Tag: clinical research governance

  • AI Governance UK: What Universities Hire For

    AI governance UK hiring is real but narrow: employers are advertising standalone “AI governance” titles mainly in consultancies and tech firms, while UK universities and research funders are folding AI oversight into existing research-governance, integrity and data-protection roles rather than minting a new job category. Certifications such as IAPP’s AIGP and the ISO/IEC 42001 Lead Auditor credential map to genuinely different parts of that work — one to policy and compliance, the other to formal audit.

    AI governance is the set of policies, controls and accountability structures an organisation uses to ensure AI systems are developed, procured and used safely, lawfully and transparently across their lifecycle.

    What is driving the AI governance UK hiring wave?

    Search interest in AI governance credentials has accelerated sharply. Keyword-demand data tracked into June 2026 shows “ai governance certification” search volume in the UK up 129% year-on-year, and “ai governance job” postings now surface daily on LinkedIn, Indeed and Totaljobs for roles spanning “Director AI Governance” to “Responsible AI Specialist.”

    The trigger is regulatory, not academic. Under the government’s 2023 White Paper AI regulation: a pro-innovation approach, the UK deliberately chose not to pass a single AI statute. Instead, existing regulators — the Information Commissioner’s Office, Ofcom and the Competition and Markets Authority — enforce five cross-sector principles: safety, security and robustness; appropriate transparency and explainability; fairness; accountability and governance; and contestability and redress.

    That distributed model pushes the compliance burden into individual organisations, which is exactly the vacuum “AI governance” job titles are appearing to fill. Employers with EU exposure are also hiring against the EU AI Act, whose obligations extend to UK organisations that deploy AI systems into EU markets.

    What are UK research institutions actually hiring for?

    A survey of current academic job boards shows standalone “AI Governance Officer” titles remain rare in UK higher education. What is expanding instead is AI content grafted onto established research-governance and research-integrity posts.

    • The University of Oxford has run a postdoctoral researcher post inside its Oxford AI Governance Initiative, focused on AI and risk research rather than institutional compliance.
    • The University of Bristol advertises a Head of Research Governance role — the University’s lead officer for research regulation, ethics and integrity across human participants, tissue and data, a remit now stretching to cover AI-enabled research methods.
    • The Alan Turing Institute’s AI Ethics and Governance in Practice programme, an eight-workbook resource for project teams, functions as the de facto training reference most UK research-intensive institutions point staff toward, in place of a dedicated internal certification.
    • The Russell Group published sector-wide principles on generative AI in education in January 2025, giving member universities a shared policy baseline rather than each hiring separate AI governance specialists.

    The pattern is consistent: research institutions are governing AI through their existing research-integrity, ethics-committee and data-governance infrastructure, supplemented by sector guidance from the Turing Institute and Russell Group, rather than building a parallel AI governance function from scratch.

    Which certifications map to the job?

    Two credentials dominate current job advertisements, and they are not interchangeable. IAPP’s AIGP is a policy and compliance credential; ISO/IEC 42001 Lead Auditor is a formal management-systems audit qualification built on the international AI management system standard published in 2023.

    Certification Body Format Best fit
    IAPP AIGP International Association of Privacy Professionals 100 multiple-choice questions, 180 minutes Privacy, legal and policy staff who need to interpret AI law and risk, not audit systems
    ISO/IEC 42001 Lead Auditor Accredited training bodies (e.g. PECB, BSI) against the ISO/IEC 42001:2023 standard Multi-day course plus exam Auditors and compliance managers validating a formal AI management system (AIMS)
    Vendor foundational courses (e.g. Securiti) Commercial vendors Short on-demand modules, 2–3 hours Awareness-level onboarding, not a substitute for either credential above

    Neither certification is a licence to practise. Both function as evidence that a candidate has studied a defined body of knowledge — AIGP for law and policy, ISO/IEC 42001 Lead Auditor for management-system audit method — which is why job advertisements almost always list them as “desirable,” not mandatory.

    Genuine career pathway or rebadged compliance role?

    The honest answer is both, depending on sector. In consultancies and large tech employers, “AI governance” is emerging as a distinct, senior, well-paid track — UK job boards currently list Director-level AI governance roles paying well above general compliance-officer rates. In research institutions, it is largely a rebadged extension of research integrity, data protection and ethics-committee work that already existed.

    That does not make it hollow. It means the credential value differs by employer type: a corporate AI governance hire benefits most from IAPP’s AIGP or an ISO/IEC 42001 audit qualification, while a university research-governance officer gains more from Turing Institute and Russell Group sector guidance, since their day job already sits inside an ethics and integrity framework those resources were built for.

    Which is the best AI governance certification?

    There is no single “best” credential; fit depends on function. IAPP’s AIGP suits policy, legal and privacy specialists working across jurisdictions and the EU AI Act. ISO/IEC 42001 Lead Auditor suits professionals who must formally audit an organisation’s AI management system rather than advise on policy.

    Is AI governance certification worth it?

    It is worth it for candidates whose work already touches AI policy, compliance, risk management or privacy, where it demonstrates structured knowledge to employers. It adds little on its own without underlying domain experience, since UK job advertisements consistently list these credentials as desirable evidence rather than a mandatory gate.

    How to become an AI governance professional?

    Most current UK postholders arrive via data protection, legal, risk or research-integrity backgrounds, then add AI-specific knowledge through a credential such as AIGP or ISO/IEC 42001. Direct entry-level “AI governance” hiring remains limited; experience in an adjacent regulated function is the more common route in.

