Data Integrity Checklist
Summary
Significance of Data Integrity
Data integrity ensures that analytical results are complete, consistent, accurate, trustworthy, and maintained throughout their lifecycle. In regulated pharmaceutical environments, reliable data underpins product quality and patient safety, guiding decisions from method validation to batch release. Breaches in data integrity can compromise records, undermine compliance with Good Laboratory Practices and GMP regulations, and lead to regulatory actions or product recalls.
Study Objectives and Overview
This article reviews best practices and provides a compliance checklist based on the ALCOA+ principles defined by regulatory bodies. It aims to equip laboratories with practical measures to assess and strengthen their data integrity controls in both paper-based and electronic systems.
Methodology and Instrumentation
Methodology:
- The ALCOA+ framework (Attributable, Legible, Contemporaneous, Original, Accurate, Complete, Consistent, Enduring, Available) was used as the compliance benchmark.
- A structured checklist covering 75 control points across paper and electronic records was compiled to evaluate current practices and identify gaps.
Used Instrumentation:
- Agilent 3500 UV-Vis Spectrophotometer
- Agilent OpenLab software suite
Main Findings and Discussion
- Paper-based Systems: Common shortcomings include inadequate signature controls, inconsistent archival procedures, and improper use of correction methods, risking loss of original entries and traceability gaps.
- Electronic Systems: Key vulnerabilities involve shared or visible logins, lack of audit trails, insufficient metadata management, and local storage of raw data prone to unauthorized modification.
- Regulatory Examples: An FDA warning highlighted manipulated chromatograms with deleted peaks, demonstrating the high risk of undetected data tampering when controls are weak.
- Instrument Integration: Networking instruments and deploying software with built-in access controls, audit trails, and automated timestamping significantly enhance data security.
Benefits and Practical Applications
- Implementing ALCOA+ aligned procedures improves record accuracy and regulatory compliance, reducing the risk of inspection findings.
- Bound notebooks, controlled archival, and strict correction protocols preserve the chain of custody for paper records.
- Validated electronic systems with unique user accounts, role-based permissions, and audit trails ensure traceability and deter unauthorized changes.
- Periodic reviews and disaster recovery testing safeguard data availability and readability over time.
Future Trends and Opportunities
Analytical laboratories are moving towards fully integrated digital ecosystems with LIMS connectivity, cloud-based data storage, and advanced blockchain solutions for immutable audit trails. Artificial intelligence and machine learning tools will enable proactive anomaly detection, while standardized electronic protocols will further harmonize compliance across global sites.
Conclusion
Adopting a comprehensive data integrity framework based on ALCOA+ principles is essential for maintaining high-quality pharmaceutical analysis. By addressing both paper and electronic system challenges through robust policies, training, and modern instrumentation, laboratories can safeguard data integrity, ensure regulatory compliance, and protect patient safety.
Reference
- Pharmaceutical Inspection Co-operation Scheme. Good Practices For Data Management And Integrity In Regulated GMP/GDP Environments, July 2021.
Content was automatically generated from an orignal PDF document using AI and may contain inaccuracies.
Data Integrity Checklist
2
Data Integrity is defined as “the degree to which data are
complete, consistent, accurate, trustworthy, and reliable
and that these characteristics of the data are maintained
throughout the data life cycle”. Data integrity is a
fundamental requirement for an effective Pharmaceutical
Quality System that ensures medicines are of the required
quality. Poor data integrity practices and vulnerabilities
undermine the quality of records and evidence and may
ultimately undermine the quality of medicinal products (1).
The ALCOA principles for data integrity originated from the US Food
and Drug Administration’s (FDA) Code of Federal Regulation for Good
Laboratory Practice (GLP). These principles have since been expanded and
renamed ALCOA+. A summary of the ALCOA+ principles is shown in the
table, following. Detailed descriptions can be found in the Pharmaceutical
Inspection Co-operation Scheme’s (PIC/S) guidance on Good Practices For
Data Management And Integrity In Regulated GMP/GDP Environments (1).
