Sponsors and other regulated entities must ensure that procedures and processes are in place to safeguard the authenticity, integrity, and, when appropriate, the confidentiality of electronic records (see §§ 11.10 and 11.30). Therefore, logical and physical access controls must be employed for electronic systems that are used in clinical investigations, particularly for systems that provide access to multiple users or that reside on networks (see §§ 11.10(d) and 11.30). Sponsors and other regulated entities must ensure that procedures and processes are in place to limit access to their electronic system to authorized users (see §§ 11.10(d) and 11.30). There should also be external security safeguards in place to prevent, detect, and mitigate effects of computer viruses, worms, and other potentially harmful software code on study data and software (e.g., firewalls, antivirus and anti-spy software).