    What skills are needed for AI governance?

    Core skills include risk assessment, regulatory interpretation, bias and fairness evaluation, and stakeholder communication across legal, technical and leadership teams. Employers also expect familiarity with the AI lifecycle and enough technical literacy to question a model’s design without needing to build one.

    What this means for research institutions

    For UK research administrators and institutional leaders, the near-term implication is not to create a new “AI Governance Officer” post by default. It is to audit whether existing research-integrity, data-governance and ethics-committee functions already cover AI risk, and where they do not, to close the gap with targeted training — Turing Institute workbooks or an IAPP AIGP course — rather than an immediate new hire.

    Over the next 12–24 months, expect the corporate and research-sector paths to converge somewhat as funders begin asking institutions to document AI oversight within grant compliance and wider research administration processes. Institutions that get ahead of that by mapping certifications to real duties now, rather than hiring a title, will be better placed when funders start asking for evidence.

  • Clinical Research Governance: Sponsor, Host, PI

    Clinical research governance in a multi-site trial is not a single chain of command but three overlapping, unequally weighted accountabilities: the sponsor owns overall trial risk and cannot delegate it away, the host organisation owns the local environment and confirms site-level capacity, and the principal investigator owns day-to-day conduct at their site. In practice, this three-way split creates gaps — in indemnity, in recruitment-shortfall accountability, and in adverse-event reporting speed — that the written framework does not fully resolve.

    Clinical research governance is the system of regulations, ethical principles and quality standards — spanning ethical approval, risk management, data integrity and financial oversight — that safeguards participants and assures the scientific validity of health research. In UK-regulated studies, the current reference point is the UK Policy Framework for Health and Social Care Research, maintained by the Health Research Authority (HRA) and last updated 10 January 2025.

    Contents

    What the framework says multi-site responsibility should look like

    On paper, the model is clean. The UK Policy Framework defines the sponsor as the organisation or individual taking on responsibility for initiating, managing and financing (or arranging financing for) a study. Every other party’s obligations flow from that single point of accountability.

    Participating NHS sites are brought in through Confirmation of Capacity and Capability — a check, run by each site’s own research and development (R&D) office, that it has the staff, facilities and local approvals to deliver the protocol safely. This is the mechanism that lets a single HRA and Health and Care Research Wales (HRA/HCRW) Approval cover recruitment across dozens of sites without a fresh full ethics review at each one.

    Contractually, the sponsor-host relationship is usually standardised through the Association of the British Pharmaceutical Industry’s model Clinical Trial Agreement (mCTA) for commercial studies, or a model Non-Commercial Agreement for academic ones — terms defined alongside related governance concepts in the CASRAI Research Administration Dictionary. Costs are mapped using the NIHR’s Attributing the Cost of Health and Social Care Research and Development (AcoRD) guidance and a Statement of Activities/Schedule of Events Cost Attribution Template (SoECAT), intended to make explicit which party pays for what before the trial opens.

    The sponsor owns the trial’s overall regulatory and scientific risk. Under the UK Policy Framework, this cannot be contracted away, even when day-to-day monitoring is subcontracted to a contract research organisation (CRO). Concretely, that means:

    • Establishing and maintaining a documented risk-management framework across all sites
    • Ensuring compliance with Good Clinical Practice under ICH E6(R2)
    • Arranging indemnity/insurance appropriate to the trial’s risk profile
    • Monitoring site-level performance and stepping in when a site under-delivers

    For commercially sponsored trials, indemnity typically follows ABPI clinical-trial compensation guidelines. For non-commercial, NHS- or university-sponsored trials, negligent harm is usually covered through the host trust’s NHS Indemnity Scheme (the Clinical Negligence Scheme for Trusts). Non-negligent harm — injury with no clinician at fault — is a separate, thinner layer of cover that sponsors of non-commercial studies must arrange themselves, and it is frequently the least-scrutinised line item in a multi-site risk assessment.

    What does the host organisation control — and what doesn’t it?

    The host — the NHS trust, health board or university hosting the research locally — controls the physical and clinical environment: staff, facilities, occupational health cover, and the local R&D governance confirming capacity and capability before recruitment opens. It does not inherit the sponsor’s overall trial risk, and is not accountable for protocol design or cross-site data integrity.

    A host trust can, and does, halt recruitment at its own site if capacity is exceeded or a safety signal appears locally — but it has no authority over the other sites in the study, and no visibility into the sponsor’s aggregate risk picture unless the sponsor actively shares it.

    Party Owns Does not own
    Sponsor Overall trial risk, protocol design, cross-site oversight, indemnity arrangement Local staffing, facilities, day-to-day site conduct
    Host organisation Local environment, capacity/capability confirmation, site-level safety culture Cross-site risk aggregation, protocol amendments, sponsor’s regulatory liability
    Principal investigator Protocol adherence, informed consent, local data accuracy, adverse-event reporting at their site Trial-wide risk decisions, insurance/indemnity arrangements, other sites’ conduct

    Where does the principal investigator’s accountability begin and end?

    The principal investigator (PI) is accountable for conduct at their own site: following the protocol, obtaining valid informed consent, keeping accurate records, and reporting adverse events promptly to both the sponsor and the relevant research ethics committee. Their authority stops at the site boundary — a PI has no formal governance role over other participating sites, even in trials where they also act as chief investigator for scientific leadership.

