What is Data Integrity In Pharmaceutical Industry…???

What is Data Integrity In Pharmaceutical Industry…???

MHRA says,”The way regulatory data is generated has continued to evolve in line with the ongoing development of supporting technologies such as the increasing use of electronic data capture, automation of systems and use of remote technologies; and the increased complexity of supply chains and ways of working, for example, via third party service providers. Systems to support these ways of working can range from manual processes with paper records to the use of fully computerized systems. The main purpose of the regulatory requirements remains the same, i.e. having confidence in the quality and the integrity of the data generated (to ensure patient safety and quality of products) and being able to reconstruct activities (Data Integrity).


What is “data integrity”?

For the purposes of this guidance, data integrity refers to the completeness, consistency, and accuracy of data. Complete, consistent, and accurate data should  be attributable, legible, contemporaneously recorded, original or a true copy, and accurate (ALCOA).


As per MHRA

What is “data integrity”?

Data integrity is the degree to which data are complete, consistent, accurate, trustworthy, reliable and that these characteristics of the data are maintained throughout the data life cycle. The data should be collected and maintained in a secure manner, so that they are attributable, legible, contemporaneously recorded, original (or a true copy) and accurate. Assuring data integrity requires appropriate quality and risk management systems, including adherence to sound scientific principles and good documentation practices.

MHRA Defined some principles of Data Integrity as given Below;

  • The organisation needs to take responsibility for the systems used and the data they generate. The organisational culture should ensure data is complete, consistent and accurate in all its forms, i.e. paper and electronic.
  •   Arrangements within an organisation with respect to people, systems and facilities should be designed, operated and, where appropriate, adapted to support a suitable working environment, i.e. creating the right environment to enable data integrity controls to be effective.
  •  The impact of organisational culture, the behaviour driven by performance indicators, objectives and senior management behaviour on the success of data governance measures should not be underestimated. The data governance policy (or equivalent) should be endorsed at the highest levels of the organisation.
  • Organisations are expected to implement, design and operate a documented system that provides an acceptable state of control based on the data integrity risk with supporting rationale. An example of a suitable approach is to perform a data integrity risk assessment (DIRA) where the processes that produce data or where data is obtained are mapped out and each of the formats and their controls are identified and the data criticality and inherent risks documented.
  • Organisations are not expected to implement a forensic approach to data checking on a routine basis. Systems should maintain appropriate levels of control whilst wider data governance measures should ensure that periodic audits can detect opportunities for data integrity failures within the organisation’s systems.
  • The effort and resource applied to assure the integrity of the data should be commensurate with the risk and impact of a data integrity failure to the patient or environment. Collectively these arrangements fulfil the concept of data governance.
  •  Organisations should be aware that reverting from automated or computerised systems to paper-based manual systems or vice-versa will not in itself remove the need for appropriate data integrity controls.
  • Where data integrity weaknesses are identified, companies should ensure that appropriate corrective and preventive actions are implemented across all relevant activities and systems and not in isolation. MHRA GXP Data Integrity Guidance and Definitions; Revision 1: March 2018 Page 5 of 21 3.9 Appropriate notification to regulatory authorities should be made where significant data integrity incidents have been identified.
  • The guidance refers to the acronym ALCOA rather than ‘ALCOA +’. ALCOA being Attributable, Legible, Contemporaneous, Original, and Accurate and the ‘+’ referring to Complete, Consistent, Enduring, and Available. ALCOA was historically regarded as defining the attributes of data quality that are suitable for regulatory purposes. The ‘+’ has been subsequently added to emphasise the requirements. There is no difference in expectations regardless of which acronym is used since data governance measures should ensure that data is complete, consistent, enduring and available throughout the data lifecycle.




ALCOA: Attributable, Legible, Contemporaneously Recorded, Original & Accurate.

Attributable: This should include who performed an action and when.

Legible: All data recorded must be legible (readable) and permanent.

Contemporaneously: Contemporaneous means to record the result, measurement or data at the time the work is performed.

Original: Original data sometimes referred to as source data or primary data is the medium in which the data point is recorded for the first time.

Accurate: For data and records to be accurate, they should be free from errors, complete, truthful and reflective of the observation.

Raw Data: Original record and documentation, retained in format in which they were originally generated (i.e. paper or electronic) or a true copy.

Data Life Cycle: All phases in the life of the data (including raw data) from initial generation and recording through processing (including transformation or migration) use, data retention, archive/retrieval and destruction.

Original Record: Data as the file or format in which it was originally generated, preserving the integrity (accuracy, completeness, content and meaning) of the record, e.g. original paper record of  manual observation, or electronic raw data file from a computerized system.

Audit Trail: The audit trail is an integral requirement of an electronic record, ensuring the validity and integrity of the record and the link between any electronic signature and the record associated with it.

Metadata: A set of data that describes and gives information about other data. It provides information about a certain item’s content.



