未分類

What is Data Integrity?

1. Introduction: The Growing Importance of Data Integrity

In recent years, the importance of “Data Integrity” has reached unprecedented levels in the pharmaceutical industry and broader life sciences sector. This heightened focus stems from regulatory authorities such as the U.S. Food and Drug Administration (FDA) and the European Medicines Agency (EMA) making data integrity a key inspection focus. Particularly since 2024, the FDA has published new data integrity guidance for bioavailability and bioequivalence studies, while the EU released a substantially revised draft of Annex 11 (Computerised Systems) for public consultation in July 2025, demonstrating that regulatory requirements continue to evolve. This article explains the role of data integrity, its fundamental concepts, and how ensuring it directly impacts the reliability of regulatory submissions, incorporating the latest regulatory developments while maintaining professional rigor in a manner accessible to beginners.

2. Fundamental Concepts of Data Integrity

Data integrity literally means “the completeness of data.” Specifically, it refers to “ensuring that generated data is accurately and completely stored, maintained, and utilized.” In international regulatory documents, such as the FDA’s “Data Integrity and Compliance with Drug CGMP: Questions and Answers” guidance, data integrity is defined as “data that has the quality of being complete, consistent, and accurate,” with emphasis on being “reliable, reproducible, and free from falsification or alteration.”

One principle that embodies this concept is the “ALCOA principle.” Proposed by Stan W. Woollen of the FDA in the 1990s, this principle uses each letter to represent the following:

The Five Elements of ALCOA:

  • A (Attributable): Identifies who recorded the data
  • L (Legible): Data is readable
  • C (Contemporaneous): Data is recorded at the time of the activity
  • O (Original): Data exists in its original form
  • A (Accurate): Data is accurate

However, with technological evolution and advancing digitalization, the ALCOA principle has been expanded, and what is now known as “ALCOA+” or “ALCOA++” has become the industry standard as a comprehensive framework.

Additional Elements of ALCOA+ (Added in 2010):

  • C (Complete): Complete—all data is recorded with nothing omitted
  • C (Consistent): Consistent—data is chronological and free from contradictions
  • E (Enduring): Enduring—data is retained for the period required by regulations
  • A (Available): Available—data is accessible for audits and reviews when needed

Further Addition in ALCOA++ (From 2023 Onwards):

  • T (Traceable): Traceable—all change history is recorded as audit trails

Adhering to these ALCOA++ principles is the fundamental prerequisite for ensuring data integrity in modern GxP (Good Practice) regulations. FDA guidance is based on ALCOA principles, while the EU’s Annex 11 (2025 revision) explicitly requires ALCOA+, demonstrating progressing international harmonization.

3. FDA Inspections and Data Integrity

During FDA inspections, actions that compromise data integrity are subject to severe scrutiny. For example, retrospective modification or deletion of data, alteration of records by unauthorized personnel, and absence of audit trails are considered serious compliance violations. In worst-case scenarios, these can lead to product recalls, warning letters, import alerts, consent decrees, and even application rejections.

Inspectors pay particular attention to electronic record management. Because traces of misconduct or operational errors are less conspicuous than with paper media, system audit trails, electronic signature operations, and the presence of secure access controls are strictly monitored. The draft guidance “Data Integrity for In Vivo Bioavailability and Bioequivalence Studies,” published by the FDA in April 2024, focuses on the integrity of clinical and bioanalytical data in bioequivalence studies, requiring testing sites to establish data integrity management systems at the executive management level.

Additionally, in 2025, the FDA launched the “Radical Transparency Initiative,” publicly releasing over 200 Complete Response Letters. This has clarified major vulnerabilities in the industry and FDA’s priority surveillance areas, further emphasizing the importance of data integrity. Furthermore, the FDA is utilizing artificial intelligence (AI) tools (e.g., Elsa) to identify high-risk inspection targets, increasing demands for data transparency and integrity.

4. Latest EU Regulatory Developments: Major Revision of Annex 11

On July 7, 2025, the European Commission and PIC/S (Pharmaceutical Inspection Convention and Pharmaceutical Inspection Co-operation Scheme) released a substantially revised draft of EU GMP Annex 11 “Computerised Systems” for public consultation. Considering that the previous revision was in 2011, this represents the first major update in 14 years. This revision reflects the emergence of new technologies such as cloud computing, AI/machine learning (ML), and digital service providers.

