What is it? Why is it important?

A server is used as a central storage device for study data. It should run continuously in order to guarantee:


  • Ongoing functionality:
    • Update of network security
    • Automatic data back-up
    • Protection against server break-down
    • Existence of emergency data recovery procedures


  • Security:
    • Strictly monitored access and user control with ongoing audit trail that documents any changes to the data and other functionalities of the study database (e.g. access management)
    • Restricted access to server presmises in order to protect against theft, accidental server damage, data disclosure, alteration or destruction


  • Storage infrastructure:
    • Ongoing temperature- and humidity surveillance
    • Fire-, extensive dust-, and vibration protection
    • Protection against rodent infestation

What do I need to do?

As a SP-INV familiarise yourself with server management requirements, such as to:

  • Carefully plan server acquisition in order to ensure functionality and security requirements can be met.
  • Ensure study data is stored centrally on a protected server and not on a laptop, desktop, hard drive or any removable storage device


In addition:

  • Access to server storage premises should be documented and traceable
  • Server access codes should be kept in a secure place
  • Server access codes should only be available to staff who need them for the completion of their task(s)


Even when a server is not kept at the study site, but is under the administration of an institutional computer department, the responsibility of server functionality and data security remains with the SP-INV.


Means to protect your server and the security of your study data include to:

  • Keep any firewall, security-related upgrades, and virus protection up-to-date
  • Allow only delegated, and knowledgeable staff handle problems within the operating system
  • Install an electronic recording system able to document access to server storage premises
  • Install an alarm system that monitors and alerts when storage conditions become unfavourable
  • Have procedures and equipment ready in order to responds to unfavourable conditions (e.g. air-conditioner, humidifier)
  • Only have password protected access to servers, computers and study eCRF
  • Encrypt any forwarded sensitive data. Define a secure method of data transfer
  • Prevent any unnecessary server relocation

Where can I get help?

Your local CTU can support you with experienced staff regarding this topic


ICH GCP E6(R2) – see in particular guideline

  • 5.5. Trial Management, data handling, and record-keeping
  • CTU – Clinical Trials Unit
  • eCRF – electronic Case Report Form
  • ICH GCP – International Council for Harmonisation Good Clinical Practice
  • SP-INV – Sponsor-Investigator
Concept ↦ Data Handling ↦ Server Management ↦ Data Storage

Provides some background knowledge and basic definitions

Basic Monitoring
Basic Drug or Device

Starts with a study idea

Ends after having assessed and evaluated study feasibility

Concept Drug or Device

Starts with confidence that the study is feasible

Ends after having received ethics and regulatory approval

Development Drug or Device

Starts with ethics and regulatory approval

Ends after successful study initiation

Set-Up Ethics and Laws
Set-Up Quality and Risk
Set-Up Drug or Device

Starts with participant recruitment

Ends after the last participant has completed the last study visit

Conduct Drug or Device

Starts with last study visit completed

Ends after study publication and archiving

Completion Statistics
Completion Drug or Device
Current Path (click to copy): Concept ↦ Data Handling ↦ Server Management ↦ Data Storage

Please note: the Easy-GCS tool is currently under construction.