2. What is Data Integrity?
The extent to which all data are complete,
consistent, and accurate throughout the data
lifecycle.
From initial data generation and recording
through processing (including transformation
or migration), use, retention, archiving,
retrieval and destruction.
Definition
5. Ensuring data integrity through ALCOA :
• The acronym ALCOA has been around since the 1990’s, is
used by regulated industries as a framework for ensuring
data integrity, and is key to Good Documentation Practice
(GDP).
• ALCOA relates to data, whether paper or electronic, and is
defined by US FDA guidance as Attributable, Legible,
Contemporaneous, Original and Accurate.
• These simple principles should be part of your data life
cycle, GDP and data integrity initiatives.
• Data integrity and access control issues featured heavily
within the warning letters issued by the FDA in 2015 so here
is a timely refresh on the fundamentals.
What is ALCOA?
6. All data generated or collected must be attributable to the person
generating the data.
This should include who performed an action and when.
This can be recorded manually by initialing and dating a paper
record or by audit trail in an electronic system.
For example:
During a validation exercise, test results should be initialed
and dated by the person executing the test.
Adjustment of a set point on a process or monitoring system should be
made by an authorized user and the details of the change logged in an
audit trail.
A correction on a lab record should be initialed and dated to show when
and who made the adjustment.
• Note: It is important to ensure a signature log is maintained to
identify the signatures, initials and/or aliases of people completing
paper records.
Attributable
7. All data recorded must be legible (readable) and permanent.
Ensuring records are readable and permanent assists with
its accessibility throughout the data lifecycle.
This includes the storage of human-readable metadata that
may be recorded to support an electronic record.
For example:
GDP will always promote the use of indelible ink when
completing records.
When making corrections to a record, ensure a single line is
used to strike out the old record. This ensures the record is still
legible.
Controlling your paper records/forms and formatting them
such that there is ample room for the information to be
recorded.
Legible
8. Contemporaneous means to record the result, measurement or
data at the time the work is performed.
Date and time stamps should flow in order of execution for the
data to be credible.
Data should never be back dated.
For example:
If executing a validation protocol, tests should be performed and their
results recorded as they happen on the approved protocol.
Data that is logged, or testing that is performed electronically, should
have a date/time stamp attached to the record.
Ensure electronic systems that log data have their system clocks
synchronized.
Consider the use of a master clock system that synchronizes to the IT
network so wall clocks within labs and processing areas are
synchronized.
Contemporaneous
9. Original data, sometimes referred to as source data or primary
data, is the medium in which the data point is recorded for the
first time.
This could be a database, an approved protocol or form, or a
dedicated notebook.
It is important to understand where your original data will be
generated so that its content and meaning are preserved.
For example:
Ensure validation test results are recorded on the approved protocol.
Recording results in a notebook for transcription later can introduce
errors.
If your original data is hand written and needs to be stored
electronically, ensure a “true copy” is generated, the copy is verified
for completeness and then migrated into the electronic system.
Original
10. For data and records to be accurate, they should be free
from errors, complete, truthful and reflective of the
observation. Editing should not be performed without
documenting and annotating the amendments.
For example:
Use a witness check for critical record collection to confirm
accuracy of data.
Consider how to capture data electronically and verify its
accuracy. Build accuracy checks into the design of the
electronic system.
Place controls/verification on manual data entry, for
example, temperature results can only be entered within a
predefined range of 0-100°C.
Accurate
11. FDA’s Top Data Integrity Issues Found During
Inspections:
Data integrity is the common issue that is found during the
FDA inspections.
When FDA finds any invalid or unreliable data during
inspection, it is considered by FDA that the quality of the
products manufactured in such a manufacturing facility
cannot be good.
FDA issues warning letter when the violation of 21 CFR
part 11 is found during inspection.
Following are the common data integrity issues observed
by FDA during their inspections:
Data Integrity Issues
12. Alteration or manipulation of original data to obtain
the passing results for any manufactured product is
very common issue found in quality control
laboratories.
The analyst may use fluid or whitener to hide the
original results.
These methods of correction are against the GMP
and GDP regulations.
1- Data Manipulation
13. During the HPLC and GC analysis any sample is run
multiple times to get the passing results.
Some analysts delete the data files of these multiple
runs.
This issue is found in many Indian pharmaceutical
companies.
2. Multiple Sample Runs
14. Generally back dating is done in stability analysis.
Samples are run on HPLC in backdate by changing
date in computer system because of various
regions such as unavailability of the HPLC system
or manpower.
Back dating is considered as a serious issue by
FDA.
3. Back Dated Documentation
15. Some analysts in quality control have rights to
access the analytical data and they can edit or
delete it. It is unacceptable to the FDA because
analyst can alter the results of the analyzed
products.
Access rights to delete data should be given to the
data reviewer only. Results of any faulty batch or
reanalysis must not be deleted from the system.
Analysts should also not have the rights to change
the system date and time.
Electronic raw data of all analyzed samples must be
archived and available on demand.
4.Unauthorized Data Access
16. When any activity is done on any instrument and
it is not recorded in the instrument logbook or
timing mismatch on different instruments such as
balance and HPLC logbooks.
FDA considers that activity is not done actually
and fake report is prepared.
5. Logbook Recording
17. When any activity or analysis is not done and the
data or results of previous batch are filled instead of
the actual analysis.
Some analysts does it very fairly by coping
electronic data file of previous batch, rename it
with new batch number and use this data
calculating the results for new batch.
