Data Integrity in Pharma: The ALCOA+ Guide

2026-06-05

Data integrity in pharma explained through ALCOA+ (Attributable, Legible, Contemporaneous, Original, Accurate + Complete, Consistent, Enduring, Available) — the regulations, the common 483 failures, and how to build it in by design.

When the FDA or MHRA inspects a pharmaceutical site, the question underneath almost every other question is the same: can I trust your data? Year after year, data integrity is the single largest source of 483 observations and warning letters — not because companies fake results, but because their records can't prove they didn't.

This guide explains data integrity in pharma through the framework regulators use to judge it — ALCOA+ — and shows how to build records that pass that test by design rather than by hope.

What data integrity means

Data integrity is the degree to which data is complete, consistent, and accurate throughout its entire lifecycle — from the moment it is generated, through processing and reporting, to archival and eventual retrieval. It applies to every GxP record: a balance reading, a chromatogram, a batch record entry, a deviation closure, an equipment log.

A result isn't trustworthy because someone says it happened. It's trustworthy because the record shows who produced it, when, from what, and that nothing was changed without trace. That is what ALCOA+ formalises.

ALCOA — the five core principles

ALCOA is an acronym coined by the FDA. Every GxP record must be:

• Attributable — you can tell who created or changed the data, and when. Shared logins and unsigned entries break this immediately.
• Legible — the data is readable and permanent. Faded thermal printouts, pencil entries, and overwritten cells fail.
• Contemporaneous — the data is recorded at the time the activity happened, not reconstructed later from memory or a sticky note.
• Original — it's the first capture of the data (or a verified true copy), including all original metadata — not a transcribed summary that loses the underlying detail.
• Accurate — the data is correct, complete, and free from errors, reflecting what actually occurred.

The "+" — four more that close the gaps

Regulators extended ALCOA to ALCOA+ because the original five left room to wriggle. The additions:

• Complete — all data is present, including repeat tests, reprocessing, and any failures. Deleting an "inconvenient" injection breaks this.
• Consistent — the sequence of events is logical and date/time stamps run in order, across all related records.
• Enduring — records last as long as required (often years), on durable media, not on a scrap of paper or a local spreadsheet that gets overwritten.
• Available — the data can be retrieved for review or inspection throughout its retention period, in a reasonable time.

Put together, ALCOA+ is a single test: if an inspector pulled this record cold, could it stand on its own?

The regulations behind it

ALCOA+ isn't a guideline you can opt out of — it's how these binding regulations are enforced:

• US FDA 21 CFR Part 11 — electronic records and electronic signatures: unique user IDs, secure audit trails, system validation.
• EU GMP Annex 11 — the European equivalent for computerised systems.
• MHRA 'GxP' Data Integrity Guidance (2018) — the most quoted practical guide; source of much ALCOA+ language.
• WHO and PIC/S guidance — widely referenced in emerging-market and global inspections.
• 21 CFR Parts 210/211 — the underlying GMP record-keeping requirements.

The failures inspectors actually find

Data integrity citations rarely involve outright fraud. They're usually these patterns:

• Shared or generic logins — "QC_User" did everything, so nothing is attributable.
• No audit trail, or a disabled one — changes leave no trace; the system could record them but the feature was switched off.
• Audit trails never reviewed — the trail exists but nobody looks, so changes go unnoticed.
• Back-dating — an entry recorded days late but dated as if contemporaneous.
• Testing into compliance / orphan data — failing results deleted or unsaved, only the passing run kept (the classic OOS data-integrity failure).
• Uncontrolled spreadsheets — calculations in an Excel file anyone can edit, with no version control or audit trail.
• Paper that can be reprinted or re-recorded — a "blank" form filled in after the fact.

Notice the common thread: the tool allowed the gap. Paper and spreadsheets can't enforce attribution, contemporaneity, or an audit trail — so integrity depends on people remembering to be disciplined, every time.

Static vs dynamic data — and why metadata matters

Inspectors distinguish two kinds of records:

• Static data — a fixed snapshot, like a printout or a PDF.
• Dynamic data — data you can interact with and reprocess, like a chromatography data file with its integration parameters.

For dynamic data, the metadata (who, when, what method, what changes) is part of the record. Keeping only a printed chromatogram and discarding the underlying data file destroys integrity, because the printout can't show whether the integration was reprocessed to pass. Complete and original means keeping the data, not just the picture of it.

How to build data integrity in by design

You don't achieve ALCOA+ by training people to be careful. You achieve it by using a system where the un-compliant action is impossible:

• Unique user identities — every action is tied to a named person; no shared logins. → Attributable
• System-applied timestamps — the record is stamped by the system at the moment of entry, so it can't be back-dated. → Contemporaneous, Consistent
• Immutable audit trail — every create, change, and deletion is logged with who/what/when/old-value/new-value, and the trail can't be switched off. → Original, Complete
• Records that can't be deleted, only superseded — nothing disappears; a correction is a new versioned entry. → Complete, Enduring
• Validation and controlled fields — required entries, format checks, and acceptance limits stop bad data at the point of capture. → Accurate, Legible
• Durable, searchable storage — records persist for their retention period and can be retrieved in seconds. → Enduring, Available
• Audit-trail review built into the process — review of changes is a defined step, not an afterthought.

How Flobri enforces ALCOA+

Flobri's quality workflows are built so each ALCOA+ principle is a property of the system, not a habit:

• Every entry and transition is tied to the logged-in user and timestamped by the system — attributable and contemporaneous, with nothing to back-date.
• A complete audit trail records who did what and when across the whole record lifecycle, and it can't be turned off.
• Records are stage-controlled and versioned — a result, a deviation, or a batch release moves forward through approvals; corrections are tracked, not overwritten.
• Required fields and validation keep entries complete and accurate at the point of capture.
• Everything is stored durably and searchable — "show me the record for batch B-2024-0347" is a 30-second retrieval, not a file hunt.
• A confirmed OOS, deviation, change control, or CAPA stays linked to its evidence, so the data tells one consistent story.

The point isn't that the software is careful. It's that the careless path doesn't exist — which is exactly what "data integrity by design" means, and exactly what an inspector is looking for. (See also how to prepare for an FDA or GMP audit with digital documentation.)

Frequently asked questions

What does ALCOA+ stand for?

Attributable, Legible, Contemporaneous, Original, Accurate — plus Complete, Consistent, Enduring, and Available. It's the framework regulators use to assess whether GxP data can be trusted.

What is data integrity in pharma?

The assurance that data is complete, consistent, and accurate throughout its lifecycle — from generation to retrieval — so that records reliably reflect what actually happened.

What is 21 CFR Part 11?

The US FDA regulation governing electronic records and electronic signatures, requiring controls such as unique user IDs, secure and time-stamped audit trails, and system validation so electronic records are as trustworthy as paper.

What is the difference between static and dynamic data?

Static data is a fixed snapshot (a printout or PDF). Dynamic data can be interacted with and reprocessed (a chromatography data file). For dynamic data, the metadata and underlying file are part of the record and must be retained — a printout alone isn't enough.

Why do most data integrity findings happen?

Usually not fraud, but tools that can't enforce the rules — shared logins, missing or disabled audit trails, back-dated paper, and uncontrolled spreadsheets — which leave integrity dependent on people remembering to be disciplined.

Flobri runs OOS, deviation, change control, CAPA, calibration, and batch release as connected, audit-ready workflows with per-user attribution, system timestamps, and an immutable audit trail — data integrity built in, not bolted on. See how Flobri handles pharma quality workflows.