Tag: nhs research governance framework

  • Research Data Governance: Where DMPs, FAIR and Institutional Policy Meet

    Research data governance is the institution-wide framework of policies, roles and standards that determines how research data is created, stored, protected, shared and retained across its lifecycle — distinct from the project-level task of managing a single dataset. It sits above data management plans (DMPs) and FAIR practice, translating funder and institutional policy into assigned accountability. The most common failure point is not the policy itself but the gap between what a DMP promises and what a principal investigator (PI) or data steward is actually resourced and empowered to deliver.

    Put simply: research data governance is the system of institutional authority, roles and control that determines who is accountable for a dataset at every stage of its life, from collection to eventual disposal or archiving.

    What is research data governance?

    Research data governance establishes the policies, roles and standards dictating how research data is ethically collected, stored, secured and shared, applied at the level of the whole institution rather than a single grant. It differs from research data management in scope: management is what a researcher does with one dataset; governance is how an organisation ensures every dataset is handled consistently and lawfully.

    Andrea Chiarelli’s 2023 analysis for Force11’s Upstream describes this as a shift “from individual projects or datasets to the way the organisation as a whole thinks and operates when it comes to research data.” A 2025 Data Science Journal paper by Odebrecht et al. argues governance requires a “system of cross-organisational” accountability, since ownership, stewardship and compliance obligations rarely sit with one office.

    In practice, governance frameworks typically assign roles across several functions:

    • Senior leadership — sets institutional strategy and secures infrastructure budget.
    • Data stewards or data champions — provide discipline-specific guidance and training.
    • Librarians and information professionals — curate data and advocate for open sharing.
    • Ethics and compliance officers — verify adherence to regulatory and funder requirements.
    • IT and information security teams — manage storage, backup and access control.
    • Principal investigators — remain directly responsible for their project’s data day to day.

    How do data management plans fit into research data governance?

    A data management plan is the project-level instrument; research data governance is the institutional context that shapes it. Governance sets the rules of the road — the DMP is the trip plan for a specific project, describing what data will be generated, how it will be stored, and what happens to it once funding ends. Most UK and EU funders now require a DMP at application stage, per the Digital Curation Centre’s funder-policy overview.

    UKRI’s Guidance on Best Practice in the Management of Research Data (2020) states research data should be “easily discoverable, accessible, assessable, intelligible, useable” — language drawn from the G8 Open Data Charter. That expectation only becomes operational once a governance framework specifies which repository, metadata schema and retention period satisfy it. Without that translation layer, a PI can write a technically compliant DMP the institution has no infrastructure to support.

    Where personal or sensitive data is involved, governance also requires a Data Protection Impact Assessment (DPIA) under UK GDPR before collection begins — a step outside most DMP templates, and frequently where research ethics and governance approval stalls.

    Where do FAIR principles sit in the governance stack?

    The FAIR Guiding Principles — Findable, Accessible, Interoperable and Reusable — were formally published in Scientific Data in 2016 (Wilkinson et al.) and have since become the default technical standard governance frameworks use to operationalise “good data practice.” FAIR is a set of design criteria for datasets; governance is the accountability structure that ensures those criteria are met at scale, not just described in policy.

    A governance policy might mandate persistent identifiers, controlled-vocabulary metadata and an approved repository — the mechanisms that make a dataset FAIR in practice. Funder mandates reinforce this: cOAlition S’s Plan S requires data underlying publications be made available in a FAIR-compliant repository, converting a technical principle into a compliance condition an institution’s governance office must monitor.

    Layer What it governs Primary owner
    Institutional research policy Ownership, retention, ethical boundaries Senior leadership / research office
    Research data governance framework Roles, accountability, infrastructure standards Data governance committee
    FAIR principles Technical findability/reuse criteria for datasets Data stewards, repository managers
    Data management plan Project-specific application of the above Principal investigator

    Where do responsibility gaps appear between data stewards and PIs?

    The most persistent governance failure is not absent policy but an accountability vacuum between those who write institutional standards and those who generate the data day to day. Force11’s Upstream analysis notes “research cultures value autonomy and independence,” making a standardised framework structurally difficult to enforce against individual research groups — a cultural, not merely technical, obstacle.

    The gap tends to open at predictable points:

    • Departure events — what happens to a dataset when a researcher leaves is, per Upstream, “one of the most common difficulties,” since ownership and access rights are rarely settled in advance.
    • Metadata quality — without an assigned data steward, a PI defaults to whatever documentation is fastest, not what is FAIR-reusable.
    • Sensitive data handling — a DPIA is approved at the outset, but ongoing access-control enforcement typically falls back to the PI’s lab, unsupported by IT.
    • Retention beyond project end — a retention period is set, but archiving budget and ownership after a grant closes is frequently unassigned.

    The University of Oxford’s data governance framework addresses this by “establishing roles, definitions, standards and procedures to help keep data accurate and fit for purpose” — an explicit attempt to move responsibility off the individual researcher and onto a named institutional function. Institutions without an equivalent role map leave every gap to default to the PI, regardless of whether they have the time, training or authority to close it.

    Frequently asked questions

    What is data governance in research?

    Data governance in research is the exercise of institutional authority and control over how research data is created, secured, shared and retained, increasing the value of research data while minimising risk, and covering ownership, quality, ethical compliance and long-term stewardship across every supported project.

    What are the four pillars of research data governance?

