Data integrity is a key component in making informed decisions within any organization.  Reliable data promotes good decisions. Unmanaged and inaccurate data will have consequences on a company’s quality output, state of compliance, the risk to patient safety, and ultimately, the bottom line.

There are many risks inherent in poor data management. Without the ability to eradicate these risks, gaps will inevitably exist and a quality system will not reach a reliability level that government agencies such as the FDA, expect to see. This article focuses on principles for managing data integrity while minimizing risk.

Key Principles of Data Integrity

Data integrity is best defined as the extent to which data is complete, accurate, and reliable throughout its lifecycle. Furthermore, data integrity is expected to be demonstrated under CGMP guidelines. To better understand what constitutes good data, companies should consider the ALCOA Plus (ALCOA +) principles of data integrity. The ALCOA acronym was first coined by Stan W. Woollen from the FDA’s Office of Enforcement in the 1990s.  Though it originates in the US, the deployment has been adopted by many global companies because it ensures that data achieve the fundamental elements of quality and if followed, helps to assure the integrity of data.

Breaking Down ALCOA

ALCOA is an acronym that stands for Attributable, Legible, Contemporaneous, Original, and Accurate. The five core principles were expanded to include additional concepts which are; Complete, Consistent, Enduring, and Available. These principles are important throughout the constructs of the data lifecycle. The original ALCOA principles are defined as:


All data within your organization should be attributed to the individual who created it. Attribution includes timestamps (e.g., electronic signatures) of when the data was created to provide clear traceability.


Data should be legible and permanent. This means that it should be easily readable and to any person who looks at the data. Therefore, the materials and methods used to collect and present data must be solid and durable.


The time of data collection should correspond with the time of data recording. In the words of the FDA, “you must document, or save, the data at the time of performance to create a record in compliance with CGMP requirements.” If the dates and timestamps on your data don’t follow this protocol, the data can be deemed unreliable.


Your data must be preserved in its original form, i.e., where it was first recorded. It must also be reviewed and approved using a standardized process.


Your data must be free of errors, complete, and truthful. All changes made to the data must be indicated, as well as who made the change and why.

While these were the original principles of ALCOA, the expanded version, ALCOA + adds the following:


All data should have an audit trail that shows full accountability for all data including older, archived data.


Data must be timestamped to show that it was chronological and done in the expected sequence.


All data must be available long after it is recorded and should be recorded in a manner that will last and maintain searchability and readability.


This final principle states that all data must be accessible as needed throughout the lifecycle of the data. Electronic quality systems enable permissions to be granted to users based on their need to view and update information. With proper controls, access can be restricted to minimize risk to the data.

Data not only drives decision-making in any organization, but it also helps ensure a high level of quality within products or services. Following the ALCOA+ principles and incorporating them as a process helps prevent errors, increase quality, and improve compliance posture.

Common Threats to Data Integrity

FDA expects all data within regulated industries to follow the ALCOA+ principles to lower the risk of improper data gathering. Below are some common threats to data integrity that companies face:

Unreliable Data

Unreliable data is a key threat to data integrity as it challenges the basis for decision-making. This includes anything from duplicate records to inaccurate and missing data, such as the lack of the original record.

Human Error

Companies that are relying on paper processes have several potential issues, from misplacing information to the risk of human error. If managing data manually, your organization risks employees inputting incorrect information, deleting important information, or duplicating the data.

Lack of Revision History

Manual and spreadsheet-based systems are consistent points of failure in data integrity analysis. Part of ensuring data integrity is showing when a document was issued when it was revised, and who revised it. Any time data is conflicting or ambiguous, the entire document history becomes questionable and the process is flawed. Electronic document management eliminates human error with editing, signatory, and versioning controls.

Using an Automated Quality Management System to Ensure Data Integrity

The FDA (2018) recommends training to identify and prevent data integrity issues as part of routine CGMP training. An automated quality management system (QMS) is designed with built-in features that improve the quality of data collection, protection, and preservation including:

Audit Trails

An audit trail is a key component of learning exactly what happened to the data throughout its lifecycle. A robust audit trail demonstrates the traceability of data.  Where the data originated, how it was changed, how it was used, and when and why it was modified. This insight is not only necessary for regulatory inspections but is also indicative of a process-centric organization.

Access Control

The ability to record, make changes to, or delete your organization’s data must be controlled in order to ensure data integrity. To do this effectively, roles and access types need to be defined. The QMS document control system enables you to indicate who is responsible for each document phase and has permission to view or make changes to the data. This ability also allows an organization to limit access to the data, ensuring only those who need visibility can access this information.

Electronic Signatures

The 21 CFR Part 11 regulation for electronic signatures supports companies’ adherence to the first principle of ALCOA +. It does so by ensuring that the data is able to be traced back to the person who entered it as well as the time it was entered.


All CGMP workflows, not just electronic signatures and time stamps, need to validate against their intended use to demonstrate that all workflows run correctly. As per ISO 13485, “the organization shall document procedures for the validation of the application of computer software used in the quality management system.

An electronic QMS coupled with validation expertise enables a faster validation process, even automating future test script execution to ensure compliance in less time, using fewer resources.


Ensuring data integrity using a standardized process for collecting, documenting, and storing all data accurately and completely demonstrates that data that is reliable is better able to document regulatory compliance. With the availability of automation and quality management systems, the FDA perceives non-commitment to data assurance as indicative of a poor quality culture.

An effective QMS not only offers a workflow-driven system that guides the collection and recording of quality data but supports integration to key data sources in a company’s IT ecosystem. Checks and balances built into the system eliminate gaps and enable organizations to use the data intuitively for informed decision-making.   Implementing an automated QMS helps organizations follow the principles of ALCOA+ while minimizing risks to data accuracy.

Get in touch with AssurX today for more information on how our quality management solutions and integration capabilities can help you effectively manage the data within your organization and adhere to the principles of data integrity.