ALCOA+ defines the minimum standard for regulated data quality in pharmaceutical manufacturing. Data integrity failures are among the most common findings in FDA warning letters and EU GMP non-compliance reports. This guide translates ALCOA+ principles into concrete system design and operational decisions.
ALCOA+ principles in digital systems
Attributable (user identity on every record), Legible (readable for lifetime of the record), Contemporaneous (recorded at time of activity, not retrospectively), Original (raw data preserved, not overwritten), Accurate (correct value captured). Plus: Complete (no gaps), Consistent (time-synchronised), Enduring (retention for regulatory period), Available (accessible during inspection).
Common data integrity failure modes
Frequent FDA warning letter findings include: shared user accounts preventing attribution, manual backdating of entries, unapproved raw data deletion, use of calculated values without audit trail, and time desynchronisation between instruments and servers. System configuration must actively prevent these failure modes, not rely on procedures alone.
Data integrity audit and remediation
A data integrity assessment reviews: access control segregation, audit trail configuration and scope, time synchronisation policy, data backup and recovery procedures, exception review frequency, and deviation handling for data quality events. Remediation typically requires configuration changes, retraining, and a data integrity risk assessment submitted to QA.
How to use this page
Use this ALCOA+ Data Integrity for Pharma page as a planning checkpoint before vendor selection, architecture review, validation scoping or implementation sequencing. The strongest next step is to compare the guidance with your current SOPs, system inventory, batch records, data flows and QA review routines so the discussion starts from evidence instead of assumptions.
Evidence to prepare
For ALCOA+ Data Integrity for Pharma, prepare the records, owners, risks and decision criteria linked to alcoa+ principles in digital systems, common data integrity failure modes, data integrity audit and remediation. Useful evidence includes current process maps, interface lists, audit trail expectations, exception workflows, data retention rules and the business reason for changing the current operating model.
Frequently asked questions
What does ALCOA+ mean in the context of pharmaceutical data integrity?
ALCOA+ is the framework of data quality attributes defined by regulatory authorities as the minimum standard for GMP data: Attributable (identified to person or system), Legible (readable for lifetime), Contemporaneous (recorded at time of activity), Original (first capture preserved), Accurate (correct values). The "+" attributes add Complete, Consistent, Enduring and Available. Every GxP record — batch production record, LIMS result, MES process value — must meet all ALCOA+ criteria.
Which FDA regulations and EU GMP guidelines address data integrity?
For FDA: 21 CFR Part 11 (electronic records), 21 CFR 211.68 (automated systems in drug manufacturing), and FDA's 2018 Data Integrity and Compliance With Drug CGMP Guidance. For EU GMP: Annex 11 (computerised systems) and EMA's 2016 Reflection Paper on Data Integrity. Both frameworks have the same underlying intent: ensure that GMP records accurately represent what actually happened during manufacturing and testing.
How should audit trails be reviewed for ALCOA+ compliance?
Audit trail review should be periodic (at minimum as part of batch release), role-specific (QA reviews batch record audit trails; IT reviews system configuration changes), and documented (review records must themselves be audit-trailed). Reviewers check for: unexplained changes to GxP values, deletions or re-entries without justification, access by unauthorised users, time discrepancies between instruments and servers, and any audit trail gaps that could indicate circumvention. Exceptions must be investigated and documented as deviations.