What is ALCOA++?
In ensuring data integrity within the pharmaceutical and medical device industries, the response to ALCOA++, which adds “Traceability” to the current ALCOA+ framework as newly emphasized by the European Medicines Agency (EMA), has emerged as a new challenge. ALCOA++ is the latest standard based on the traditional ALCOA (Attributable, Legible, Contemporaneous, Original, Accurate) and ALCOA+ (Complete, Consistent, Enduring, Available), with the addition of traceability. Particularly since the 2020s, the concept of ALCOA++ has gained attention in regulatory documents, emphasizing traceability throughout the entire data lifecycle.
Evolutionary Development of ALCOA Principles
To deepen understanding of ALCOA principles, let us organize the process of their development. Originally, ALCOA was a concept that the U.S. Food and Drug Administration (FDA) had been using since the 1990s as a fundamental principle for ensuring the reliability of records in GMP (Good Manufacturing Practice). Subsequently, with the advancement of digitalization and the proliferation of electronic records and electronic signatures, it was expanded to ALCOA+ around 2007, adding four elements: completeness, consistency, endurance, and availability.
In recent years, as regulatory requirements for data integrity have become even more stringent, the importance of traceability has been emphasized, particularly by the EMA, leading to the proposal of the concept of ALCOA++. This tenth element, “Traceability,” requires making traceable the entire process from data generation through modification, approval, to disposal.
Traceability Requirements and Regulatory Trends
The specific requirements for traceability demand tracking of the entire lifecycle from data generation to disposal. This includes records of the 4Ws: Who, When, What, and Why.
In the 2022 draft revision of EU GMP Annex 11 (Computerized Systems), which was expected to be finalized in 2023 but remains unpublished as of 2025, the integrity of audit trails and the traceability of electronic records are emphasized. The draft revision calls for measures to prevent tampering with audit trails, including accuracy of timestamps, protection of change history, and implementation of regular reviews. However, encrypted audit trails are not explicitly mandated as a requirement; rather, appropriate control measures based on the nature and risk of the system are required.
Industry Response Status
Regarding the current state of the industry, the application of ALCOA+ standards remains mainstream in PIC/S (Pharmaceutical Inspection Co-operation Scheme), with ALCOA++ positioned as an extended interpretation by the EMA and some companies. PIC/S issued “Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments” (PI 041-1) in 2021, which provides detailed explanations of data integrity management methods based on ALCOA+ principles.
Regarding the response of major measurement equipment manufacturers and pharmaceutical system vendors, Mettler-Toledo offers measurement data management systems claiming ALCOA+ compliance, while major vendors such as Emerson, Agilent, and Thermo Fisher are also advancing product development compliant with data integrity requirements. Additionally, in electronic laboratory notebooks (ELN) and laboratory information management systems (LIMS), enhancements to audit trail functions and advancement of access control management are being promoted.
In Japan, the Pharmaceuticals and Medical Devices Agency (PMDA) continues guidance based on the current ALCOA+ standards, with ALCOA++ response currently positioned as a voluntary initiative by companies. PMDA issued “Basic Concepts on Pharmaceutical Data Integrity” in 2019, proceeding with gradual response while achieving international harmonization.
Evolution of WHO Guidelines and Practical Importance
Regarding World Health Organization (WHO) guidelines, the 2016 version of TRS (Technical Report Series) 1003 Annex 5 “Guidance on good data and record management practices” provides detailed regulations and comprehensive guidelines on ALCOA principles (Note: The original document stated TRS 996, but the correct reference is TRS 1003). This guideline provides practical data management methods applicable to GxP (Good Practice in general) and is highly valued for presenting specific requirements applicable to both paper-based and electronic records.
In 2021, it was partially revised as “Guidance on data integrity,” with the scope reorganized to focus specifically on quality assurance of medical products, while maintaining core requirements regarding data integrity. Due to its specificity and high practicality in implementation, this guideline continues to be referenced by many experts and regulatory authorities, functioning as a substantive guide for corporate data integrity responses.
MHRA’s Unique Approach and Practical Significance
The UK Medicines and Healthcare Products Regulatory Agency (MHRA) adopted a unique approach in “GXP Data Integrity Guidance and Definitions” issued in March 2018. MHRA does not use the term “ALCOA+” in official documents, but rather presents “ALCOA” as a basic principle while taking the position that the four elements—Complete, Consistent, Enduring, and Available—are implicitly included as essential components of ALCOA.
The characteristic of this approach is that it clearly defines ALCOA attributes as standards applicable to both “Data Quality” and “Data Integrity.” MHRA defines data integrity as “the degree to which data are complete, consistent, and accurate” and provides practical guidance for conforming this to GxP requirements. This clear definition is evaluated as having the effect of reducing ambiguity in the interpretation of regulatory requirements and making it easier for companies to advance practical responses.
Interpretation Differences Among Regulatory Authorities and Practical Challenges
Comparing the approaches of various regulatory authorities reveals the following characteristics.
