Data generated according to Good Laboratory Practice (GLP) are increasingly generated and retained in electronic format. Measures of IT security aim to protect electronic GLP data and applications against the specific hazards encountered in the computerised environment. Threats and attacks on systems containing GLP data and corresponding measures to ensure security of such systems are constantly evolving, especially for systems and services being provided over or interfacing the internet. Handling of IT security may be outsourced by test facilities to external service providers. However, the responsibility remains with the test facility. This position paper provides an overview of considerations regarding IT security and GLP test facilities.