ALCOA+ principles for data integrity
A Attributable
The person collecting the data can be identified
L Legible
Data must be readable and permanent
C Contemporaneous Data must be recorded at the time it was generated
O Original
Data is the source or primary data, not a copy
A Accurate
Data is truthful
C Complete
All required data is included in the record
C Consistent
Data is recorded and presented in the same format, in chronological
order where relevant
E Enduring
Data is maintained for its entire required retention period
A Available
Data is accessible in a readable format during its retention period
Checklist
Use the checklist, following, to determine your level of compliance with
ALCOA+ principles. This checklist is not exhaustive. You should also have
systems and resources in place to determine your level of compliance with
the data integrity requirements of the current good manufacturing practices
(cGMPs) under which your facility operates.
3
Confirmed Notes
1. Does your company maintain a signature log for employees that
work in GxP areas?
2. Are employees trained in Good Documentation Practices outlining
that GxP records must be initialed and dated?
3. Is the use of scribes prevalent in your company?
4. When making a nonstandard entry (eg, empty field, changes to data),
is a reason provided, along with the date and user’s initials?
5. Is data always recorded by the person generating or witnessing it –
not someone they’ve asked to do it for them?
6. Are digital images of a person's handwritten signature permitted at
your company?
7. Are controls in place to ensure data is recorded using permanent,
blue, or black indelible ink?
8. Is the use of correction fluid, pencils, and erasures prohibited?
9. Is original data still readable when a correction has been applied?
Paper-based systems
4
Confirmed Notes
10. Is there controlled issuance of bound, paginated notebooks for
GMP activities?
11. Are archiving of paper records performed by an independent,
designated archivist?
12. Are operators trained to use single-line crossouts accompanied by
an initial and date when recording changes to a record?
13. Are direct-printed paper records from equipment such as balances
signed and dated? Do they include a reference to the sample ID or
batch number?
14. Are employees trained in Good Documentation Practices
emphasizing the importance of recording data entries at the time
of activity?
15. Are employees trained in Good Documentation Practices
emphasizing that it is wrong to backdate or forward date a record?
16. Are sticky notes or other unofficial notepads permitted in GMP areas
of the facility?
17. Are qualification/validation activities performed on original
pre-approved protocols?
18. Is there a controlled and secure area for archiving records?
19. Are original records readily available for inspection?
20. Are forms, logbooks, and notebooks formatted to easily allow for the
entry of correct data?
5
Confirmed Notes
21. Are copies of printouts (e.g. of thermo-paper records) marked as
‘copies’ when attached to records?
22. Are copies of original paper records controlled during their life cycle
to ensure they are maintained as ‘true copies’?
23. Are procedures in place to independently review original paper
records?
24. Is data generated always recorded as it is found – even if it’s not
expected or is out of specification?
25. Are deviations and out-of-specification results investigated?
26. Are there policies and procedures in place to guide employees
in reporting a data integrity breach? E.g., a Whistleblower policy.
Are they encouraged to do so?
27. Is data reported to the same number of decimal places as the
specification or test methods indicate?
28. Is a single result averaged from two or more data points
recorded to one decimal place more than the specification to
ensure overall accuracy?
29. Is rounding done only on the final calculation result,
not intermediate results?
30. Are laboratory instruments calibrated and maintained at
appropriate frequency?
31. Is data always recorded in the required format? E.g., using the
correct units and significant figures
6
Confirmed Notes
32. Are secondary checks performed to check the accuracy of
critical data?
33. Are employees pressured or incentivized for meeting production
targets, leading to compromised accuracy of records?
34. Are there regular internal audits that include checking data integrity?
35. Is there a retention policy and archiving procedure for paper records?
7
Electronic systems
Confirmed Notes
36. Have you done a risk assessment of the data generated within your
laboratory to determine which instruments/systems represent the
greatest risk to patient safety if the data integrity was compromised?
37. Are data integrity requirements included in user requirements
specifications when purchasing equipment?
38. Have all your laboratory instruments been validated to ensure the
accuracy and reliability of the data?
39. Does the system use unique user logins with electronic signatures?
40. Do your critical computerized systems support different user
access levels (roles)?
41. Are employees trained on the fundamentals of data integrity which
requires them to never disclose their username or passwords to
other employees?
42. Is the same login used by multiple employees, or are the ID
and password written down and visible (e.g. on a sticky note)
at a computer?
43. Do your critical computerized systems have an inactivity logout?
44. Are there audit trials in place recording the identity of operators
entering, changing, confirming, or deleting data?
8
Confirmed Notes
45. Does the system identify and record the person releasing or
certifying the batches? Is an electronic signature used?
46. Is your stored data checked periodically for readability?
47. Has your organization tested their disaster recovery plan in terms of
retrieving electronic data records, e.g., could you retrieve laboratory
data after a cyberattack?
