Source Data Verification (SDV) in clinical trials: documenting the monitoring visit with FDA-compliant evidence
In a clinical trial governed by FDA and EMA, the on-site monitoring visit is the moment when the data recorded by the site is measured against the patient's clinical reality. This is where the Clinical Research Associate (CRA) confirms that what reached the eCRF actually matches the chart, the signed consent, the pharmacy log. It is also the point an inspection will return to, months or years later, looking for proof that the check was done.
The difficulty is that the proof of the check is often more fragile than the check itself. Source data verification gets carried out with rigor, but its documentation ends up in a monitoring visit report that was printed and scanned, in photos taken on a phone, in emails that were never archived to standard. When an inspector asks when a given verification was performed and by whom, the answer does not always hold.
The operational question, then, is not only "how do you run SDV", but "how do you make the documentation of that visit defensible". The answer is to treat the monitoring visit report as data in its own right, with a timestamp, verifiable integrity and a chain of custody, exactly as you would demand of the trial data. Documenting the visit at the source, the moment it happens, is worth far more than reconstructing it afterward from scans and screenshots.
This insight is part of our guide: certified clinical trial documentation, which frames the broader question of the probative value of a trial's data.
What source data verification is and what the monitor does during the monitoring visit
Source data verification is the comparison between the data entered in the eCRF and the original source documents at the trial site: charts, lab reports, informed consent, pharmacy log. During the monitoring visit the CRA confirms that every transcribed value is accurate and traceable back to its source, checks eligibility, adverse events and investigational product handling, and records any protocol deviations.
SDV is the backbone of the monitoring described in ICH-GCP E6, the framework that governs how trials are conducted. In recent years the FDA has pushed toward risk-based monitoring: no longer 100% verification of every field, but targeted checks on the critical data. This does not lower the importance of the proof. It concentrates it. If you verify less, what you do verify has to be documented in a way that cannot be challenged.
The SDV process step by step
The monitor does not improvise. The visit follows a sequence that touches the points where an error or a gap carries the most weight in an inspection. It starts from the critical eCRF data and works back to the source document that justifies each value: a blood pressure reading, a dosing date, a laboratory result, each one has to find its counterpart in the chart. According to Hamidi (2024, PMC), it is precisely this field-by-field comparison that defines SDV. The checklist below summarizes what the CRA verifies and what evidence has to remain.
| What the monitor verifies | On which source | Evidence that must remain |
|---|---|---|
| Transcription of critical data | eCRF against chart and lab reports | Documented record of the comparison |
| Informed consent | Signed and dated form, approved version | Signature and reliable date before any procedure |
| Adverse events and SAEs | Patient clinical documentation | Concordance between the AE in the chart and in the eCRF |
| Investigational product | Pharmacy log and patient diary | Reconciliation of received, dispensed and returned units |
| Protocol deviations | Site documentation | Record of the finding and the agreed action |
On consent, a reliable date is not a detail: a form that cannot be dated with confidence is contestable. On adverse events, an event present in the chart but missing from the eCRF, or the reverse, is a finding that has to be closed.
SDV vs SDR compared
SDV and source data review (SDR) are often confused, but they answer different questions. SDV asks whether the value was transcribed correctly. SDR asks whether the value, at the source, makes sense from a clinical and protocol standpoint. Advarra and Medidata draw the line between the two on exactly this axis: transcription accuracy against the medical consistency of the original record.
| Aspect | Source Data Verification (SDV) | Source Data Review (SDR) |
|---|---|---|
| Core question | Does the eCRF value match the source? | Is the source medically and protocol-consistent? |
| Object | The single transcribed field | The source document as a whole |
| Type of check | Point comparison of CRF against source | Clinical and protocol-conformity assessment |
| Example finding | Lab value differs between chart and eCRF | Questionable eligibility not justified in the chart |
| Focus | Accuracy of the transcription | Quality and plausibility of the original data |
The two activities are complementary. A value can pass SDV (transcribed well) and fail SDR (the source itself is inconsistent). That is why the monitoring visit report has to account for both, not only for the field-by-field comparison.
The operational gap that strips documentation of its evidentiary value
The weak point is almost never the check itself, it is its traceability. The ALCOA+ principle requires every data point to be Attributable, Legible, Contemporaneous, Original and Accurate, on top of being complete, consistent, enduring and available. In its guidance on computerized systems used in clinical trials, the FDA asks for records that are attributable and contemporaneous.