    The structural tension is that a PI is usually employed, or given honorary contract/letter-of-access status, by the host — while being contractually accountable for trial conduct to the sponsor. That dual reporting line works when both parties communicate; it becomes a blind spot the moment a deviation or shortfall needs escalating and neither party is clearly first in line.

    Where does the theory break down in practice?

    Three recurring failure points separate the written framework from operational reality.

    • Recruitment-shortfall accountability. The framework assigns sponsors overall oversight, but recruitment targets are delivered site by site. When one site underperforms, responsibility for the trial-level consequence (a delayed readout, a statistically underpowered analysis) sits with the sponsor — yet the sponsor’s only lever is the same capacity-and-capability relationship the host controls.
    • Adverse-event reporting speed mismatches. PIs report to their own site’s systems first; sponsors then aggregate signals across sites to spot patterns. Multi-site trials with paper-based or fragmented electronic systems can see days of lag between a local signal and trial-wide risk reassessment — the exact gap that first-in-human trial reforms following the 2006 Northwick Park (TGN1412) incident were designed to close, by tightening dose-escalation and staggered-dosing risk controls at source rather than relying on retrospective aggregation.
    • Data-protection role confusion. Under UK GDPR, sponsors are usually the data controller and hosts the processor for site-level data — but joint-controller arrangements are common in investigator-led studies, and the governance documentation does not always specify which party answers a subject access request or a breach notification first.

    The historical root is worth noting: the original Research Governance Framework for Health and Social Care (Department of Health, 2001, revised 2005) followed the Bristol Royal Infirmary and Alder Hey organ-retention inquiries, which exposed exactly this kind of accountability vacuum in single-site care. The current UK Policy Framework, published in 2017 and updated since, extended that same sponsor-centred logic to a far more complex multi-site landscape — without fully re-engineering it for that complexity.

    Answer-first Q&A

    What is research governance in the NHS?

    In the NHS, research governance is the broad set of regulations, principles and standards that exist to achieve and continuously improve research quality across UK healthcare. It covers ethical approval, participant safety, data integrity, financial oversight and the roles of the sponsor, host organisation and investigator, all set out under the HRA’s UK Policy Framework for Health and Social Care Research.

    What are the seven pillars of clinical governance?

    The seven pillars, first articulated by Scally and Donaldson in their 1998 NHS clinical governance model, are: patient and public involvement, risk management, education and training, clinical audit, clinical effectiveness, staffing and management, and information management. They describe organisational quality assurance, distinct from — but closely linked to — trial-specific research governance.

    What are the five components of a clinical governance framework?

    Most operational models group clinical governance into five practical components: clear accountability structures, quality improvement and audit processes, risk and incident management, education and continuing professional development, and robust information systems. A multi-site trial needs all five replicated consistently across every participating organisation, not just at the coordinating centre.

    Implications for institutions running multi-site studies

    For research administrators and institutional leaders, the practical fix is not to wait for the framework to be re-engineered — it is to make the three-way split explicit in every study-specific document: the mCTA/mNCA, the SoECAT and the risk log. Naming which party owns recruitment-shortfall escalation, which owns the data-protection role, and which pays for non-negligent-harm cover before the first participant is consented closes most of the gaps identified here.

    As UK trial infrastructure consolidates further — with combined HRA/MHRA review pathways and shared R&D systems across integrated care systems — the sponsor-host-PI triangle will only govern more sites per study, not fewer. Institutions that document risk ownership explicitly, rather than relying on the framework’s implicit assumptions, will be the ones that catch the next Northwick-Park-scale gap before it reaches a participant, not after.

  • Research Governance Framework for Health and Social Care: What It Requires

    The research governance framework for health and social care is the UK-wide system of principles, defined roles and formal approvals that govern how health and social care research is designed, sponsored, hosted and conducted. The original Department of Health document of that name (2001, second edition 2005) was withdrawn on 7 November 2017 and replaced by the UK Policy Framework for Health and Social Care Research, published by the Health Research Authority (HRA). This guide sets out what the current framework actually requires of sponsors, host organisations and investigators.

    The UK Policy Framework for Health and Social Care Research is the Health Research Authority’s single, UK-wide set of principles — replacing the four separate national Research Governance Frameworks — that defines proportionate, assurance-based management of health and social care research involving patients, service users, carers or their data.

    What is the research governance framework for health and social care?

    The Research Governance Framework for Health and Social Care was first published by the Department of Health in 2001, with a second edition on 24 April 2005. It set out principles, requirements and standards that applied to research falling within the responsibilities of the Secretary of State for Health.

    It formalised three roles that still anchor governance today: a sponsor taking overall responsibility for a study, an NHS or care organisation granting local research-and-development (R&D) permission, and a Chief Investigator leading the research. Most searches for “research governance framework” still refer to this historic document, even though it no longer governs live research.

    Why was the original framework withdrawn — and what replaced it?

    GOV.UK’s official record confirms the Research Governance Framework for Health and Social Care “was withdrawn on 7 November 2017”. It was superseded by the UK Policy Framework for Health and Social Care Research, published in October 2017 by the HRA together with the health departments of Northern Ireland, Scotland and Wales, following public consultation.

    The change replaced four separate country-level research governance frameworks with one UK-wide document. According to the HRA, the policy framework “replaces the separate Research Governance Frameworks in each UK country with a single, modern set of principles for the whole UK.” The framework was itself informed by earlier standards, including ICH Good Clinical Practice (ICH GCP) and the pan-European RESPECT ethical guidelines, rather than being written from scratch.