48. Are audit trails convertible to an intelligible form?
49. Can general users switch off the audit trail?
50. Is archived data checked periodically for readability?
51. Is data backed up in a manner permitting reconstruction of
an activity?
52. Is your stored data checked periodically for readability?
53. Does your system automatically generate a timestamp when
data is entered?
54. Do electronic signatures contain an automatically generated
timestamp?
55. Are users able to change the timestamps applied to records?
9
Confirmed Notes
56. Are general users able to gain access and change the system clock
or time zone settings?
57. Do all your systems use a secure database to store data?
58. Is data saved to unauthorized storage locations such as USB sticks?
59. Is there sufficient availability of user terminals at the location where
a GxP activity takes place?
60. Is it possible to print batch release records showing any data that
has been changed since the original entry?
61. Are your electronic signatures permanently linked to their
respective record?
62. Is the person processing the data able to influence what data is
reported or how it is presented?
63. Does the system prevent the deletion of original data?
64. Is it possible to take screenshots and use snipping tools to
manipulate data?
65. Is metadata periodically reviewed?
66. Do you have a process in place for the secondary review of data
critical to product quality? E.g., an electronic workflow that includes a
review by a second analyst.
10
References
1. Good Practices For Data Management And Integrity In Regulated GMP/GDP Environments, Pharmaceutical Inspection Co-Operation Scheme, July 2021.
Confirmed Notes
67. If you are using paper or PDF reports as a data record, could you
reconstruct the raw data set from electronic records at a future
date? Data sets include all the records of analysis such as raw data,
metadata, relevant audit trail and result files, software/system
configuration settings specific to each analytical run, and all data
processing runs (including methods and audit trails).
68. Do interfaces contain built-in checks for the correct and secure entry
and processing of data?
69. Do your systems perform a check on the accuracy of critical data
and configurations?
70. Is a final, averaged result rounded to the same number of decimal
places as the specification? Averaging should not be used to hide
variability in the data spread, e.g., all replicate results should meet
the specification results.
71. Are systems periodically reviewed?
72. Are computerized systems validated to demonstrate security and
incorruptibility of data?
73. Is archived data protected against unauthorized amendment?
74. Do you have a data quality team (or responsible person) in your
lab that works together to conduct/support investigations, identify
system gaps, and drive the implementation of improvements?
75. Is there a policy governing how long electronic records are kept?
11
An FDA warning letter issued to an API manufacturer details failures by
the manufacturer to prevent unauthorized access or changes to data.
The letter also describes failures to have adequate controls to prevent
manipulation and omission of data. It states: “Multiple analysts,
testing multiple drugs, deleted unknown peaks without justification.
These manipulations made the drugs appear to meet their specifications.
Of concern, one of these unknown peaks was for a residual solvent
known to be a genotoxic impurity”.
Agilent GxP experts report the several problems they commonly observe in
regulated labs:
– Molecular spectroscopy testing is not considered a GxP activity
– Old hardware and software are used with no alternative available if they
fail – potentially impacting product release
– Instruments not networked, on old operating systems and using old
versions of instrument software that offer limited data integtrity controls
– Electronic raw data stored on the local PC and can be accessed via the
operating system, permitting deletion or manipulation
The Agilent 3500 UV-Vis spectrophotometer is compatible with the Agilent
OpenLab software suite of products. OpenLab provides technical controls
to protect data integrity in regulated laboratories. The 3500 instrument has
minimal moving parts and removes common sources of error in UV-Vis
measurements, giving you greater confidence in your data.
Learn more at www.agilent.com/chem/cary3500uv-vis
When data integrity controls fail
Common problems with molecular spectroscopy
in regulated laboratories
Footnote: This document is the copyright of
GMP consultants PharmOut Pty Ltd.
© PharmOut Pty Ltd. Reproduced with Permission,
www.pharmout.net
DE44481.889849537
Published in the USA, October 14, 2021
5994-3874EN
Learn more:
www.agilent.com/chem/networked-uv-vis
Buy online:
www.agilent.com/chem/store
Get answers to your technical questions and
access resources in the Agilent Community:
community.agilent.com
U.S. and Canada
1-800-227-9770
[email protected]
Europe
[email protected]
Asia Pacific
[email protected]
Document Outline
Similar PDF
Key words
Key words
Key words