    Most frameworks converge on four pillars: policy (rules for ownership, access and retention), roles (stewards, ethics officers, IT, PIs), infrastructure (repositories, metadata standards, storage) and compliance monitoring (audits against funder and legal requirements). Each pillar fails independently if the others are absent.

    What are the 5 C’s of data governance?

    The 5 C’s — clear vision, leadership commitment, collaboration, communication and continuous improvement — describe the cultural conditions a governance programme needs to survive contact with autonomous research groups. Without leadership commitment specifically, governance policy tends to remain aspirational rather than enforced.

    Will AI replace research data governance?

    No. AI tools can automate metadata tagging, anomaly detection and compliance checks, but they cannot assign accountability or resolve the ethical judgement calls that research ethics and governance committees make. AI changes the tooling of governance, not the underlying need for named, human-accountable roles.

    Implications for institutions

    For research administrators, the practical implication is that a DMP template or FAIR-compliance checklist is necessary but not sufficient. An institution needs a named governance owner — a research data governance committee or chief data steward function — whose remit spans the full lifecycle, not just the application stage a DMP covers.

    The Royal Society and British Academy’s joint review, Data Management and Use: Governance in the 21st Century, argued data governance should be treated as an organisational capability comparable to financial or ethical governance, not a bolt-on exercise assigned to whichever office has spare capacity. That framing is increasingly reflected in how EARMA, ARMA and INORMS member institutions structure research administration functions, positioning data governance alongside grants management and research integrity rather than beneath IT.

    Conclusion: closing the gap

    Research data governance, DMPs and FAIR practice describe the same problem from three altitudes: institutional accountability, project-level planning, and technical dataset design. The responsibility gaps undermining all three consistently form where policy assigns an outcome — FAIR metadata, secure retention, a departure protocol — without assigning a person. Institutions that name an accountable role for every governance obligation, rather than defaulting to the PI, close that gap before it becomes a compliance failure. For broader context on these roles within the wider research administration function, see CASRAI’s research administration standards resources.

  • Clinical Research Governance: Sponsor, Host, PI

    Clinical research governance in a multi-site trial is not a single chain of command but three overlapping, unequally weighted accountabilities: the sponsor owns overall trial risk and cannot delegate it away, the host organisation owns the local environment and confirms site-level capacity, and the principal investigator owns day-to-day conduct at their site. In practice, this three-way split creates gaps — in indemnity, in recruitment-shortfall accountability, and in adverse-event reporting speed — that the written framework does not fully resolve.

    Clinical research governance is the system of regulations, ethical principles and quality standards — spanning ethical approval, risk management, data integrity and financial oversight — that safeguards participants and assures the scientific validity of health research. In UK-regulated studies, the current reference point is the UK Policy Framework for Health and Social Care Research, maintained by the Health Research Authority (HRA) and last updated 10 January 2025.

    Contents

    What the framework says multi-site responsibility should look like

    On paper, the model is clean. The UK Policy Framework defines the sponsor as the organisation or individual taking on responsibility for initiating, managing and financing (or arranging financing for) a study. Every other party’s obligations flow from that single point of accountability.

    Participating NHS sites are brought in through Confirmation of Capacity and Capability — a check, run by each site’s own research and development (R&D) office, that it has the staff, facilities and local approvals to deliver the protocol safely. This is the mechanism that lets a single HRA and Health and Care Research Wales (HRA/HCRW) Approval cover recruitment across dozens of sites without a fresh full ethics review at each one.

    Contractually, the sponsor-host relationship is usually standardised through the Association of the British Pharmaceutical Industry’s model Clinical Trial Agreement (mCTA) for commercial studies, or a model Non-Commercial Agreement for academic ones — terms defined alongside related governance concepts in the CASRAI Research Administration Dictionary. Costs are mapped using the NIHR’s Attributing the Cost of Health and Social Care Research and Development (AcoRD) guidance and a Statement of Activities/Schedule of Events Cost Attribution Template (SoECAT), intended to make explicit which party pays for what before the trial opens.

    The sponsor owns the trial’s overall regulatory and scientific risk. Under the UK Policy Framework, this cannot be contracted away, even when day-to-day monitoring is subcontracted to a contract research organisation (CRO). Concretely, that means:

    • Establishing and maintaining a documented risk-management framework across all sites
    • Ensuring compliance with Good Clinical Practice under ICH E6(R2)
    • Arranging indemnity/insurance appropriate to the trial’s risk profile
    • Monitoring site-level performance and stepping in when a site under-delivers

    For commercially sponsored trials, indemnity typically follows ABPI clinical-trial compensation guidelines. For non-commercial, NHS- or university-sponsored trials, negligent harm is usually covered through the host trust’s NHS Indemnity Scheme (the Clinical Negligence Scheme for Trusts). Non-negligent harm — injury with no clinician at fault — is a separate, thinner layer of cover that sponsors of non-commercial studies must arrange themselves, and it is frequently the least-scrutinised line item in a multi-site risk assessment.

    What does the host organisation control — and what doesn’t it?

    The host — the NHS trust, health board or university hosting the research locally — controls the physical and clinical environment: staff, facilities, occupational health cover, and the local R&D governance confirming capacity and capability before recruitment opens. It does not inherit the sponsor’s overall trial risk, and is not accountable for protocol design or cross-site data integrity.

    A host trust can, and does, halt recruitment at its own site if capacity is exceeded or a safety signal appears locally — but it has no authority over the other sites in the study, and no visibility into the sponsor’s aggregate risk picture unless the sponsor actively shares it.