    Practically, the core accountability structure — sponsor, host, investigator — carried over. What changed was terminology, scope (a single UK document instead of four) and the mechanics of local sign-off, discussed below.

    Aspect Research Governance Framework (2001; 2nd ed. 2005) UK Policy Framework for Health and Social Care Research (2017–present)
    Status Withdrawn 7 November 2017 Current governing document
    Publisher Department of Health Health Research Authority, with health departments of Northern Ireland, Scotland and Wales
    Geographic scope Separate framework per UK nation Single set of principles across England, Northern Ireland, Scotland and Wales
    Local sign-off “R&D approval/permission” issued by individual NHS trusts “Capacity and capability” confirmation by host organisations
    Core roles Sponsor, R&D-approving organisation, Chief Investigator Sponsor, host organisation, Chief Investigator, Principal Investigator (per site)

    Every study within scope must have a named sponsor — an individual, organisation or partnership that takes overall responsibility for setting up, running and reporting the research. For non-commercial studies, the sponsor is typically the employer of the Chief Investigator (often a university or NHS trust); for commercial studies, the funding company usually sponsors directly.

    • Ensuring the protocol is scientifically sound before the study starts
    • Securing a favourable opinion from a Research Ethics Committee (REC) and any other required regulatory approvals
    • Putting proportionate quality, risk-management and monitoring systems in place
    • Arranging adequate insurance or indemnity to cover potential liabilities
    • Taking responsibility for accurate reporting, registration and dissemination of findings

    Sponsorship is a formal role that must be explicitly accepted in writing — it is never assumed by default.

    What does it require of host organisations?

    The framework does not use the word “host” as a defined technical term, but the obligations fall on the research site or employing organisation — an NHS trust, university, or social care provider where the research actually takes place. Under HRA Approval, hosts confirm capacity and capability rather than issuing the older-style “R&D permission”.

    • Confirming the site has the resources, facilities and capability to deliver the research safely
    • Completing local capacity and capability checks before recruitment begins at that site
    • Ensuring staff involved are appropriately qualified, trained and supervised
    • Safeguarding the dignity, rights, safety and wellbeing of participants at that site
    • Working collaboratively with the sponsor and Chief Investigator throughout the study

    What does it require of investigators?

    The Chief Investigator (CI) is the overall lead researcher and, for clinical trials, must be a healthcare professional. In multi-site studies, a Principal Investigator (PI) holds equivalent responsibility for conduct at each individual site.

    • Conducting the research to the approved protocol and to high scientific and ethical standards
    • Obtaining valid informed consent from every participant before they take part
    • Protecting participant dignity, rights, safety and wellbeing throughout the study
    • Reporting adverse events and unexpected issues to the sponsor and REC promptly
    • Collecting, recording and storing data accurately and securely

    Common questions about research governance

    What is a research governance framework?

    A research governance framework is the set of regulations, principles and standards that govern how health and social care research is designed, approved, conducted and reported. It defines who holds responsibility — the sponsor, host organisation and investigator — and sets the assurance and oversight arrangements that protect participants and data.

    What is the UK Policy Framework for Health and Social Care Research?

    The UK Policy Framework for Health and Social Care Research is the document that has governed UK health and social care research since October 2017, when the Health Research Authority and the health departments of Northern Ireland, Scotland and Wales replaced the country-specific research governance frameworks with one UK-wide set of principles.

    What is research governance in the NHS?

    In the NHS, research governance means every study has a designated sponsor who takes overall responsibility, a host organisation that confirms capacity and capability, and an investigator who leads day-to-day conduct — with a favourable Research Ethics Committee opinion required before recruitment can begin under HRA approval.

    What are the 7 pillars of clinical governance, and how does that differ from research governance?

    Clinical governance covers seven pillars — education and training, clinical audit, clinical effectiveness, staffing, patient involvement, risk management and information governance — and concerns everyday care quality. Research governance is a distinct system specific to research projects, covering sponsorship, ethical approval and investigator accountability rather than routine service delivery.

    What this means for research teams today

    Any protocol, SOP or training material that still cites the “Research Governance Framework for Health and Social Care” as live guidance is referencing a document withdrawn in 2017. Institutions relying on legacy templates risk misaligning their sponsor and host obligations with current HRA Approval processes, particularly around capacity-and-capability sign-off rather than the older R&D permission route.

    The HRA’s guidance page on the current framework shows a last-reviewed date of 10 January 2025, indicating the 2017 principles remain the active, maintained standard rather than a static one-off publication. Research administrators and R&D offices should audit internal documents against the current text on the HRA website, not archived Department of Health PDFs.

    The bottom line

    The research governance framework that many searches still name no longer governs UK health and social care research: the UK Policy Framework for Health and Social Care Research has done so since 2017. Its sponsor, host and investigator obligations are more precisely defined than the 2005 document they replaced, and they are the requirements institutions must demonstrate compliance with today. As research becomes more decentralised and data-driven, these role definitions — rooted in accountability, capability and consent — remain the reference point for governance across England, Northern Ireland, Scotland and Wales.

    For related definitions and role frameworks, see CASRAI’s research administration resources and the research administration dictionary.

  • What Is Research Governance? Beyond NHS Ethics

    Research governance is the institutional system of standards, delegated responsibilities and accountability mechanisms that ensures research is sponsored, conducted, resourced and reported to a consistent standard of quality and integrity — a system that spans sponsorship, data protection, financial probity and research integrity, not just the ethics approval most people associate with an NHS Research Ethics Committee.