Key Changes in the Revised Annex 11:

Area of Change Key Content
Document Expansion Expanded from 5 pages to 19 pages, providing more detailed guidance
Explicit ALCOA+ Explicitly requires ALCOA+ as data integrity principles (not included in the 2011 version)
Lifecycle Management Enhanced validation and management throughout the system lifecycle
Cloud Systems Added detailed requirements for cloud service utilization
AI/ML Support Requirements for AI/ML algorithm use (coordinated with new Annex 22)
Audit Trails Mandates automatic logging of all user operations; prohibits disabling or deleting audit trails in principle
Data Security Strengthened alignment with NIS2 Directive and ISO 27001
Clarification of Responsibilities Clearly states that responsibility cannot be outsourced even when using cloud or AI providers

This revised version underwent public consultation until October 11, 2025, with the final version expected to be published in mid-2026. Additionally, the newly established Annex 22 “Artificial Intelligence” permits only static, deterministic AI/ML models for use in GMP environments, applicable to applications with direct GMP impact such as product release decisions and data classification.

5. Impact on Regulatory Submission Reliability

If data integrity is not maintained, the credibility of the entire regulatory submission based on that data is compromised. Data in pharmaceutical applications forms the foundation for product quality, safety, and efficacy. Therefore, if data is falsified or contains deficiencies, regulatory authorities will question the entire submission and may, in some cases, refuse to accept the application. Consistency with the FDA’s “Application Integrity Policy” is emphasized, and applications may not proceed to review unless data integrity violations are remedied.

The reliability of regulatory submissions means “the supporting data is authentic and consistent,” which is not merely a matter of documentation formality but is directly connected to fundamental business risks and patient safety. Data integrity issues not only lead to decreased product quality and potential risks to patients but also seriously impact corporate reputation, market access, and profitability.

6. Required Measures in Practice

What measures are necessary in practice to ensure data integrity? Below are key measures based on the latest regulatory requirements.

Basic Organizational Responses:

First, establishing and thoroughly implementing Standard Operating Procedures (SOPs) and raising employee awareness through training and education are essential. The FDA guidance explicitly states that employee training for preventing and detecting data integrity issues is consistent with personnel requirements in CGMP requirements (§§ 211.25 and 212.10). Employees must understand their roles and responsibilities, particularly their obligations regarding data integrity, security, and compliance with GMP principles.

Electronic Record System Management:

For implementing and maintaining electronic record systems, the following are important:

  • Access Control: Implementation of Role-Based Access Control (RBAC), prohibition of shared accounts, use of individual user IDs
  • Audit Trails: Implementation of automatic audit trails recording “who, what, when, and why” for all critical activities, regular review of audit trails
  • Electronic Signatures: Appropriate implementation of electronic signatures equivalent to handwritten signatures (compliant with 21 CFR Part 11 and Annex 11 requirements)
  • Data Backup and Recovery: Establishment of regular data backup and recovery procedures, periodic verification of their effectiveness
  • System Validation: Risk-based system validation, ongoing qualification assessment

Risk Management:

The revised Annex 11 emphasizes a risk-based approach throughout the system lifecycle. Risk assessments should be conducted based on well-documented evaluations considering patient safety, data integrity, and product quality.

Supply Chain Management:

Data integrity management across the entire supply chain, including external contractors, is required, with consistent oversight through vendor evaluation and audit activities being essential. Even when using cloud services or AI/ML providers, manufacturers bear ultimate responsibility and must establish formal contracts with service providers defining clear responsibility allocation.

Utilization of Digital Technologies and AI:

Regulatory trends in 2025 promote digital transformation and appropriate use of AI technology. However, when introducing these technologies, they must be limited to static, deterministic models with appropriate validation, monitoring, and maintenance. AI/ML systems must be designed, validated, monitored, and maintained to ensure patient safety and data integrity.

7. Conclusion

Ensuring data integrity is not merely a procedural matter for regulatory compliance. It is a fundamental concept that scientifically supports the safety and efficacy of pharmaceuticals and sustains societal trust. The regulatory environment is rapidly changing, including the evolution from ALCOA principles to ALCOA++, new FDA guidance, substantial revision of EU Annex 11, and the introduction of new Annex 22 for AI/ML.

From 2025 onwards, the FDA has established more advanced oversight systems, including identification of inspection targets using AI tools, strengthened industry surveillance through the “Radical Transparency Initiative,” and clarification of data integrity requirements for bioequivalence studies. The EU is also developing a comprehensive framework addressing cloud computing, AI/ML, and digital service providers.

In anticipation of increasingly sophisticated regulatory authority demands, continuing to strengthen data management systems organization-wide is essential for sustainable business operations. Data integrity is part of quality culture, ensuring reliability in all pharmaceutical processes and systems by guaranteeing traceability and security, enabling identification and tracking of changes, preventing losses, and protecting historical records and inventory. In the digital age, investment in data integrity is a strategic imperative for ensuring patient safety, regulatory compliance, and corporate competitiveness.

The Difference Between Correction and Corrective Action: ISO 9000:2015 Definitions and Practical Application Previous post The Essence of CAPA Systems: A Continuous Improvement Framework Supporting the Core of Quality Assurance Next post

Related post

Comment

There are no comment yet.