Basic Components of Data Integrity
Data integrity is an essential concept in pharmaceutical manufacturing and quality control, and it has become one of the most critical inspection items by regulatory authorities. This article explains the basic components of data integrity, taking into account the latest regulatory trends.
Basic Principles of Data Integrity
Data integrity is based on the internationally recognized ALCOA principles, and further on the ALCOA+ (ALCOA Plus) principles. These principles consist of the following elements.
ALCOA Principles (Basic 5 Elements)
A – Attributable: The creator and creation date/time of data must be clearly identifiable. All records must document “who did what and when.”
L – Legible: Data must be readable. Handwritten records must be clearly written, and electronic records must be stored in a format that remains legible throughout the retention period.
C – Contemporaneous: Data must be recorded at the time the event occurs. Recording data retrospectively should be avoided as it carries risks of inaccurate memory or intentional alteration.
O – Original: Data must be original, not copies or transcriptions. The initially captured information (raw data) must be preserved.
A – Accurate: Data must accurately reflect reality without errors. This includes many aspects such as proper equipment operation, accurate use of reagents, and accuracy in data transcription and calculations.
ALCOA+ Principles (Extended 4 Elements)
In addition to the ALCOA principles, the PIC/S Guidance (PI 041-1) and EU GMP Annex 11 (2023 revision) have adopted the ALCOA+ principles, which add the following four elements.
C – Complete: Data must be complete with no omissions, with all necessary information present. For example, the numerical value “140” alone has no meaning; completeness is only achieved when it is accompanied by metadata indicating that it is the systolic blood pressure of a specific patient at a specific date and time. If part of a manufacturing record is lost, traceability is compromised, potentially having a serious impact on patient safety.
C – Consistent: The same results must be obtained when a process is reproduced. Whether different analysts perform the same test or the same data is reanalyzed, consistent results must be obtained. Inconsistencies in data call into question the reliability of product quality.
E – Enduring: Data must be retained throughout the regulatory-required retention period and remain legible during that time. In the case of electronic record systems, data readability must be maintained even with system updates or hardware changes.
A – Available: Data must be readily available when needed. It must be accessible in a timely manner when inspectors or quality assurance personnel conduct reviews.
Evolution to ALCOA++ (Addition of Traceability)
In regulatory documents from 2021 onward, particularly in the 2023 revision of EU GMP Annex 11, the concept of ALCOA++, which adds “T – Traceable” to ALCOA+, has been introduced.
T – Traceable: Throughout the entire lifecycle of data from generation to destruction, all changes and operations must be recorded as an audit trail and be traceable. Who, when, what, and why changes were made must be completely recorded.
Practical Aspects of Data Integrity
Ensuring Completeness
Data completeness means not only that data exists, but that all contextual information (metadata) that the data should have is present.
Consider the example of a measured value “140.” This numerical value alone lacks the following critical information:
- Whose measurement is it (patient identification)
- When was it measured (date and time)
- What was measured (systolic blood pressure)
- How was it measured (measurement method, equipment used)
- Who measured it (measurer)
Only when all of this metadata is present does the data have completeness and become meaningful information. The same applies to manufacturing records; all information necessary to ensure traceability must be recorded, including manufacturing order number, manufacturing date and time, operator name, lot numbers of raw materials used, and identification information of manufacturing equipment.
Ensuring Accuracy
Data accuracy is a fundamental element of data integrity. Ensuring accuracy requires a multi-layered approach including the following.
First, proper qualification (calibration, validation) of measurement and analytical instruments is a prerequisite. If instruments are not properly calibrated, accurate data cannot be obtained no matter how carefully they are operated.
Next, proper management and use of reagents and reference materials is important. For example, if the amount of reagent is incorrect in a quality test, that error will completely undermine the reliability of the test results. Accuracy is required in each process, such as reagent weighing, solution preparation, and dilution operations.
Furthermore, accuracy must be maintained during data transcription and calculation processes. In situations where human operations are involved, such as transcription from handwritten records to computer systems, calculations using calculators, and processing with spreadsheet software, there is a risk of transcription errors, input errors, and calculation errors. To prevent these errors, measures such as double-checking, electronic verification, and automation are implemented.
Ensuring Consistency
Data consistency means that when measurements or tests are repeated under the same conditions, the same results are obtained. This is closely related to the concepts of “reproducibility” and “repeatability” in analytical method validation.
When different analysts perform tests following the same analytical method, the results must agree within acceptable ranges. If large variations are observed, there may be problems with the validity of the analytical method, analyst skills, or equipment condition.