Several common practices break that very chain. A consent that is printed and rescanned loses the original and the reliable date. A photo of an adverse event taken on a phone is neither attributable nor necessarily contemporaneous: there is no certainty about when or on which device it was captured. An email in which the monitor flags a finding, if it is not archived to standard, does not hold as proof. The check was done, but the proof of it does not survive a rigorous inspection.
How to make the monitoring visit report defensible evidence
To withstand an FDA or EMA inspection, the monitoring visit report has to be born as evidence: a timestamp at the moment of acquisition, integrity that can be verified through a hash, a chain of custody documented from the visit to the handover to the sponsor. What matters most is when you certify it. Capturing and certifying during the visit preserves the probative value that print-and-scan after the fact tends to lose.
Timestamp, integrity (hash) and chain of custody of the report
Three elements make a document defensible, and it helps to keep them apart. The timestamp answers when. It anchors the report to a reliable, non-repudiable instant, so no one can later claim the visit or the check was documented after the fact. The hash answers whether the file has been touched. It is the file's fingerprint, it changes at the slightest edit, and it lets anyone confirm that the report the sponsor received is identical to the one the monitor signed. The chain of custody answers who held what, recording the handover from the CRA to the sponsor with no gaps.
This is exactly what ALCOA+ and regulatory expectations already ask of trial data. Applying the same standard to the visit report means treating the proof of the check with the rigor you would give the data under check.
Certified visit documentation with TrueScreen (capture plus integrated QTSP seal)
TrueScreen documents the monitoring visit with a forensic methodology, at the moment it happens. TrueScreen lets the monitor acquire consent forms, pharmacy logs and adverse-event records as certified evidence, each sealed with a qualified timestamp via an integrated third-party QTSP. The monitor does not reconstruct the visit afterward: it is certified while it is being conducted.
In practice this changes how the report comes into being. It is generated with forensic acquisition and reliably dated. The CRA closes the visit checklist with their own electronic signature, which binds an identity to the verification. Organizations use TrueScreen to turn the monitoring visit report into a tamper-evident exhibit, with an integrity hash delivered to the sponsor, so the sponsor can independently confirm that nothing changed between site and office. It is the opposite of print-and-scan: the proof is born to standard instead of being rebuilt later in the hope that it holds. TrueScreen, the Data Authenticity Platform, captures source documentation at acquisition rather than certifying a print-and-scan after the fact. The same logic covers a finding sent to the site, which once acquired and certified stops being a fragile email.
For the wider picture, our guide on Source Data Verification and monitoring visit documentation connects this aspect to the entire trial lifecycle.
FAQ: Source Data Verification and the monitoring visit
What is the purpose of source data verification?
It exists to confirm that the data entered in the eCRF matches the site's source documents. The monitor compares recorded values field by field against charts, consent and the pharmacy log, so that the trial results are accurate, traceable and defensible in an FDA or EMA inspection.
What is the purpose of a monitoring visit?
The monitoring visit verifies on site that the center is running the trial according to protocol and ICH-GCP. The CRA checks informed consent, eligibility, adverse events, investigational product handling and protocol deviations, protecting both patient safety and data quality.
What is the difference between SDV and SDR?
SDV verifies whether the data was transcribed correctly from the source to the eCRF. SDR, source data review, assesses whether the source itself is consistent from a clinical and protocol standpoint. The first is about transcription accuracy, the second about the plausibility of the original data.
How do you prepare for a monitoring visit?
The CRA reviews the protocol, the eCRF data to be verified, the open findings from previous visits and the status of the investigational product. They prepare the checklist of critical points, from consents to adverse events, and agree with the site on access to the source documents.
How do you make a monitoring visit report usable as inspection evidence?
By documenting the visit at the source and certifying it right away, with a timestamp, a hash for integrity and a chain of custody. The report then answers "when", "has it been altered" and "who held what", instead of relying on scans and photos that are hard to attribute.
What does the monitor verify on consent, adverse events and investigational product?
On consent, they check signature, date and approved version before any procedure. On adverse events, they compare the eCRF against the clinical documentation. On the product, they confirm that receipt, dispensing and returns reconcile with the pharmacy log.
