12.09.2017 |

LOGFILE No. 34/2017 – Data Integrity – Old Wine in New Skins? – Part 2

Data Integrity – Old Wine in New Skins?

GMP Talk Between the GMP Inspector Dr. Petra Rempe and Thomas Peither – Part 2

7 minutes reading time

by Sabine Paris, PhD

At the LOUNGES 2017 conferences in Stuttgart, executive editor Thomas Peither spoke with the GMP inspector Dr. Petra Rempe from the regional government in Münster (Germany) during a GMP Talk about the highly topical subject of data integrity. Last week, in LOGFILE 33, you read the first part of the summary of the GMP Talk. Today, in part two, you will learn about the correlation between data integrity and quality culture, about the ALCOA principles, as well as about the definition of an audit trail.

Doesn’t the topic of data integrity correlate strongly with the topic of quality culture within a company?

Data integrity is a part of this quality culture. The procedures are basically the same. The com-pany needs to develop a strategy. The top management has to support it, serve as a role model and to convey the concept to their employees.

The employees need to know that data integrity is important for the quality and safety of the medicines and thus for the safety of patients. This can be achieved by training and by inspecting the system (are my processes still appropriate?) throughout the lifecycle of the medicine.

What is so difficult about quality culture? What makes it difficult to motivate people to maintain quality standards in their daily work?

The strategic orientation of the company plays a major role in this. If the company is more business-oriented and less quality-oriented, some aspects take on a greater priority than others. A signal needs to be sent by the senior leadership that quality is the company’s highest goal. To achieve this certain instruments need to be utilized actively by the employees.

Today industrial automation systems are being used more and more. It must be getting difficult to determine what is impacted by data integrity.

It depends how the data are connected to the higher-level systems. If the data are extracted into these systems and used for trending or continued process verification, for example, then it is necessary to ensure that the data integrity of the automation systems is maintained. During GMP inspections we only address this level in individual cases.

There is an abbreviation which is often used in connection with data integrity: ALCOA. What does this mean?

The WHO guideline defines the essential characteristics of paper-based and electronic data according to the ALCOA principle. The abbreviation ALCOA comes from:


On the topic of contemporaneous data it is important that the data are recorded in a manner which preserves the proper chronological order. At the latest when a process step is completed it must be protocolled. During an inspection the inspector may review the current batch record closely, for example. If the equipment has been running for a while already and the line clearance hasn’t been documented yet, this can give reason to start asking questions.

A company reported about the discovery by an inspector of a data integrity violation: A cleaning step had been protocolled at 5:30 pm. The responsible employee had left the factory grounds at 5:10 pm, however.

Another example is a batch record that had been signed, but there was no entry for the time point. In this kind case suspicions arise, whether the chronology of the events is to be entered later.

And now we’ve got ALCOA Plus! What’s behind this term?

The “Plus” covers the additional principles of CCEA. CCEA stands for complete, consistent, enduring and available. These “Plus Principles” are related to the ALCOA principles. So ALCOA Plus can be understood as an extension of the interpretation.


In the “Plus Principles” the audit trail plays a central role. What exactly is an audit trail?

Audit trails serve to enable the tracing of users and projects and the documentation that users have not made unauthorised changes. It is important that the audit trail remains complete and has been validated.


Should we understand the audit trail to be like an Excel spreadsheet list?

I would compare it more with an online diary for the data. It describes points such as: Who is logged in to the system? Who has done what? Using which access level? What was the initial status? What was the raw data? How did I process them? What was the result? What did I do with it then?

If this is all being recorded electronically in the background, is every employee becoming completely transparent?

Yes, you are right, that is a very sensitive topic. The audit trail has to be reviewed periodically by authorised persons. And also, GMP inspectors are allowed to review them as well.

When can legal consequences be expected, and who bears responsibility then?

The authorities would take legal steps in cases where massive data leaks have occurred, for example if the Qualified Person had released a batch in spite of the gaps in the data. In this case the QP would be personally responsible and would have to bear the consequences.


We extend our thanks to Dr. Petra Rempe for her willingness to answer questions from GMP Publishing and our customers.


Dr. Sabine Paris
Maas & Peither AG – GMP Publishing
Schopfheim, Deutschland
E-Mail: sabine.paris@gmp-publishing.com