    Party Owns Does not own
    Sponsor Overall trial risk, protocol design, cross-site oversight, indemnity arrangement Local staffing, facilities, day-to-day site conduct
    Host organisation Local environment, capacity/capability confirmation, site-level safety culture Cross-site risk aggregation, protocol amendments, sponsor’s regulatory liability
    Principal investigator Protocol adherence, informed consent, local data accuracy, adverse-event reporting at their site Trial-wide risk decisions, insurance/indemnity arrangements, other sites’ conduct

    Where does the principal investigator’s accountability begin and end?

    The principal investigator (PI) is accountable for conduct at their own site: following the protocol, obtaining valid informed consent, keeping accurate records, and reporting adverse events promptly to both the sponsor and the relevant research ethics committee. Their authority stops at the site boundary — a PI has no formal governance role over other participating sites, even in trials where they also act as chief investigator for scientific leadership.

    The structural tension is that a PI is usually employed, or given honorary contract/letter-of-access status, by the host — while being contractually accountable for trial conduct to the sponsor. That dual reporting line works when both parties communicate; it becomes a blind spot the moment a deviation or shortfall needs escalating and neither party is clearly first in line.

    Where does the theory break down in practice?

    Three recurring failure points separate the written framework from operational reality.

    • Recruitment-shortfall accountability. The framework assigns sponsors overall oversight, but recruitment targets are delivered site by site. When one site underperforms, responsibility for the trial-level consequence (a delayed readout, a statistically underpowered analysis) sits with the sponsor — yet the sponsor’s only lever is the same capacity-and-capability relationship the host controls.
    • Adverse-event reporting speed mismatches. PIs report to their own site’s systems first; sponsors then aggregate signals across sites to spot patterns. Multi-site trials with paper-based or fragmented electronic systems can see days of lag between a local signal and trial-wide risk reassessment — the exact gap that first-in-human trial reforms following the 2006 Northwick Park (TGN1412) incident were designed to close, by tightening dose-escalation and staggered-dosing risk controls at source rather than relying on retrospective aggregation.
    • Data-protection role confusion. Under UK GDPR, sponsors are usually the data controller and hosts the processor for site-level data — but joint-controller arrangements are common in investigator-led studies, and the governance documentation does not always specify which party answers a subject access request or a breach notification first.

    The historical root is worth noting: the original Research Governance Framework for Health and Social Care (Department of Health, 2001, revised 2005) followed the Bristol Royal Infirmary and Alder Hey organ-retention inquiries, which exposed exactly this kind of accountability vacuum in single-site care. The current UK Policy Framework, published in 2017 and updated since, extended that same sponsor-centred logic to a far more complex multi-site landscape — without fully re-engineering it for that complexity.

    Answer-first Q&A

    What is research governance in the NHS?

    In the NHS, research governance is the broad set of regulations, principles and standards that exist to achieve and continuously improve research quality across UK healthcare. It covers ethical approval, participant safety, data integrity, financial oversight and the roles of the sponsor, host organisation and investigator, all set out under the HRA’s UK Policy Framework for Health and Social Care Research.

    What are the seven pillars of clinical governance?

    The seven pillars, first articulated by Scally and Donaldson in their 1998 NHS clinical governance model, are: patient and public involvement, risk management, education and training, clinical audit, clinical effectiveness, staffing and management, and information management. They describe organisational quality assurance, distinct from — but closely linked to — trial-specific research governance.

    What are the five components of a clinical governance framework?

    Most operational models group clinical governance into five practical components: clear accountability structures, quality improvement and audit processes, risk and incident management, education and continuing professional development, and robust information systems. A multi-site trial needs all five replicated consistently across every participating organisation, not just at the coordinating centre.

    Implications for institutions running multi-site studies

    For research administrators and institutional leaders, the practical fix is not to wait for the framework to be re-engineered — it is to make the three-way split explicit in every study-specific document: the mCTA/mNCA, the SoECAT and the risk log. Naming which party owns recruitment-shortfall escalation, which owns the data-protection role, and which pays for non-negligent-harm cover before the first participant is consented closes most of the gaps identified here.

    As UK trial infrastructure consolidates further — with combined HRA/MHRA review pathways and shared R&D systems across integrated care systems — the sponsor-host-PI triangle will only govern more sites per study, not fewer. Institutions that document risk ownership explicitly, rather than relying on the framework’s implicit assumptions, will be the ones that catch the next Northwick-Park-scale gap before it reaches a participant, not after.

  • Research Governance Framework for Health and Social Care: What It Requires

    The research governance framework for health and social care is the UK-wide system of principles, defined roles and formal approvals that govern how health and social care research is designed, sponsored, hosted and conducted. The original Department of Health document of that name (2001, second edition 2005) was withdrawn on 7 November 2017 and replaced by the UK Policy Framework for Health and Social Care Research, published by the Health Research Authority (HRA). This guide sets out what the current framework actually requires of sponsors, host organisations and investigators.

    The UK Policy Framework for Health and Social Care Research is the Health Research Authority’s single, UK-wide set of principles — replacing the four separate national Research Governance Frameworks — that defines proportionate, assurance-based management of health and social care research involving patients, service users, carers or their data.

    What is the research governance framework for health and social care?

    The Research Governance Framework for Health and Social Care was first published by the Department of Health in 2001, with a second edition on 24 April 2005. It set out principles, requirements and standards that applied to research falling within the responsibilities of the Secretary of State for Health.