    The phrase is frequently reduced, in searches and in institutional shorthand, to “getting NHS ethics sign-off.” That collapses a much wider accountability structure into a single procedural step. Research governance is the umbrella; ethics review is one component operating underneath it.

    What Is Research Governance?

    Research governance is the set of rules, standards and lines of accountability an institution puts in place to control how research is initiated, resourced, conducted and reported. NHS Research Scotland, whose remit covers governance across Scottish health boards, describes it as concerned with “setting standards to improve research quality and safeguard the public.” That is the safeguarding function. But governance is also an administrative control system: it determines who is legally and financially answerable when something goes wrong, long before any ethical question is raised.

    ARMA (the UK’s Association of Research Managers and Administrators) frames it more structurally, describing effective research governance as “the implementation of a fit-for-purpose decision-making framework under which an institution” operates. That decision-making framing matters: governance is not a checklist a researcher completes once. It is an ongoing institutional control system — the same category of function as financial governance or clinical governance, applied to the research enterprise.

    What Does Research Governance Actually Cover?

    A governance system that only covered ethics would be incomplete. In practice, institutional research governance operates across four interlocking strands, each with its own named accountable party and its own failure mode if neglected.

    • Sponsorship and legal accountability — the sponsor (usually the employing institution or funder) takes on the legal responsibility for a study’s initiation, management and financial arrangements, distinct from the researcher’s day-to-day conduct of it.
    • Data governance — how participant data, tissue samples and research datasets are collected, stored, shared and protected, governed alongside UK GDPR and institutional data protection policy.
    • Financial governance — probity in the use of grant and contract funds, adherence to funder terms and conditions, and audit trails for how public or charitable money was spent.
    • Research integrity — the honest conduct, reporting and attribution of research, including handling allegations of misconduct such as fabrication, falsification or plagiarism.

    Health and safety oversight and intellectual property management sit alongside these four strands in most institutional frameworks, particularly for laboratory-based or commercially exploitable research.

    Research Governance vs Research Ethics Review: What’s the Difference?

    Ethics review answers one question: is this specific study, as designed, ethically acceptable to run? Governance answers a broader one: does the institution have the systems in place to sponsor, resource, monitor and be accountable for research generally? A study can pass ethics review and still fail governance requirements — for example, if the sponsor has not confirmed indemnity and insurance arrangements, or if data-sharing agreements are not in place.

    Aspect Research Ethics Review Research Governance
    Core question Is this study design ethically acceptable? Can the institution be accountable for this research?
    Typical body Research Ethics Committee (REC) Sponsor, R&D office, research administration function
    Scope Participant welfare, consent, risk-benefit balance Sponsorship, data, finance, integrity, health & safety, IP
    Timing Pre-approval, one-off per protocol Continuous, across the study lifecycle
    Applies beyond NHS? Only where human participants/data/tissue are involved Yes — to all disciplines and funding types

    An institution’s own research administration function typically holds the governance oversight role, coordinating sponsor sign-off, data agreements and financial compliance across a study’s life, while the ethics committee’s involvement is generally concentrated at the design and approval stage.

    Who Is Responsible for Research Governance?

    Responsibility is distributed, not centralised in one office. The sponsor carries overall legal and financial accountability. The Chief Investigator is responsible for day-to-day conduct in line with the approved protocol. The employing institution provides the administrative infrastructure — contracts, insurance, data protection compliance — that makes sponsorship possible. Funders, including UK Research and Innovation (UKRI), attach their own governance conditions through grant terms and conditions, requiring institutions to demonstrate integrity and financial-probity safeguards as a condition of funding.

    Under international clinical trial standards such as ICH Good Clinical Practice (ICH-GCP), sponsor obligations are made explicit and legally binding — a level of formality that has increasingly influenced how non-clinical research governance is structured, even where GCP itself does not strictly apply.

    What Frameworks Define Research Governance in the UK?

    The UK’s foundational document was the 2005 Research Governance Framework for Health and Social Care, issued separately by the four UK nations. The Health Research Authority (HRA) subsequently consolidated these into a single UK-wide document — the UK Policy Framework for Health and Social Care Research — which, per the HRA’s own record, replaced “the separate Research Governance Frameworks in each UK country with a single, modern set of principles for the whole UK,” co-developed with the health departments of Northern Ireland, Scotland and Wales. The HRA’s published record shows this framework was most recently updated on 10 January 2025, reflecting a living document rather than a static one.

    Beyond health research, the Concordat to Support Research Integrity — developed under the auspices of Universities UK — sets out institutional commitments to rigour, transparency, accountability and support for researchers across all disciplines, not solely clinical fields. Attribution and authorship disputes, a recurring integrity concern under governance, connect to contributorship standards such as the CRediT taxonomy, which CASRAI originated in 2014 and which is now stewarded as ANSI/NISO Z39.104-2022 — a reminder that even a narrow-looking standard can sit inside a much larger governance accountability chain.

    Common Questions About Research Governance

    Why is research governance important?

    Research governance is important because it protects participants, safeguards public and funder trust, and creates a clear accountability chain when something goes wrong — financially, ethically or scientifically. Without it, institutions have no defined mechanism for assigning responsibility across sponsors, investigators and funders, increasing legal and reputational exposure.

    Is research governance the same as clinical governance?

