable. I'm grateful for their accommodations and hospitality. The future, if we want to carry out BE study, we will ask Lambda help again.

Reputed Client of Europe

It was a really pleasant meeting with the PV department, and I am looking forward to the next visit.

Reputed Client of Europe

Amazing and best CRO I ever seen

Reputed Client of China



Home / Blog

EMA Guideline on Computerised Systems and Electronic Data in Clinical Trials

04 Jul 2023

Lambda Therapeutic Research acknowledges the release of the European Medicines Agency - Good Clinical Practice Inspectors Working Group (GCP IWG)'s 'Guideline on computerised systems and electronic data in clinical trials' (EMA/INS/GCP/112288/2023), on March 7th, 2023, to come into effect six months after publication. This guideline replaces the 'Reflection paper on expectations for electronic source data and data transcribed to electronic data collection tools in clinical trials' (EMA/INS/GCP/454280/2010).

Computerised systems are increasingly being used in clinical research. The complexity of these systems has rapidly evolved in recent years, from electronic case report forms (eCRF) and electronic patient-reported outcomes (ePROs) to various wearable devices used for continuous monitoring of trial participants. This evolution also includes the use of artificial intelligence (AI). Consequently, there is a need to provide guidance to all stakeholders involved in clinical trials, reflecting these changes in data types and trial methodologies, to ensure the quality and reliability of trial data, as well as the rights, dignity, safety, and well-being of the participants.

This guideline will describe some generally applicable principles and provide definitions of key concepts. It will also cover the requirements and expectations for computerised systems, including validation, user management, security, and the handling of electronic data throughout its life cycle.


The scope of this guideline encompasses computerised systems (including instruments, software, and 'as a service' solutions) used in the creation and capture of electronic clinical data, as well as the control of other processes that have the potential to affect participant protection and the reliability of trial data. This applies to clinical trials involving investigational medicinal products (IMPs). All electronic data should adhere to the ALCOA principle.

This includes, but is not limited to, the following:

  • Electronic medical records
  • Electronic devices used by clinicians to collect data (e.g., mobile devices supplied to clinicians)
  • Data capture for trial participants, such as biometrics (e.g., wearables or sensors)
  • Electronic case report forms (eCRFs)
  • Data capture related to the transit and storage temperatures for investigational medicinal products (IMPs) or clinical samples.
  • Data capture, generation, handling, or storage in a clinical environment where analysis, tests, scans, imaging, evaluations, etc., involving trial participants or samples from trial participants are performed in support of clinical trials (e.g., LC-MS/MS systems, medical imaging, and related software)
  • Electronic trial master files (e-TMFs) used to maintain and archive essential clinical trial documentation.
  • Electronic informed consent for providing information and/or capturing informed consent when allowed by national legislation.
  • Interactive Response Technologies (IRT) used for the management of randomisation, supply, and receipt of IMP (e.g., via a web-based application)
  • Portals or other systems used for supplying information from the sponsor to the sites or from the sponsor or site to adjudication committees and others.
  • Systems/tools used to conduct remote activities such as monitoring or auditing.
  • Computerised Systems

    While there is already much information and guidance available for electronic and computerised data, this guideline will focus solely on computerised systems. It describes the requirements for validation, user management, and information technology (IT) security.

    Description of Systems

    The responsible party should maintain a list of physical and logical locations of the data, such as servers, as well as the functionality and operational responsibility for computerised systems and databases used in a clinical trial. An assessment of their fitness for purpose should also be included. In cases where multiple computerised systems/databases are used, there should be a clear overview available to understand the extent of computerisation. System interfaces should be described, defining how the systems interact, including validation status, methods used, and security measures implemented.

    Documented Procedures

    Documented procedures should be in place to ensure the correct use of computerised systems. These procedures should be controlled and maintained by the responsible party.


    All individuals involved in conducting a clinical trial should be qualified through education, training, and experience to perform their respective tasks. This also applies to training on computerised systems. Systems and training should be designed to meet the specific needs of system users, such as sponsors, investigators, or service providers. Special consideration should be given to the training of trial participants when they are system users.

    Training on the relevant aspects of legislation and guidelines should be provided to those involved in developing, coding, building, and managing trial-specific computerised systems. This includes individuals employed at a service provider supplying eCRF, IRT, ePRO, and the trial-specific configuration, customization, and management of the system during the clinical trial. All training should be documented, and the records retained and made available for monitoring, auditing, and inspections.