  • All departments shall be verified during self inspection.
  • Apart from self inspection on line data integrity verification shall be carried out for manufacturing process and laboratory analysis. Same verification shall be documented in Annexures respectively.
  • All Department Head/ his designee, who authorized to conduct Self– Inspection/Internal, shall participate in Data Integrity Verification Process.
  • Data Integrity Verification Schedule is as per
  • Member of Data Integrity Verification Team shall verify or ensure the following but not limited to:
  • Documents should be readily available for review at operational place with all supporting and necessary documents.
  • There are no offline documentation practices, for e.g.
  • pick up any batch record or analytical data or other document and verify that all information recorded contemporaneously.
  • There is no practice of advance dating of document. e.g. pick up any batch record or analytical data or other document and ensure that there is information recorded for activities which are not executed yet.
  • Information and data recorded is permanent and legible.
  • There is no sign of data tampering and altering without proper authorizations. e.g. verify document and ensure that there is no data altered by erasing previous entries.
  • The data is properly supplemented with additional information (Metadata).
  • Signature on records is matching with relevant specimen signature. e.g. Collect few records and check the signature on record versus specimen signature.
  • There is no use of scrap paper for recording of official information before recording data on official records. e.g. Check the work place for any scrap paper. If observed, pick up them and ensure that there is no official information recorded on scrap paper before copying it to official records.
  • There is no overlapping in date & timing when multiple tasks handled by one person. e.g. take multiple document which were executed by one person verify whether there were multiple tasks and entries performed by one person at one particular point of time on the same day.
  • If any multiple tasks performed by one person on the same day with overlapping time, check whether execution of such multiple task by one person practically possible or not.
  • Attendance date & timing of employee are matching with the date & timing of document updated by him/her e.g. collect executed documents and verify the entries (date & time) made by person against his attendance.
  • Microbiology test specimen/plates/tubes are not discarded without recording results. e.g. Collect microbiology testing log books and cross verify with relevant incubator. Ensure that all microbiology test specimen/plates/tube are available as per record.
  • Password protection SOP should be available in the department and User ID should be different for each analyst.
  • Data Backup should be taken periodically and secure and data cannot be deleted.
  • There is no mismatch between saved data and printed data.
  • e.g. Select data logging/storage system such as building management system, data logger, and instrument, equipment’s etc. access the stored/saved data from memory of the instrument and cross check with printed/signed copies of same data.
  • Data Falsification and Data Fabrication. Ensure that there are no such practices.
  • After verification, record the observation (if any) on data integrity checklist.
  • All observation shall be summarized by Head Quality Assurance or his designee.
  • Head QA/designee shall share the observation through checklist to relevant department head.
  • Relevant department shall initiate the investigation followed by impact assessment, corrective and preventive action. All such discrepancies shall be addressed through data integrity checklist Annexure at Auditee response section.
  • Quality assurance shall track implementation of corrective and preventive action. And also quality assurance shall monitor corrective and preventive action for effectiveness (as per relevant site approved procedure).
  • Maximum timeline for the closure shall be 90 days.
  • Data Integrity verification shall be carried out during on line operation of production. Verification shall be carried out and documented in Annexure
  • Data integrity verification shall be carried out for conducted analysis of finished product and Raw materials. Verification shall be carried out and documented in Annexure
  • Verification shall be done for each and every batch of raw material and finished product analysis.


  • Relevant department shall submit checklist (with all supporting document and target completion dates wherever required) to quality assurance.
  • Head QA/designee shall review the response and all supporting documents. If there are any disagreements same shall be communicated to relevant department and re-inspection shall be planned.
  • If any person notice data integrity failures observer shall inform to Quality Assurance telephonically or through e-mail.


Computerised systems. In: The rules governing medicinal products in the European Union. Volume 4: Good manufacturing practice (GMP) guidelines: Annex 11. Brussels: European Commission.
OECD series on principles of good laboratory practice (GLP) and compliance monitoring. Paris: Organisation for Economic Co-operation and Development.
Good Clinical Practice (GCP) ICH E6(R2) November 2016
Guidance on good data and record management practices; World Health Organisation, WHO Technical Report Series, No.996, Annex 5; 2016.
Good Practices For Data Management And Integrity In Regulated GMP/GDP Environments – PIC/S; PI041-1(draft 2); August 2016.
MHRA GMP data integrity definitions and guidance for industry. London: Medicines and Healthcare Products Regulatory Agency; March 2015.
MHRA/HRA DRAFT Guidance on the use of electronic consent.
The Human Medicines Regulations 2012 (Statutory Instrument 2012 No. 1916):
EU Good Pharmacovigilance Practice Modules

2 thoughts on “What is Data Integrity In Pharmaceutical Industry…???”

  1. Hiya, I am really glad I have found this information. Nowadays bloggers publish just about gossips and net and this is really annoying. A good blog with interesting content, this is what I need. Thanks for keeping this website, I will be visiting it.

Leave a Reply