Consistency in time-series data is also important. In process parameter monitoring data and environmental monitoring data for manufacturing processes, unnatural fluctuations or contradictory data patterns undermine data reliability. When inconsistencies between data are discovered, the cause must be thoroughly investigated and corrective actions taken as necessary.
Ensuring Security
Data security means protecting data from tampering, unauthorized access, and unintended deletion. This includes both physical and electronic security.
Appropriate access controls are essential to prevent intentional tampering. For paper records, this includes management of record sheets, restricted access to record rooms, and establishment of record revision procedures. For electronic records, authentication through user IDs and passwords, role-based access permission settings, and automatic recording of audit trails are required.
Protection from accidental changes or deletions is also important. It is necessary to minimize the risk of data loss by establishing backup systems, ensuring data redundancy, and developing disaster recovery plans. Particularly for electronic record systems, regular backups, verification of backup data, and periodic testing of recovery procedures are recommended.
The 2023 revision of EU GMP Annex 11 mandates the implementation of encrypted audit trails as a measure to prevent tampering with electronic records, requiring all data changes to be recorded as cryptographically protected audit trails.
Regulatory Authority Trends
FDA (U.S. Food and Drug Administration)
The FDA issued draft guidance “Data Integrity and Compliance With Drug CGMP: Questions and Answers” in 2016, clarifying data integrity requirements in relation to 21 CFR Part 11. In 2024, it published new data integrity guidance for bioequivalence studies, further specifying requirements.
EMA (European Medicines Agency) and PIC/S
PIC/S issued guidance “Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments (PI 041-1)” in July 2021, adopting ALCOA+ principles. EU GMP Annex 11 was significantly revised in 2023, incorporating data integrity requirements based on ALCOA++ principles, mandatory encrypted audit trails, and response to cloud computing.
Japan (Ministry of Health, Labour and Welfare / PMDA)
In Japan, the revised GMP Ministerial Ordinance was enforced in August 2021, explicitly incorporating the concept of data integrity. PMDA inspections also focus on ensuring data integrity based on ALCOA+ principles.
Comparison of Data Integrity Principles
The evolution of data integrity principles can be summarized in the following table:
| Principle | ALCOA (1990s) | ALCOA+ (2010s) | ALCOA++ (2021-) |
| Attributable | ✓ | ✓ | ✓ |
| Legible | ✓ | ✓ | ✓ |
| Contemporaneous | ✓ | ✓ | ✓ |
| Original | ✓ | ✓ | ✓ |
| Accurate | ✓ | ✓ | ✓ |
| Complete | — | ✓ | ✓ |
| Consistent | — | ✓ | ✓ |
| Enduring | — | ✓ | ✓ |
| Available | — | ✓ | ✓ |
| Traceable | — | — | ✓ |
Key Regulatory Guidance Documents
| Authority | Document | Year | Key Focus |
| FDA | Data Integrity and Compliance with Drug CGMP: Questions and Answers | 2016 (Draft) | ALCOA principles, 21 CFR Part 11 |
| FDA | Bioequivalence Study Data Integrity Guidance | 2024 | BE study-specific requirements |
| PIC/S | PI 041-1: Good Practices for Data Management and Integrity | 2021 | ALCOA+ principles, comprehensive guidance |
| EMA | EU GMP Annex 11 (Computerized Systems) | 2023 (Revision) | ALCOA++, encrypted audit trails, cloud computing |
| MHRA | GXP Data Integrity Guidance and Definitions | 2018 | ALCOA principles |
| WHO | TRS 996 Annex 5 | 2016 | Comprehensive ALCOA guidance |
| Japan MHLW | Revised GMP Ministerial Ordinance | 2021 | Data integrity requirements |
Conclusion
Data integrity is a comprehensive concept that has evolved from ALCOA principles to ALCOA+ and then to ALCOA++. It is composed of multifaceted elements including completeness, accuracy, consistency, endurance, availability, security, and traceability, and ensuring all of these is essential for pharmaceutical quality assurance and protecting patient safety.
Regulatory authority inspections rigorously examine how these elements are actually practiced in daily operations. Companies need to build and maintain robust data integrity management systems while responding to technological advances and changes in regulatory requirements. The implementation of ALCOA++ principles, including comprehensive audit trails and traceability throughout the data lifecycle, represents the current state-of-the-art in data integrity management and should be the target standard for all pharmaceutical manufacturing and quality control operations.
Comment