6. Data Copying
18. In some companies FDA found that they do not
have the facility of data backup and restore .
FDA says that all electronic data should be
secured and backup should be taken periodically.
Backup data should not be stored in computer
connected with the instrument but it should be
stored on server to make it secure.
Data can be stored in the form of CDs or DVDs
to make it more secure.
7- Backup of Data:
19. In some companies audit trail function is found
in some instruments like HPLC, GC,
Spectrophotometer etc. but remains disable.
Audit trail must be active in all instruments those
generates electronic data.
8- Audit Trail
20. It is seen in many quality control laboratories
that some analysts share their login IDs with
other analysts.
It mixes the work done by the analysts and the
analysis done by the individual analyst cannot
be identified.
FDA doesn’t allow it.
9- Sharing Login IDs
21. How To Plan For a GMP Audit?
Analysts should not do above mistakes during the
recording and reporting the analysis results and the
supervisors and reviewers should focus on these
data integrity issues during their supervision and
review of documents.
Most of the data integrity issues found during FDA
inspections are related to the HPLC analysis and its
documentation therefore, it should be reviewed
carefully.
Planning For Audit
22. What is meant by Raw Data in Our Industry ?
(FDA CFR 58 - GLPs)
Raw data means any laboratory worksheets, records,
memoranda, notes, or exact copies thereof, that are the result of
original observations and activities of a nonclinical laboratory
study and are necessary for the reconstruction and evaluation of
the report of that study.
In the event that exact transcripts of raw data have been
prepared (e.g., tapes which have been transcribed verbatim,
dated, and verified accurate by signature), the exact copy or
exact transcript may be substituted for the original source as raw
data.
Raw data may include photographs, microfilm or microfiche
copies, computer printouts, magnetic media, including dictated
observations, and recorded data from automated instruments.
Definition of Raw Data
23. Data
Integrity
Question Comment
A
Paper Records:
Does your company maintain a signature log for
employees that work in GxP areas?
Are staff trained in Good Documentation Practices
outlining that GxP records must be initialed and dated?
Is the use of scribes prevalent in your company?
Are digital images of a person's handwritten signature
permitted at your company?
Electronic Records:
Does the system use unique user logins with electronic
signatures?
Are there audit trials in place recording the identity of
operators entering, changing, confirming or deleting data?
Checklist
24. Data
Integrity
Question Comment
Does the system identify and record the person
releasing or certifying the batches? Is an electronic
signature used?
Are staff trained on the fundamentals of data
integrity which emphasizes never to disclose their
username or passwords with other staff?
L
Paper Records:
Are controls in place to ensure data is recorded using
permanent, indelible ink?
Is the use of correction fluid, pencils and erasures
prohibited?
Is there controlled issuance of bound, paginated
notebooks for GMP activities?
Checklist
25. Data
Integrity
Question Comment
Are archiving of paper records performed by an
independent, designated archivist?
Are operators trained to use single-line cross outs
accompanied by an initial and date when recording
changes to a record?
Electronic Records:
Is your stored data checked periodically for readability?
Are audit trails convertible to a generally intelligible
form?
Can general users switch off the audit trail?
Is archived data checked periodically for readability?
Is data backed up in a manner permitting reconstruction
of an activity?
Checklist
26. Data
Integrity
Question Comment
C
Paper Records:
Are staff trained in Good Documentation Practices
emphasizing the importance of recording data entries at
the time of activity?
Are staff trained in Good Documentation Practices
emphasizing that it is improper to back date or forward
date a record?
Electronic Records:
Does your system automatically generate a timestamp
when data is entered?
Do electronic signatures contain an automatically
generated timestamp?
Are users able to change the timestamps applied to
records?
Checklist
27. Data
Integrity
Question Comment
Are general users able to gain access and change the
system clock or timezone settings?
Is data saved to unauthorised storage locations such as
USB sticks?
Are there sufficient availability of user terminals at the
location where a GxP activity takes place?
O
Paper Records:
Are sticky notes or other unofficial notepads permitted in
GMP areas of the facility?
Are qualification/validation activities performed on
original pre- approved protocols?
Is there a controlled and secure area for archiving of
records?
Checklist
28. Data
Integrity
Question Comment
Are original records readily available for inspection?
Electronic Records:
Is it possible to print out batch release records, showing
any data that has been changed since the original entry?
Are your electronic signatures permanently linked to their
respective record?
Does the person processing the data have the ability to
influence what data is reported or how it is presented?
What data is reported or how it is presented?
Does the system prevent deletion of original data?
Is it possible to take screenshots and use snipping tools to
manipulate data?
Is metadata periodically reviewed?
Checklist
29. Data
Integrity
Question Comment
A
Paper Records:
Are forms, logbooks and notebooks formatted to easily
allow for the entry of correct data?
Are procedures in place to independently review original
paper records?
Are deviations and out-of-specification results
investigated?
Are laboratory instruments calibrated and maintained?
Are secondary checks performed to check the accuracy of
critical data?
Are staff pressured into meeting production targets,
leading to compromised accuracy of records?
Checklist
30. Data
Integrity
Question Comment
Electronic Records:
Do interfaces contain built-in checks for the correct and
secure entry and processing of data?
Does your system perform a check on the accuracy of
critical data and configurations?
Are systems periodically reviewed?
Are interfaces validated to demonstrate security and no
corruption of data?
Is archived data protected against unauthorized
amendment?
Checklist