    It formalised three roles that still anchor governance today: a sponsor taking overall responsibility for a study, an NHS or care organisation granting local research-and-development (R&D) permission, and a Chief Investigator leading the research. Most searches for “research governance framework” still refer to this historic document, even though it no longer governs live research.

    Why was the original framework withdrawn — and what replaced it?

    GOV.UK’s official record confirms the Research Governance Framework for Health and Social Care “was withdrawn on 7 November 2017”. It was superseded by the UK Policy Framework for Health and Social Care Research, published in October 2017 by the HRA together with the health departments of Northern Ireland, Scotland and Wales, following public consultation.

    The change replaced four separate country-level research governance frameworks with one UK-wide document. According to the HRA, the policy framework “replaces the separate Research Governance Frameworks in each UK country with a single, modern set of principles for the whole UK.” The framework was itself informed by earlier standards, including ICH Good Clinical Practice (ICH GCP) and the pan-European RESPECT ethical guidelines, rather than being written from scratch.

    Practically, the core accountability structure — sponsor, host, investigator — carried over. What changed was terminology, scope (a single UK document instead of four) and the mechanics of local sign-off, discussed below.

    Aspect Research Governance Framework (2001; 2nd ed. 2005) UK Policy Framework for Health and Social Care Research (2017–present)
    Status Withdrawn 7 November 2017 Current governing document
    Publisher Department of Health Health Research Authority, with health departments of Northern Ireland, Scotland and Wales
    Geographic scope Separate framework per UK nation Single set of principles across England, Northern Ireland, Scotland and Wales
    Local sign-off “R&D approval/permission” issued by individual NHS trusts “Capacity and capability” confirmation by host organisations
    Core roles Sponsor, R&D-approving organisation, Chief Investigator Sponsor, host organisation, Chief Investigator, Principal Investigator (per site)

    Every study within scope must have a named sponsor — an individual, organisation or partnership that takes overall responsibility for setting up, running and reporting the research. For non-commercial studies, the sponsor is typically the employer of the Chief Investigator (often a university or NHS trust); for commercial studies, the funding company usually sponsors directly.

    • Ensuring the protocol is scientifically sound before the study starts
    • Securing a favourable opinion from a Research Ethics Committee (REC) and any other required regulatory approvals
    • Putting proportionate quality, risk-management and monitoring systems in place
    • Arranging adequate insurance or indemnity to cover potential liabilities
    • Taking responsibility for accurate reporting, registration and dissemination of findings

    Sponsorship is a formal role that must be explicitly accepted in writing — it is never assumed by default.

    What does it require of host organisations?

    The framework does not use the word “host” as a defined technical term, but the obligations fall on the research site or employing organisation — an NHS trust, university, or social care provider where the research actually takes place. Under HRA Approval, hosts confirm capacity and capability rather than issuing the older-style “R&D permission”.

    • Confirming the site has the resources, facilities and capability to deliver the research safely
    • Completing local capacity and capability checks before recruitment begins at that site
    • Ensuring staff involved are appropriately qualified, trained and supervised
    • Safeguarding the dignity, rights, safety and wellbeing of participants at that site
    • Working collaboratively with the sponsor and Chief Investigator throughout the study

    What does it require of investigators?

    The Chief Investigator (CI) is the overall lead researcher and, for clinical trials, must be a healthcare professional. In multi-site studies, a Principal Investigator (PI) holds equivalent responsibility for conduct at each individual site.

    • Conducting the research to the approved protocol and to high scientific and ethical standards
    • Obtaining valid informed consent from every participant before they take part
    • Protecting participant dignity, rights, safety and wellbeing throughout the study
    • Reporting adverse events and unexpected issues to the sponsor and REC promptly
    • Collecting, recording and storing data accurately and securely

    Common questions about research governance

    What is a research governance framework?

    A research governance framework is the set of regulations, principles and standards that govern how health and social care research is designed, approved, conducted and reported. It defines who holds responsibility — the sponsor, host organisation and investigator — and sets the assurance and oversight arrangements that protect participants and data.

    What is the UK Policy Framework for Health and Social Care Research?

    The UK Policy Framework for Health and Social Care Research is the document that has governed UK health and social care research since October 2017, when the Health Research Authority and the health departments of Northern Ireland, Scotland and Wales replaced the country-specific research governance frameworks with one UK-wide set of principles.

    What is research governance in the NHS?

    In the NHS, research governance means every study has a designated sponsor who takes overall responsibility, a host organisation that confirms capacity and capability, and an investigator who leads day-to-day conduct — with a favourable Research Ethics Committee opinion required before recruitment can begin under HRA approval.

    What are the 7 pillars of clinical governance, and how does that differ from research governance?

    Clinical governance covers seven pillars — education and training, clinical audit, clinical effectiveness, staffing, patient involvement, risk management and information governance — and concerns everyday care quality. Research governance is a distinct system specific to research projects, covering sponsorship, ethical approval and investigator accountability rather than routine service delivery.

    What this means for research teams today

    Any protocol, SOP or training material that still cites the “Research Governance Framework for Health and Social Care” as live guidance is referencing a document withdrawn in 2017. Institutions relying on legacy templates risk misaligning their sponsor and host obligations with current HRA Approval processes, particularly around capacity-and-capability sign-off rather than the older R&D permission route.

