Alongside a rising number of warning letters from regulators that address the topic of data integrity, a whole series of new regulations were also published last year by the FDA, EMA, WHO, PIC/S and others. Many of these regulations are still at the draft stage, and they show that the concept of data integrity and its associated requirements are still in flux. In the future, data integrity is likely to represent a new focal point for regulatory inspections. In all likelihood, the new regulations will be published in their final form by the end of this year or early next year.
Basic principles of data integrity
The keyword and acronym ‘ALCOA’ is commonly used as a mnemonic for the basic requirements for data integrity:
- A = attributable
- L = legible
- C = contemporaneous
- O = original
- A = accurate
These attributes relate both to the actual data itself and to the metadata with which these data items are associated. Of particular importance is the process of making verified copies, where there is a key distinction to be made between static and dynamic data. These requirements should be implemented by using a Data Governance system as part of the Quality Management system.
Some of the measures that are required here include:
- Assumption of responsibility by company management
- A risk- and lifecycle-based approach for handling data
- Deployment of an audit trail and its routine monitoring as part of data releases
- Periodical audits including self-audits and functional audits of the audit trail
- Validation and safeguarding of computerised systems