What is Data Integrity?

12 ways to reduce data integrity risk

by Dvorah Finestone | March 8, 2017

Data integrity has become a serious issue over the past few years and therefore is a core focus of many enterprises. The FDA published a Data Integrity Guidance Document outlining compliance with CGMP that addresses the role of data integrity for industry. The document is a result of the FDA increasingly observing violations involving data integrity during inspections. These violations have led to FDA warning letters, import alerts, and consent decrees. The guidance document answers integrity questions and strives to clarify what the FDA expects from businesses.

What is data integrity?

It is important to understand what data integrity really means in order to be compliant. Data integrity refers to the fact that data must be reliable and accurate over its entire lifecycle. The FDA uses the acronym ALCOA to define data integrity standards and to relate to good manufacturing practices.

Data is expected to be:

  1. Attributable – Data should clearly demonstrate who observed and recorded it, when it was observed and recorded, and who it is about.
  2. Legible – Data should be easy to understand, recorded permanently and original entries should be preserved.
  3. Contemporaneous – Data should be recorded as it was observed, and at the time it was executed.
  4. Original – Source data should be accessible and preserved in its original form.
  5. Accurate – Data should be free from errors, and conform with the protocol.

Tweet: “Data is expected to be: attributable, legible, contemporaneous, original, and accurate. #dataintegrity #GlobalVision” Tweet: Data is expected to be: attributable, legible, contemporaneous, original, and accurate. #dataintegrity #GlobalVision


Implementing a Quality Management System? Download our checklist. 


How can data integrity risks be minimized?

In today’s marketplace, companies need to feel confident that there is no loss of quality when using computer systems. To this, there are effective strategies that companies may implement to manage their data integrity risks and ensure their data respects the ALCOA principle. By moving from a reactive to a proactive way of thinking, the following key requirements and controls may be put in place to ensure data integrity and minimize risk for your organization.

1. Ensure all computer systems are 21 CFR Part 11 compliant

21 CFR Part 11 is an FDA regulation that applies to electronic records. It is required to ensure that electronic records are trustworthy, reliable and equivalent to paper records. All computer systems that store data used to make quality decisions must be compliant, making it a perfect place to start with data integrity.

2. Follow a software development lifecycle

A Software Development lifecycle methodology helps oversee that quality related tasks are performed to address pertinent lifecycle phases from software development, software testing, integration and installation to ongoing system maintenance. All computer systems should be appropriately developed, qualified, tested and assessed on a regular basis.

3. Validate your computer systems

Software Validation provides documented evidence to deliver assurance that a specific process consistently produces a product that meets its pre-determined specifications and quality attributes. To ensure your system can be validated, it is key to work with vendors that provide validation.

4. Implement audit trails

A secure, computer-generated, time-stamped audit trail records the identity, date and time of data entries, changes, and deletions. Audit trails ensure the trustworthiness of the electronic record, demonstrate necessary data ownership and assure records have not been modified or deleted.

5. Implement error detection software

Automated inspection software can help verify important documents to ensure their accuracy. Manual proofreading or inspections are proven to be inefficient and often cannot assure that files are error-free.

6. Secure your records with limited system access

All systems should require a login with at least two unique pieces of information and provide access only to required individuals to guarantee data integrity.

7. Maintain backup and recovery procedures

A Quality Management System with Standard Operating Procedures builds quality into the process by systematically controlling the process. It is essential to write and follow good effective procedures to ensure clear accountability.

8. Design a Quality Management System with SOPs and logical controls

A Quality Management System with Standard Operating Procedures builds quality into the process by systematically controlling the process. It is essential to write and follow good effective procedures to ensure clear accountability.

9. Protect the physical and logical security of systems

Controls are needed to protect the physical and logical security of your systems, change management, service management and system continuity. This will assure continuous development for your organization and support of systems.

10. Establish a vendor management qualification program

It is important to evaluate all vendors supplying products to certify that the products are quality products that meet needs (such as validation services). A continuous appraisal is required following the initial evaluation. Often asking what data integrity procedures your vendors have in place will help with your own organization’s data integrity practices.

11. Properly train users and maintain training records

Users should be properly trained so that they have the right education and expertise to perform their job competently. Documented training records provide this proof.

12. Conduct Internal Audits to evaluate controls and procedures

Internal Audits ensure that all procedures are followed and that continuous improvement is emphasized.

Data integrity success

If you are reading this article, you are most probably aware of how important it is to ensure your data is not compromised. The impact of dangerous data can have resounding consequences on any organization no matter the size. However, if data integrity is thought of as a process, the data infrastructure can become an asset instead of a liability.