    Security and Access Control

    To maintain data integrity and protect the rights of trial participants, computerised systems used in clinical trials should have security processes and features to prevent unauthorized access and unwarranted data changes. The blinding of treatment allocation, where applicable, should also be maintained.

    Checks should be implemented to ensure that only authorized individuals have access to the system and that they are granted appropriate permissions (e.g., the ability to enter or modify data). Records of authorized access to the systems, along with the respective levels of access, should be clearly documented. The system should also record changes to user roles, access rights, and permissions.

    Training on the importance of security, including the need to protect passwords and keep them confidential, should be documented. Additionally, there should be enforcement of security systems and processes, identification and handling of security incidents, prevention of social engineering and phishing.


    Accurate and unambiguous date and time information, given in coordinated universal time (UTC) or time and time zone (set by an external standard), should be automatically captured. Users should not be able to modify the date, time, and time zone on the device used for data entry when this information is captured by the computerised system and used as a timestamp.

    Electronic Data

    For each trial, it should be identified which electronic data and records will be collected, modified, imported, and exported, as well as how they will be archived, retrieved, and transmitted. Electronic source data, including the audit trail, should be directly accessible by investigators, monitors, auditors, and inspectors without compromising the confidentiality of participants' identities.

    Data Capture and Location

    The primary goal of data capture is to collect all data required by the protocol. All relevant observations should be documented in a timely manner. The location of all source data should be specified prior to the start of the trial and updated during the trial, as applicable.


    Source data collected on paper (e.g., worksheets, paper CRFs, diaries, or questionnaires) need to be transcribed manually or using a validated entry tool into the electronic data collection (EDC) system or database(s). In the case of manual transcription, risk-based methods should be implemented to ensure the quality of the transcribed data (e.g., double data entry and/or data monitoring).


    Trial data are regularly transferred between systems. The process for file and data transfer needs to be validated and ensure data and file integrity for all transfers. Data collected from external sources and transferred over open networks should be protected from unwarranted changes and secured/encrypted to prevent the disclosure of confidential information. All transfers needed during the conduct of a clinical trial should be pre-specified.

    Validation of transfer should include appropriate challenging test sets and ensure that the process is available and functioning at the start of the clinical trial (e.g., to enable ongoing sponsor review of diary data, lab data, or adverse events by safety committees). Data transcribed or extracted from electronic sources, along with their associated audit trails, should be continuously accessible according to delegated roles and corresponding access rights. Adequate considerations should be made for the transfer of source data and records when the original data or file are not maintained, in order to prevent the loss of data and metadata.

    Direct Capture

    Direct data capture can be performed using electronic data input devices and applications such as electronic diaries, questionnaires, and eCRFs for direct data entry. When treatment-related pertinent information is captured first in a direct data capture tool, such as a trial participant diary, a PRO form, or a special questionnaire, a documented procedure should exist to transfer or transcribe the information into the medical record when relevant.

    Direct data capture can also be achieved using automated devices such as wearables or laboratory or other technical equipment (e.g., medical imaging, electrocardiography equipment) that are directly linked to a data acquisition tool. Such data should be accompanied by metadata concerning the device used (e.g., device version, device identifiers, firmware version, last calibration, data originator, timestamp of events).

    Edit Checks

    Computerised systems should validate manual and automatic data inputs to ensure adherence to a predefined set of validation criteria. Edit checks should be relevant to the protocol and developed and revised as needed. They should be validated, and the implementation of individual edit checks should be controlled and documented. If edit checks are paused at any time during the trial, this should be documented and justified. Edit checks can be run immediately at data entry, automatically during defined intervals (e.g., daily), or manually.

    Approaches for edit checks should be guided by necessity, avoiding bias, and ensuring traceability when data are changed as a result of an edit check notification. The sponsor should not make automatic or manual changes to data entered by the investigator or trial participants unless authorized by the investigator.

    In conclusion, the EMA guideline on computerized systems and electronic data in clinical trials provides essential principles and requirements to ensure the quality, reliability, and security of trial data while safeguarding the rights and well-being of participants. Adhering to these guidelines enhances the efficiency and integrity of computerized systems, promoting advancements in medical research and the development of safe and effective treatments. Read the guidelines here.

Looking for a Globally Proven Research Partner?

Contact Us