    The HRA’s guidance page on the current framework shows a last-reviewed date of 10 January 2025, indicating the 2017 principles remain the active, maintained standard rather than a static one-off publication. Research administrators and R&D offices should audit internal documents against the current text on the HRA website, not archived Department of Health PDFs.

    The bottom line

    The research governance framework that many searches still name no longer governs UK health and social care research: the UK Policy Framework for Health and Social Care Research has done so since 2017. Its sponsor, host and investigator obligations are more precisely defined than the 2005 document they replaced, and they are the requirements institutions must demonstrate compliance with today. As research becomes more decentralised and data-driven, these role definitions — rooted in accountability, capability and consent — remain the reference point for governance across England, Northern Ireland, Scotland and Wales.

    For related definitions and role frameworks, see CASRAI’s research administration resources and the research administration dictionary.

  • Research Governance Officer: Role and Remit

    A research governance officer is the institutional post responsible for checking that a research project — most often a clinical trial or human-participant study — has the approvals, contracts, insurance and regulatory sign-offs before it starts, and for monitoring compliance throughout. The role differs from the research integrity officer, who investigates misconduct after the fact.

    Research governance is the framework of regulations, principles and standards of good practice through which the quality, safety and accountability of research involving human participants, data or tissue is monitored and assured. This explainer sets out what the role covers day to day, how it differs from research integrity, and where it typically reports.

    What Does a Research Governance Officer Do?

    A research governance officer reviews study documentation — protocols, participant information sheets, indemnity and insurance arrangements, data-sharing agreements, and contracts with sponsors or CROs — before a project is authorised to open at a site. Once a study is live, they monitor amendments, adverse-event reporting and ongoing compliance against the approvals granted.

    Core duties typically include:

    • Reviewing feasibility and capacity before a site accepts a study
    • Checking regulatory and ethical approvals are in place and current
    • Negotiating and countersigning research contracts and costing agreements
    • Conducting site-specific or local authorisation checks
    • Monitoring protocol amendments, deviations and adverse events
    • Advising investigators, sponsors and ethics committees on governance requirements
    • Logging and triaging complaints or concerns about the conduct of a study

    The role is administrative and risk-based rather than investigative: a research governance officer exists to stop non-compliant studies from starting, and to catch drift once they are under way — not to adjudicate whether a named researcher acted dishonestly.

    Research Governance Officer vs Research Integrity Officer

    The two roles are frequently confused because both sit under an institution’s wider compliance function, but they answer different questions. Governance asks “was this study set up and run according to the rules?” Integrity asks “did this researcher tell the truth?”

    Aspect Research Governance Officer Research Integrity Officer
    Primary focus Legal, contractual and regulatory compliance of a study Ethical conduct and honesty of individual researchers
    Typical trigger Study setup, amendment, or routine monitoring An allegation of misconduct (fabrication, falsification, plagiarism)
    Timing Before and during the research Usually after a concern is raised
    Governing reference UK Policy Framework for Health and Social Care Research; ICH Good Clinical Practice US Public Health Service Policies on Research Misconduct, 42 CFR Part 93 (US); institutional codes of practice (UK/EU)
    External liaison Health Research Authority, funders, sponsors, ethics committees Office of Research Integrity (US), UK Research Integrity Office, COPE

    Because the remits differ, the two functions are usually kept organisationally separate. A research governance officer who also adjudicated misconduct cases would face an obvious conflict of interest with the sponsors and investigators they routinely work alongside.

    Typical Reporting Lines and Where the Role Sits

    A research governance officer usually reports to a Head of Research Governance, R&D Manager, or Director of Research Operations, who in turn reports to a Pro-Vice-Chancellor for Research at a university, or a Director of Research and Development at an NHS trust or health board. In UK NHS organisations, the post commonly sits within a Research and Development (R&D) office and works closely with the local Research Ethics Committee (REC) and the sponsor’s clinical trials unit.

    By contrast, a research integrity officer is deliberately positioned for independence — often reporting directly to a Vice-Chancellor, Provost, or an institutional Research Integrity Committee, rather than through the same line as the operational governance team. This separation protects whistleblowers and preserves the impartiality of any misconduct investigation.

    Professional bodies such as ARMA (the Association of Research Managers and Administrators, UK), EARMA (Europe), NCURA (US) and the international umbrella body INORMS have progressively professionalised research management and governance as a distinct career track, with defined competency frameworks separate from research integrity casework.

    Research Governance Frameworks: UK, Australia and Beyond

    The specific rules a research governance officer applies vary by jurisdiction, though the underlying purpose — assuring quality, safety and accountability — is consistent internationally.

    In the UK, the Health Research Authority (HRA) maintains the UK Policy Framework for Health and Social Care Research (first published 2017, updated 2018), which superseded the 2005 Research Governance Framework for Health and Social Care. Clinical research governance officers also apply the ICH Good Clinical Practice (GCP) guideline, which sets international standards for the design, conduct and reporting of clinical trials.

    In Australia, the equivalent function is often titled Research Governance Officer explicitly, and is built around the NHMRC’s National Statement on Ethical Conduct in Human Research (2023). These officers conduct Site-Specific Assessment (SSA) reviews under state-based mutual acceptance schemes, checking local site capacity and resourcing after a Human Research Ethics Committee (HREC) has already approved the ethical dimensions of a study — a two-stage model (ethics, then governance) that is more formally separated than the equivalent UK process.