    No. Clinical governance covers the quality and safety of patient care delivery within a healthcare organisation, while research governance covers the conduct, sponsorship and accountability of research activity itself. They overlap in NHS settings but apply to different organisational functions and different named accountable roles.

    What is a sponsor in research governance?

    A sponsor is the organisation — typically the employing institution, a university, or a funder — that takes on legal responsibility for confirming a study is properly designed, resourced, insured and managed before it begins. The sponsor role is distinct from the researcher’s role and cannot be left undefined.

    Does research governance apply outside the NHS?

    Yes. Research governance applies across all disciplines — social sciences, engineering, humanities and commercially funded research — wherever an institution sponsors, funds or hosts a research activity, not only where NHS patients, tissue or data are involved.

    Implications and Outlook

    For institutional leaders, the practical implication is structural: governance cannot be delegated entirely to an ethics committee, nor treated as a one-time approval gate. It requires standing infrastructure — a research administration function capable of tracking sponsorship status, data agreements, financial compliance and integrity casework concurrently, across every live project, not just those with NHS involvement.

    As funders including UKRI tie funding conditions more tightly to demonstrable integrity and financial-probity safeguards, and as the HRA continues to revise the UK Policy Framework, institutions that treat governance as an accountability system — rather than an ethics-approval formality — will be better positioned to withstand funder audits, data protection scrutiny and misconduct investigations alike.

  • Research Integrity Office: A Governance Model

    A well-governed research integrity office reports to a senior academic officer independent of Human Resources, draws its investigation panels from cross-disciplinary senior staff plus at least one external member, and keeps case-handling separate from disciplinary sanctioning — a structure distinct from simply appointing a named Research Integrity Officer.

    A research integrity office is the standing institutional unit responsible for policy, training oversight and the inquiry-and-investigation process for allegations of research misconduct — distinct from the individually appointed Research Integrity Officer who runs its day-to-day casework.

    What Is a Research Integrity Office?

    A research integrity office is the standing unit — not a single job title — that owns an institution’s policy on responsible conduct of research, coordinates training, and runs the formal process when misconduct is alleged. Most coverage of this topic focuses on the individual Research Integrity Officer (RIO) career pathway; far less has been written about how the surrounding office should be structured as a governance function.

    The office typically sits alongside, but separate from, two adjacent functions: the research ethics committee, which reviews prospective study design and participant safeguards before research starts, and the research governance office, which manages sponsor, funder and regulatory compliance (common in clinical and health research). Conflating the three creates confusion about who owns what when a concern is first raised.

    It is also worth distinguishing an institution’s own office from the UK Research Integrity Office (UKRIO), an independent charity established in 2006 that provides advisory support — including case advice and training — to around 160 subscribing UK research organisations. UKRIO is a sector-wide advisory body; it does not replace the internal office each institution is expected to run under the Concordat to Support Research Integrity.

    Where Should the Office Report? Comparing Reporting-Line Models

    The office should report to a senior academic officer — a Pro-Vice-Chancellor for Research, Provost, or Vice-President for Research — never through a line that also manages HR casework or sits inside a single faculty. This gives the office standing to investigate any member of staff, including senior leadership, without a structural conflict of interest. In the United States, 42 CFR Part 93 requires any institution receiving Public Health Service research funding to designate an RIO with documented authority to act independently of the respondent’s own management chain.

    Governance model Reporting line Independence from HR Best fit
    Centralised office Reports directly to Provost / PVC-Research High — own budget line and case files Large, research-intensive universities
    Devolved faculty network Faculty-based integrity advisors report to a central RIO, who reports to the Provost Medium — depends on the advisor’s own line management Multi-faculty institutions with devolved research cultures
    External advisory subscription Advisory only; the institution retains formal decision-making authority High for advice, but not a substitute for a named internal Officer Smaller institutions, or as an escalation and second-opinion route

    King’s College London illustrates the devolved model: its Research Integrity Office is supplemented by faculty-based “Research Integrity Champions and Advisors” who provide local, first-line support while formal casework remains with the central office. Whichever model is chosen, the reporting line — not the job title of the person running it — determines whether the office can act without institutional pressure.

    Who Should Sit on the Investigation Panel?

    An investigation panel needs disciplinary expertise, distance from the respondent’s own department, and — for serious cases — at least one external, cross-institutional member. It should not include a standing HR representative as a voting member, because the panel’s task is to determine whether fabrication, falsification or plagiarism occurred, which is a different test to the workplace-conduct standard HR applies in disciplinary proceedings.

    • Cross-disciplinary membership that avoids conflicts of interest with the respondent’s own department or research group
    • At least one external member drawn from outside the institution for investigation-stage (not preliminary assessment-stage) cases
    • Separated roles across stages: an initial assessor, a fact-finding inquiry panel, and — only where warranted — a formal investigation committee
    • A documented recusal process for declared conflicts of interest
    • An independent secretariat, provided by the research integrity office itself rather than by HR

    Panel members require training on the institution’s misconduct policy and, where applicable, national frameworks such as the UKRIO Code of Practice for Research, which sets out five core principles — honesty, rigour, transparency and open communication, care and respect, and accountability — as the basis on which allegations are assessed.

    Why Independence from HR Is Non-Negotiable

    Independence from HR matters because a misconduct investigation establishes a factual finding about the integrity of the research record — a different exercise to the reasonable-conduct standard HR applies in employment disciplinary proceedings. Conflating the two risks the investigation being challenged as procedurally unfair, or as a pretext for an unrelated employment dispute.

