09.05.2017 |

LOGFILE No. 18/2017 – Data Integrity is a Must!

Data Integrity is a Must!

5 min. reading time

A contribution from Thomas Peither

In the last twelve months six agencies have published documents regarding data integrity. Have you already considered the impact for your company? Or do you view these developments as „old wine in new skins“ and wait and see what happens? This article provides commentary on the current state of the discussion.

Consider the following situation: your company must prepare its commercial balance sheet without being sure that the numbers are actually correct. Your bookkeeper tells you that he or she cannot be sure whether all the receipts have been booked. Furthermore, he or she knows about receipts, for example revenue volumes, where the numbers don’t really match up. Whether the totals are too high or too low he or she cannot say. In the warehouse it is not clear how much product is actually in stock. Furthermore, you find out that some of the bookkeeping employees are not working dependably, and some of them don’t even possess basic math skills.
I can hardly imagine that this situation would be tolerated. The tax auditors would report this to the attorney general and a criminal suit against the general manager would be evaluated for falsifying the balance sheets and tax evasion.

What does this story have to do with data integrity? Alas, what is the basis for release of a batch? An massive collection of data, notes and documents are the foundation for releasing every batch. Each Qualified Person (QP) makes the market release decision based on data and figures. If the QP cannot trust the data, figures or documents he or she cannot release the batch. It is not only a financial loss to be concerned about in case of doubt, but also a risk to patients’ health!

And now put yourself in the position of the QP, perhaps you serve in this role: what would you do if you saw that a protocol was not accurate or contained errors? Would you release the batch anyway?
As a QP do you understand the data processes established in the IT systems and have you checked these or had these checked by reliable experts? Are you sure that all the data, documents and recordings are absolutely reliable? If not, would you decide in doubt for the patient’s wellbeing or for the management and owners of the company?

Obviously the regulatory agencies are behind the times regarding data integrity. In the last 12 months the following agencies have come out with more or less comprehensive documents on data integrity: MHRA (UK), FDA (USA), EMA (Europe), CFDA (China), PIC/S and WHO. Thus, every pharmaceutical production site is impacted by this topic. There are still many who are of the opinion that this only affects software and computer systems. Unfortunately, This is a misinterpretation.

In the WHO Guidance on Good Data and Record Management data integrity is defined as follows:

„Data integrity is the degree to which a collection of data is complete, consistent and accurate throughout the data lifecycle. The collected data should be attributable, legible, contemporaneously recorded, original or a true copy, and accurate.“

This definition includes no mention of IT systems, software or computerized systems. At LOUNGES 2017(1) we spoke with agency representatives about data integrity. Their positions are clear, just as it is described in the WHO Guidance: „Data integrity is equally applicable to both paper and electronic data!“

Critical Areas for Data Integrity

Recent FDA Warning Letters also refer to this issue. FDAnews, our publishing partner in the USA recently described the developments in its document „Top Ten Data Integrity Traps – How to Find and Fix Problems“ (2) including tips on how to implement improvements.

The top ten areas are named in which data integrity problems most often arise:

1. Quality culture
2. Personnel
3. Batch documentation
4. Document review
5. Electronic data systems
6. Analytical documentation
7. Laboratory controls
8. Laboratory equipment
9. Materials management
10. Production areas

The most common issues are not to be found in IT but in all the critical areas of the company. A bundle of measures to improve data integrity has to be comprehensive and include all these areas in the company.

What ALCOA stands for

At the 2016 GMP MANUAL Conference we discussed this in great detail with customers, agency representatives and authors. Many of the participants recommended following the catch phrase principle in The ALCOA Principle, which is described in detail in the WHO Guidance(3), Section 9 Good Documentation Practices. This section explicitly states that these principles apply for all types of documentation.

„Personnel should follow GDP for both paper records and electronic records.“ (WHO Section 9)

The detailed description of the abbreviation ALCOA according to the WHO (Section 9) is given in Table 1.


Furthermore, the WHO states that this principle can be augmented according to ALCOA plus Principles (see Table 2). When considering the „Plus Principles“ in detail, one can see that these basically refer back to the ALCOA Principles. ALCOA plus can be understood as a further interpretation of the matter, as discussed at the GMP MANUAL Conference. One can also see that the audit trail plays a central role in the „Plus Principles“. We focussed on this aspect at LOUNGES 2017 during multiple GMP talks with Dr. Petra Rempe, a GMP inspector at the agency regional office in Münster. The result which crystallized from the talk was that an audit trail is a critical document for evaluating integrity of a computer system. Everyone who is involved in the release of drug product batches should perform an audit trail check. If he or she delegates the task, then requirements must be defined. That it is not permitted for audit trails to be modified is self-evident.


The WHO Guidelines was praised by the participants in the discourse as a very helpful resource in the current discussion in the industry.

What’s New with Data Integrity?

If you’re asking yourself whether this is all really new, then you are in good company. These requirements have been in place in the EU GMP Guidelines, the annexes and other regulations for many years if not decades.

Where is the hype about data integrity coming from all the sudden? Perhaps a new catchword has been found which covers all the problems with documents, training, data correctness, etc. in one. Perhaps it is the sum of the most prominent problems which have been identified in recent inspections. And maybe it is a result of the current discussions regarding quality culture which is hard to put a handle on. Even if it is a question of „old wine in new skins“ we in the industry should not waste the opportunity to challenge and to check our systems. And we can ask ourselves these questions in the process:

  • Are we compliant with the ALCOA Principles in our daily work?
  • Do we meet the requirements in the WHO Guidelines?
  • Where do we have problems or deviations regarding data integrity?
  • Which employees have difficulties with implementation?
  • Do we live by the principles of a comprehensive quality culture?
  • Is quality a critical factor for the company’s decision processes?


The introductory example cannot happen to a company, since the practice of double entry bookkeeping has been in place for over 500 years. This helps identify deviations and calculation errors systematically. Not until all mistakes have been corrected do the passive and active or debit and credit columns match. When balances are in error this means they have been willfully manipulated. There is no chance in bookkeeping. This is also the reason why bookkeepers are known for their long searches for the missing cent. After all, it’s not good enough until everything is completely correct.

In the area of quality it is not any different. We do not have a system to recognize all mistakes. We are dependent upon the cooperation and attention of all employees. Everyone must be on there feet and have quality on their mind to ensure that the right quality is delivered. The patients trust that the quality of the medicines is without compromise. This is the only way to that medicines can achieve the effect which they promise.

It is our duty as manufacturers of medicines to fulfill the trust placed in us! Data integrity is a cornerstone of the supply structure. Without complete, consistent, correct, reliable and dependable data or documents the effort is for naught and the batch cannot be released to market. Only in this manner can we fulfill our purpose and protect the health of patients!


(1) LOUNGES 2017, 31 Jan - 02 Feb 2017, Stuttgart, Germany

(2) Top Ten Data Integrity Traps - How to Find and Fix Problems, FDAnews, 2016, available at Maas & Peither - GMP Verlag, https://www.gmp-verlag.de/de/englische-gmp-produkte/top-ten-data-integrity-traps.html

(3) WHO Guidelines for Good Data and Record Management Practices, Technical Report Series, No. 996 (2016), Annex 5 (Chapter H.17 in your GMP MANUAL)



Thomas Peither
Maas & Peither AG GMP Publishing
Schopfheim, Germany
E-Mail: thomas.peither@gmp-publishing.com