    This ethics/governance split is a genuine structural distinction most UK-focused explainers of the role omit: in the Australian National Mutual Acceptance model, ethical review and site governance review are statutorily distinct steps performed by different bodies, whereas UK practice more often blends elements of both within a single R&D sign-off.

    Common Questions About the Research Governance Officer Role

    What is a research governance officer?

    A research governance officer provides support and advice to investigators, sponsors, ethics committees and site leadership on regulatory compliance, contracts and risk before and during a study. The role ensures research is conducted in line with national frameworks, institutional policy and applicable legislation, rather than assessing individual researcher conduct.

    What is the role of a governance officer?

    A governance officer checks that an organisation’s activities comply with the rules that apply to them. In a research setting, this means verifying approvals, contracts, insurance and data-handling arrangements are in place before work starts, and monitoring compliance as the project progresses — a risk-management function, not a disciplinary one.

    Is governance a good career?

    Research governance offers a structured career path through R&D offices, university research services, and NHS trusts, with progression from officer to manager to director-level roles. Bodies such as ARMA, EARMA and INORMS provide competency frameworks and professional development routes, giving the field defined progression that is less common in adjacent compliance roles.

    Why the Distinction Matters for Institutions

    Institutions that conflate governance and integrity functions risk two failures: slower study setup, because a single overstretched post is asked to do both routine compliance checks and rare, high-stakes misconduct investigations; and weaker independence, because the same person cannot simultaneously advise a sponsor on contract terms and later investigate that sponsor’s investigator for alleged fabrication. Keeping the roles organisationally distinct — with separate reporting lines as described above — protects both throughput and impartiality.

    As research increasingly spans borders, jurisdictional literacy also matters: a governance officer working across UK and Australian sites needs to recognise that “research governance officer” describes a materially different process step in each system, not merely a different job title for the same task. Institutions building shared services or international collaborations should map these differences explicitly rather than assuming equivalence. For readers mapping this role against the wider research administration landscape, CASRAI’s research administration resources set out how governance, integrity and related functions fit together, and the CASRAI Dictionary collects definitions for adjacent terms.

  • What Is Research Governance? Beyond NHS Ethics

    Research governance is the institutional system of standards, delegated responsibilities and accountability mechanisms that ensures research is sponsored, conducted, resourced and reported to a consistent standard of quality and integrity — a system that spans sponsorship, data protection, financial probity and research integrity, not just the ethics approval most people associate with an NHS Research Ethics Committee.

    The phrase is frequently reduced, in searches and in institutional shorthand, to “getting NHS ethics sign-off.” That collapses a much wider accountability structure into a single procedural step. Research governance is the umbrella; ethics review is one component operating underneath it.

    What Is Research Governance?

    Research governance is the set of rules, standards and lines of accountability an institution puts in place to control how research is initiated, resourced, conducted and reported. NHS Research Scotland, whose remit covers governance across Scottish health boards, describes it as concerned with “setting standards to improve research quality and safeguard the public.” That is the safeguarding function. But governance is also an administrative control system: it determines who is legally and financially answerable when something goes wrong, long before any ethical question is raised.

    ARMA (the UK’s Association of Research Managers and Administrators) frames it more structurally, describing effective research governance as “the implementation of a fit-for-purpose decision-making framework under which an institution” operates. That decision-making framing matters: governance is not a checklist a researcher completes once. It is an ongoing institutional control system — the same category of function as financial governance or clinical governance, applied to the research enterprise.

    What Does Research Governance Actually Cover?

    A governance system that only covered ethics would be incomplete. In practice, institutional research governance operates across four interlocking strands, each with its own named accountable party and its own failure mode if neglected.

    • Sponsorship and legal accountability — the sponsor (usually the employing institution or funder) takes on the legal responsibility for a study’s initiation, management and financial arrangements, distinct from the researcher’s day-to-day conduct of it.
    • Data governance — how participant data, tissue samples and research datasets are collected, stored, shared and protected, governed alongside UK GDPR and institutional data protection policy.
    • Financial governance — probity in the use of grant and contract funds, adherence to funder terms and conditions, and audit trails for how public or charitable money was spent.
    • Research integrity — the honest conduct, reporting and attribution of research, including handling allegations of misconduct such as fabrication, falsification or plagiarism.

    Health and safety oversight and intellectual property management sit alongside these four strands in most institutional frameworks, particularly for laboratory-based or commercially exploitable research.

    Research Governance vs Research Ethics Review: What’s the Difference?

    Ethics review answers one question: is this specific study, as designed, ethically acceptable to run? Governance answers a broader one: does the institution have the systems in place to sponsor, resource, monitor and be accountable for research generally? A study can pass ethics review and still fail governance requirements — for example, if the sponsor has not confirmed indemnity and insurance arrangements, or if data-sharing agreements are not in place.

    Aspect Research Ethics Review Research Governance
    Core question Is this study design ethically acceptable? Can the institution be accountable for this research?
    Typical body Research Ethics Committee (REC) Sponsor, R&D office, research administration function
    Scope Participant welfare, consent, risk-benefit balance Sponsorship, data, finance, integrity, health & safety, IP
    Timing Pre-approval, one-off per protocol Continuous, across the study lifecycle
    Applies beyond NHS? Only where human participants/data/tissue are involved Yes — to all disciplines and funding types

    An institution’s own research administration function typically holds the governance oversight role, coordinating sponsor sign-off, data agreements and financial compliance across a study’s life, while the ethics committee’s involvement is generally concentrated at the design and approval stage.