Comparison of ALCOA Interpretations by Major Regulatory Authorities
| Regulatory Authority | Officially Adopted Standard | Positioning of Traceability | Guidance Issue Year | Characteristic Approach |
| EMA | ALCOA++ | Emphasized as explicit requirement | Continuous updates | Emphasizes traceability in EU GMP Annex 11 draft revision |
| FDA | ALCOA/ALCOA+ | Implicitly included as audit trail requirement | 2018 (Data Integrity Guidance) | Emphasizes coordination with 21 CFR Part 11 |
| MHRA | ALCOA | Interpreted as essential element of ALCOA | 2018 | Integrated approach to data quality and integrity |
| WHO | ALCOA+ | Part of lifecycle management | 2016 (TRS 1003), 2021 revision | Emphasizes applicability to GxP in general |
| PIC/S | ALCOA+ | Addressed through risk-based approach | 2021 (PI 041-1) | Presents practical data management methods |
| PMDA (Japan) | ALCOA+ | Recommends gradual response | 2019 | Considers actual circumstances while achieving international harmonization |
Regarding industry response and future trends, many experts recommend continued use of the WHO 2016 guideline (TRS 1003 Annex 5) due to its high practicality as an implementation guideline. This guideline contains abundant specific implementation examples and judgment criteria, functioning as a practical guide when companies actually design systems and establish operational procedures.
On the other hand, there are also movements to consider adopting ALCOA++, which emphasizes traceability requirements, centered on the EMA. Particularly for companies operating within the EU, it is important to monitor trends in the revision of EU GMP Annex 11 and advance the enhancement of traceability functions.
Differences in interpretation among regulatory authorities—for example, the EMA’s “explicit mandating of traceability,” MHRA’s “inclusive interpretation within ALCOA principles,” and the FDA’s “flexible response based on risk”—present practical challenges for companies operating globally. Companies need to achieve system design and process management that meets regulatory requirements in each market while avoiding excessive complexity.
Detailed Comparison of Guidelines and Practical Implications
A more detailed comparison of the characteristics of each guideline clarifies the differences in regulatory approaches.
The WHO 2016 guideline (TRS 1003 Annex 5) adopts a comprehensive approach covering all GxP, including GMP, GCP (Good Clinical Practice), GLP (Good Laboratory Practice), and GDP (Good Distribution Practice), providing detailed guidelines on data integrity. The strength of this guidance lies in its practical content, including response to paper-based and hybrid systems (combined use of paper and electronic systems).
In contrast, the MHRA 2018 guidance focuses on GMP and GDP while presenting clear ALCOA standards and their interpretation. It is particularly characteristic in introducing the concept of “data lifecycle,” emphasizing the importance of ensuring integrity at each stage of data generation, processing, reporting, storage, retrieval, and disposal.
The FDA Data Integrity Guidance (2018) emphasizes consistency with 21 CFR Part 11 (regulations on electronic records and electronic signatures), focusing particularly on ensuring data integrity in computerized systems. The FDA’s approach is characterized by flexibility that adopts risk-based thinking as a fundamental principle and recognizes staged management according to the importance of systems.
Latest Regulatory Trends (2024-2025)
From 2024 to 2025, the regulatory environment regarding data integrity continues to evolve.
The revision process of EU GMP Annex 11 is ongoing, and as of January 2025, the final version has not been issued. However, regarding the direction indicated in the draft revision, it is expected to incorporate requirements addressing modern IT environments, including the use of cloud-based systems, utilization of artificial intelligence (AI) and machine learning (ML), and management of remote access.
Additionally, in PIC/S, to address data integrity risks accompanying the advancement of digital transformation (DX), sharing of inspection cases among member countries and unification of interpretations have been promoted since 2023.
Furthermore, at the International Council for Harmonisation of Technical Requirements for Pharmaceuticals for Human Use (ICH), the development of new guidelines on data integrity is being considered, and global harmonization is expected to advance.
Recommendations for Practical Response
For companies to effectively respond to data integrity requirements, attention to the following points is recommended.
First, adopting a risk-based approach is important. Rather than applying the same level of management to all data and systems, it is efficient to prioritize based on patient safety, product quality, and data importance, and determine appropriate management levels.
Next, establishing a governance structure is essential. It is necessary to develop policies and standard operating procedures (SOPs) regarding data integrity and implement awareness-raising and training at all levels, from management to field workers.
As technical measures, implementation of audit trail functions, appropriate management of access rights, establishment of data backup and recovery procedures, and execution of system validation are recommended. Particularly regarding audit trails, it is important not only to implement the function but also to establish mechanisms for regular review and anomaly detection.
Furthermore, fostering a quality culture is ultimately the most important element in the long term. Cultivating an organizational culture where employees understand the importance of data integrity and can voluntarily take appropriate actions in daily work becomes the foundation of a sustainable compliance system.
Conclusion and Future Outlook
Comprehensively judging these circumstances, it can be concluded that the practical utility of the WHO 2016 guideline (TRS 1003 Annex 5) and the practical approach in MHRA’s ALCOA interpretation are highly evaluated by many experts, and this is based on objective facts and industry experience.
Particularly, the emphasis on traceability requirements in EU GMP Annex 11 and the differences in ALCOA interpretation among regulatory authorities are likely to have a significant impact on the development of future data integrity guidance. Companies need to construct flexible yet robust data integrity management systems according to their global expansion strategies while monitoring these trends.
Ultimately, more important than the differences in terms such as ALCOA, ALCOA+, and ALCOA++ is understanding and practicing the essential purpose of data integrity underlying them: “ensuring patient safety and product quality through decision-making based on reliable data.” Response to regulatory requirements should be positioned not merely as a compliance issue but as something that forms the foundation of a company’s quality culture and business continuity.
Comment