    The two functions are sequential, not parallel. UK institutional codes typically specify that HR-led disciplinary procedures begin only once a research integrity office has confirmed a misconduct finding through its own separate process; King’s College London’s published Code of Good Conduct in Research is a public example of an institution setting out both processes as distinct. Confidentiality is a further reason for separation: misconduct proceedings protect the reputations of complainants, respondents and witnesses alike, and narrowing the circle of people with case access — rather than routing it through a general HR caseload — helps preserve that.

    Frequently Asked Questions

    What Does a Research Integrity Office Do?

    A research integrity office owns institutional policy on responsible research conduct, coordinates training for staff and students, and manages the formal process — assessment, inquiry and, where warranted, investigation — for allegations of research misconduct. It reports outcomes to senior leadership but does not itself impose employment sanctions.

    What Is the UK Research Integrity Office, and How Is It Different from an Institutional Office?

    UKRIO is an independent UK charity, established in 2006, that advises around 160 subscribing institutions and helped develop the Concordat to Support Research Integrity. It is a sector-wide advisory body, not a substitute for the internal office each institution must run to handle its own cases.

    What Are the Five Principles of Research Integrity?

    Under the UKRIO Code of Practice for Research, the five commonly cited principles are honesty, rigour, transparency and open communication, care and respect, and accountability. These principles inform how research integrity offices and panels assess whether an allegation meets the threshold for a formal misconduct finding.

    What Counts as Research Misconduct?

    Research misconduct generally covers fabrication, falsification and plagiarism, alongside proceeding without required ethical approvals and manipulating data, materials or processes to misrepresent results. A research integrity office defines the precise scope in institutional policy, aligned to national frameworks such as the Concordat to Support Research Integrity.

    Implications for Institutions Building or Reforming an Office

    The revised Concordat to Support Research Integrity (2025) sharpens its fifth commitment — accountability and continuous improvement — which puts explicit pressure on institutions to evidence, not merely assert, that their office structure is independent in practice. Institutions still relying on an RIO who reports through a research-office middle layer, or panels that include HR as a standing member, should treat this as a governance gap to close rather than an administrative preference.

    The wider research administration function increasingly treats research integrity governance as core infrastructure rather than a compliance afterthought, alongside ethics review and research governance offices. As AI-assisted data analysis and image manipulation raise new detection challenges, panels with genuine cross-disciplinary and external representation — reporting through a line insulated from both departmental and HR pressure — will be better placed to investigate credibly and defend their findings if challenged.

  • UK Policy Framework for Health and Social Care Research: A Governance Primer

    What Is the UK Policy Framework for Health and Social Care Research?

    The UK Policy Framework for Health and Social Care Research is the single set of standards that governs how health and social care research is designed, sponsored, approved, and reported across England, Northern Ireland, Scotland, and Wales. It was published by the Health Research Authority (HRA) and the four UK health departments in October 2017, replacing the separate national Research Governance Frameworks that each country had previously maintained since the early 2000s.

    For research administrators, the practical significance is that a single rulebook now applies wherever the study touches NHS or Health and Social Care (HSC) patients, service users, data, or tissue — regardless of whether the funder is a UK research council, a charity, a university, or a life sciences company. Any study that falls within scope requires a designated sponsor, appropriate ethical and regulatory approval, and proportionate ongoing oversight before, during, and after delivery.

    The 19 Principles: Structure and Scope

    The framework is built around 19 principles of good practice, split into two tiers. The first 15 apply to all health and social care research; the final four apply only to interventional research, where treatment, care, or service delivery is changed for research purposes.

    • Principles 1–15 (all research): Safety, Competence, Scientific and Ethical Conduct, Patient/Service User/Public Involvement, Integrity/Quality/Transparency, Protocol, Legality, Benefits and Risks, Approval, Information about the Research, Accessible Findings, Choice, Insurance and Indemnity, Respect for Privacy, and Compliance.
    • Principles 16–19 (interventional research only): Justified Intervention, Ongoing Provision of Treatment, Integrity of the Care Record, and Duty of Care.

    Principle 9 (Approval) and Principle 10 (Information about the Research) are the two most operationally significant for grant-funded studies: no study may start until it has a favourable Research Ethics Committee (REC) opinion where required, and every study — bar limited waivers — must be registered publicly before recruitment begins to avoid research waste.

    Every study in scope must have a sponsor: the individual, organisation, or partnership that takes overall responsibility for proportionate, effective arrangements to set up, run, and report the research. For non-commercial, grant-funded studies the sponsor is normally the employer of the chief investigator; for commercial studies it is normally the funder. Crucially, an employer or funder does not become the sponsor automatically — the role must be explicitly accepted and documented.

    Under the framework, the sponsor’s overall responsibility includes:

    1. Identifying and addressing poorly designed research and ensuring proposals are scientifically sound, safe, ethical, legal, and feasible for the duration of the study.
    2. Satisfying itself that investigators, the research team, and research sites are suitable.
    3. Documenting agreed roles, responsibilities, and any delegation of sponsor tasks.
    4. Ensuring adequate insurance or indemnity is in place to cover liabilities arising from the research.
    5. Ensuring public registration before the study starts and accessible reporting of data, tissue, and findings afterwards.
    6. Confirming REC and any other required regulatory approvals are secured before the research begins.
    7. Maintaining adequate finance, risk management, and data management arrangements throughout delivery.
    8. Keeping effective monitoring, progress-reporting, and safety-reporting procedures in place.