    Who Is Responsible for Research Governance?

    Responsibility is distributed, not centralised in one office. The sponsor carries overall legal and financial accountability. The Chief Investigator is responsible for day-to-day conduct in line with the approved protocol. The employing institution provides the administrative infrastructure — contracts, insurance, data protection compliance — that makes sponsorship possible. Funders, including UK Research and Innovation (UKRI), attach their own governance conditions through grant terms and conditions, requiring institutions to demonstrate integrity and financial-probity safeguards as a condition of funding.

    Under international clinical trial standards such as ICH Good Clinical Practice (ICH-GCP), sponsor obligations are made explicit and legally binding — a level of formality that has increasingly influenced how non-clinical research governance is structured, even where GCP itself does not strictly apply.

    What Frameworks Define Research Governance in the UK?

    The UK’s foundational document was the 2005 Research Governance Framework for Health and Social Care, issued separately by the four UK nations. The Health Research Authority (HRA) subsequently consolidated these into a single UK-wide document — the UK Policy Framework for Health and Social Care Research — which, per the HRA’s own record, replaced “the separate Research Governance Frameworks in each UK country with a single, modern set of principles for the whole UK,” co-developed with the health departments of Northern Ireland, Scotland and Wales. The HRA’s published record shows this framework was most recently updated on 10 January 2025, reflecting a living document rather than a static one.

    Beyond health research, the Concordat to Support Research Integrity — developed under the auspices of Universities UK — sets out institutional commitments to rigour, transparency, accountability and support for researchers across all disciplines, not solely clinical fields. Attribution and authorship disputes, a recurring integrity concern under governance, connect to contributorship standards such as the CRediT taxonomy, which CASRAI originated in 2014 and which is now stewarded as ANSI/NISO Z39.104-2022 — a reminder that even a narrow-looking standard can sit inside a much larger governance accountability chain.

    Common Questions About Research Governance

    Why is research governance important?

    Research governance is important because it protects participants, safeguards public and funder trust, and creates a clear accountability chain when something goes wrong — financially, ethically or scientifically. Without it, institutions have no defined mechanism for assigning responsibility across sponsors, investigators and funders, increasing legal and reputational exposure.

    Is research governance the same as clinical governance?

    No. Clinical governance covers the quality and safety of patient care delivery within a healthcare organisation, while research governance covers the conduct, sponsorship and accountability of research activity itself. They overlap in NHS settings but apply to different organisational functions and different named accountable roles.

    What is a sponsor in research governance?

    A sponsor is the organisation — typically the employing institution, a university, or a funder — that takes on legal responsibility for confirming a study is properly designed, resourced, insured and managed before it begins. The sponsor role is distinct from the researcher’s role and cannot be left undefined.

    Does research governance apply outside the NHS?

    Yes. Research governance applies across all disciplines — social sciences, engineering, humanities and commercially funded research — wherever an institution sponsors, funds or hosts a research activity, not only where NHS patients, tissue or data are involved.

    Implications and Outlook

    For institutional leaders, the practical implication is structural: governance cannot be delegated entirely to an ethics committee, nor treated as a one-time approval gate. It requires standing infrastructure — a research administration function capable of tracking sponsorship status, data agreements, financial compliance and integrity casework concurrently, across every live project, not just those with NHS involvement.

    As funders including UKRI tie funding conditions more tightly to demonstrable integrity and financial-probity safeguards, and as the HRA continues to revise the UK Policy Framework, institutions that treat governance as an accountability system — rather than an ethics-approval formality — will be better positioned to withstand funder audits, data protection scrutiny and misconduct investigations alike.

  • Research Governance Framework Explained: What UK Institutions Must Comply With

    Search “research governance framework” today and you land on documents that are, technically, retired. The Research Governance Framework for Health and Social Care — first issued in 2001 and revised in April 2005 by the Department of Health — was superseded across the UK by October 2017. Yet the phrase persists in job titles, standard operating procedures, contracts and search queries, because the underlying obligations never went away; they were consolidated, not abolished. This explainer sets out what the term still refers to in practice, what replaced it, and the concrete checklist a UK research office needs to satisfy compliance today.

    What was the Research Governance Framework?

    The Research Governance Framework (RGF) was the Department of Health’s statement of principles, requirements and standards applying to health research within the responsibilities of the Secretary of State for Health in England. Scotland, Wales and Northern Ireland each issued their own, broadly parallel versions, so a multi-site UK trial could in practice be answering to four separate documents.

    The RGF organised obligations around five domains:

    • Ethics and patient information — protecting participants’ rights, dignity, safety and informed consent
    • Science — ensuring research design is valid and methodologically sound
    • Information — confidentiality, data handling and transparent reporting of findings
    • Health and safety, and employment — competence, training and safe working environments for researchers
    • Finance and intellectual property — transparent management of funds and fair attribution

    One point of genuine confusion: “Research Governance Framework” was never a protected or exclusive title. Non-health public bodies still publish their own documents under exactly this name for research that touches their own remit rather than the NHS — the Gambling Commission maintains a current “Research governance framework” for its evidence programme, and several local authorities (Manchester City Council, Tower Hamlets among them) use the same title for research governance approval processes involving council data or vulnerable residents. These are legitimate, separate documents; they are not the health and social care framework this article addresses, and conflating the two is a common source of misdirected compliance effort.

    What replaced it: the UK Policy Framework for Health and Social Care Research

    The Health Research Authority (HRA) became a non-departmental public body on 1 January 2015 and took on responsibility for research governance guidance in England. Working with the health departments of Northern Ireland, Scotland and Wales, the HRA then issued the UK Policy Framework for Health and Social Care Research in October 2017, replacing the four devolved Research Governance Frameworks with a single, UK-wide document. The HRA has since kept it under active revision — the version in force was last updated in January 2025.

    The structural change matters more than a rename. The RGF was organised as five fixed domains; the UK Policy Framework is organised around defined roles across the research lifecycle — funders, sponsors, researchers and their employers, research sites and care providers — with each role carrying explicit duties, rather than a single institution being expected to satisfy five generic principles.

    Aspect Research Governance Framework (2001/2005–2017) UK Policy Framework for Health and Social Care Research (2017–present)
    Geographic scope England only; Scotland, Wales and Northern Ireland each had separate equivalent documents Single framework covering all four UK nations
    Issuing body Department of Health (England) Health Research Authority, with the devolved health departments
    Structure Five fixed domains (ethics, science, information, safety/employment, finance/IP) Role-based duties across funders, sponsors, researchers, employers and sites
    Sponsor concept Introduced but loosely defined Central and explicit: every study must have an identified sponsor accepting overall responsibility
    Last major update Second edition, April 2005 Updated January 2025

    Institutions applying for MRC/UKRI clinical research funding must now nominate a sponsor as a condition of the grant, and directors of MRC institutes are required to keep systematic documentation of every project for which sponsorship responsibility has been accepted — a direct operational consequence of the framework’s sponsor-centred structure. Read more about how these governance obligations sit alongside institutional research administration functions more broadly.

    Answer-first: common research governance questions

    What is an example of a governance framework?

    The clearest current UK example is the UK Policy Framework for Health and Social Care Research, issued by the Health Research Authority and the devolved health departments. Sector-specific equivalents also exist outside health, such as the Gambling Commission’s own research governance framework, which governs a different remit entirely.

    What are the 7 Nolan principles of good governance?

    The Nolan Principles — selflessness, integrity, objectivity, accountability, openness, honesty and leadership — were set out by the Committee on Standards in Public Life in 1995. They underpin conduct expected of anyone working in or for UK public bodies, including NHS research staff and research ethics committee members.

    What are the 7 key ethical principles in research?

    Widely cited principles include social/scientific value, informed consent, favourable risk-benefit balance, independent review, respect for participants, fairness in selection and confidentiality. UK Research Ethics Committees, coordinated by the HRA, apply equivalent tests when reviewing health and social care research proposals.

    What are the 8 elements of good governance?

    A commonly cited international model (UN ESCAP) lists participation, rule of law, transparency, responsiveness, consensus orientation, equity/inclusiveness, effectiveness/efficiency and accountability. UK research governance instruments draw on the same underlying accountability and transparency principles, adapted for research-specific risk.

    The compliance checklist: what research offices must have in place

    Whichever term staff still use internally, a UK research office running health or social care studies needs the following in place to satisfy the current framework:

    • A named sponsor — an organisation or individual formally accepting overall responsibility for each study
    • Applications and approvals managed through the Integrated Research Application System (IRAS) and, where applicable, a Research Ethics Committee (REC) opinion
    • Local NHS Research and Development (R&D) permissions confirmed at every participating site before recruitment begins
    • Documented risk assessment covering ethics, scientific validity, data protection, finance and health and safety
    • A named Principal Investigator per project with defined accountability
    • Data handling compliant with UK GDPR and the Data Protection Act 2018
    • Insurance and indemnity arrangements appropriate to the research type
    • Evidence of Good Clinical Practice (GCP) training and up-to-date competency records for research staff
    • Adverse event and complaints reporting procedures, escalating to the sponsor and, where relevant, the REC
    • Records retention and archiving arrangements consistent with sponsor and funder requirements

    Institutions can cross-check specific terminology — sponsor, REC, IRAS and related definitions — against a standards-aligned research governance terminology dictionary when drafting internal SOPs.

    Implications for institutions still using RGF language

    Institutions that still reference “the Research Governance Framework” in SOPs, job descriptions or supplier contracts are not automatically non-compliant, but they are working from superseded terminology that can create real gaps. A research governance officer hired against a job description written around the five 2005 domains may miss role-based duties the UK Policy Framework assigns specifically to sponsors or funders. Auditors and REC reviewers now expect documentation mapped to the current framework’s roles, not the old domain structure, so internal policy documents drafted before 2017 — and never revisited since the January 2025 update — are a genuine compliance risk worth flagging in the next governance review cycle.

    The practical fix is straightforward: retitle internal documents to reference the UK Policy Framework for Health and Social Care Research explicitly, re-map existing SOPs from the five domains to the current role-based duties, and confirm sponsorship arrangements are documented per project rather than assumed at institutional level.

    Looking ahead

    The Health Research Authority continues to revise the UK Policy Framework rather than replace it outright — the January 2025 update is evidence of an iterative model rather than another wholesale rewrite. For research offices, that means the practical task is not tracking down a new document every few years, but keeping local SOPs, sponsorship records and R&D permissions current against a single framework that evolves incrementally. Institutions that treat “Research Governance Framework” purely as historical vocabulary, while keeping their compliance architecture mapped to the UK Policy Framework’s role-based duties, are the ones best placed to pass audit and REC scrutiny without disruption.