    Sponsors of clinical trials of investigational medicinal products (CTIMPs) carry additional statutory duties under the Medicines for Human Use (Clinical Trials) Regulations 2004 (SI 2004/1031, as amended). Universities and colleges are expected to accept the sponsor role for educational research conducted by their own students, unless the student’s NHS or social care employer prefers to take it on.

    REC Review and NHS/HRA Approval

    Research Ethics Committee review is the framework’s central quality gate. No study may start unless a REC — and, where applicable, another approval body such as the Medicines and Healthcare products Regulatory Agency (MHRA), the Human Fertilisation and Embryology Authority (HFEA), or the Administration of Radioactive Substances Advisory Committee (ARSAC) — has issued a favourable opinion on the protocol and supporting documentation.

    In England, REC review is bundled with the confirmation of capacity and capability at NHS organisations through the HRA Approval process, which replaced separate local Research and Development (R&D) sign-off across NHS trusts in 2016. Applications are submitted and tracked through the Integrated Research Application System (IRAS). This single-approval model is one of the framework’s clearest efficiency gains over the pre-2017 regime, in which sponsors could face duplicated ethics and governance review at every participating site.

    The following table summarises the approval routes that sit alongside REC review, depending on study type.

    Study type Additional approval body Legal basis
    Clinical trials of investigational medicinal products (CTIMPs) MHRA Medicines for Human Use (Clinical Trials) Regulations 2004
    Studies using ionising radiation ARSAC Ionising Radiation (Medical Exposure) Regulations
    Research involving human embryos or gametes HFEA Human Fertilisation and Embryology Act 1990
    Research using confidential patient information without consent Confidentiality Advisory Group (CAG) Health Service (Control of Patient Information) Regulations 2002

    Governance Across the Four UK Nations

    Because health and social care are devolved matters, the framework is implemented by a different lead body in each nation, though the 19 principles and sponsor duties remain constant UK-wide.

    • England: Health Research Authority (HRA) — covers health and adult social care research.
    • Northern Ireland: Department of Health (Northern Ireland) — covers health and social care.
    • Scotland: Scottish Government Health and Social Care Directorates — covers health and adult social care.
    • Wales: Department for Health, Social Care and Early Years, operationalised through Health and Care Research Wales.

    Underlying legislation also varies by nation. Common UK-wide law includes the Data Protection Act 2018, UK GDPR, and the Human Tissue Act, while instruments such as the Adults with Incapacity (Scotland) Act 2000 and the Mental Capacity Act 2005 (England and Wales) apply only where the relevant nation’s remit covers them — a detail sponsors running multi-nation studies frequently miss.

    Frequently Asked Questions

    What is a policy framework?

    A policy framework is a structured set of principles, standards, and accountabilities that organisations must follow within a defined area of activity. In health and social care research, the UK Policy Framework sets 19 such principles covering safety, ethics, transparency, and sponsor accountability, replacing what were previously separate national governance documents.

    What are the ethical frameworks for health research?

    Health research ethics in the UK draws on established principles — autonomy, beneficence, non-maleficence, and justice — operationalised through REC review under the UK Policy Framework. Principles 3, 4, and 12 of the framework specifically require scientifically sound, ethically conducted studies with informed participant choice.

    What are some policies in health and social care?

    Alongside the UK Policy Framework, relevant policies include data protection and confidentiality rules (UK GDPR, Data Protection Act 2018), safeguarding policies, consent and capacity policies, and organisation-specific research governance procedures that translate the framework’s sponsor and REC approval requirements into local practice.

    What are frameworks in healthcare?

    In healthcare, a framework is a formally published document that sets shared expectations for practice across organisations. The UK Policy Framework for Health and Social Care Research is one such framework: a single, UK-wide reference that sponsors, investigators, and NHS/HSC organisations must follow when managing research involving patients or service users.

    Implications for Research Administrators

    For institutional research offices, the framework’s practical weight falls on three activities: confirming sponsorship arrangements before a grant is accepted, tracking REC and HRA/NHS approval milestones against funder timelines, and maintaining the documentation trail — protocols, risk assessments, monitoring reports — that demonstrates ongoing compliance with the 19 principles.

    Bodies such as the Association of Research Managers and Administrators (ARMA) in the UK, and international counterparts including INORMS and NCURA, treat sponsor-duty literacy as a core competency for research administration staff, precisely because sponsor obligations under this framework sit outside the funder’s own grant terms and conditions — a distinction that is frequently misunderstood by newly grant-funded principal investigators.

    A common failure mode is treating “sponsor” and “funder” as synonymous. They are not: a funder can decline the sponsor role entirely, leaving the chief investigator’s employer to accept it, with all the attendant obligations around insurance, monitoring, and public registration described above.

    What This Means Going Forward

    The UK Policy Framework for Health and Social Care Research remains the definitive reference for governance obligations across NHS and HSC research, and its principle-based, proportionate design has held up well against a decade of regulatory change, including UK GDPR and post-Brexit clinical trials reform. For institutions managing grant-funded clinical or social care studies, the operational priority is unchanged: confirm sponsorship early, sequence REC and NHS approval realistically against funder milestones, and keep documentation aligned to the framework’s principles rather than treating it as a one-off compliance checkbox.

    Research administrators seeking to embed these obligations into wider institutional practice may find it useful to review CASRAI’s broader coverage of research administration standards and terminology in the CASRAI Dictionary.