If you work in pharmaceutical quality, you’ve heard of ALCOA+. These nine principles form the foundation of data integrity in regulated industries. But what do they actually mean in practice, and why do regulators care so much about them?
The origins of ALCOA+
ALCOA was originally developed by the FDA to define what constitutes a “good” record. The acronym stands for:
- Attributable
- Legible
- Contemporaneous
- Original
- Accurate
Later, the framework expanded to ALCOA+ with four additional principles:
- Complete
- Consistent
- Enduring
- Available
These principles apply to all GxP data—whether on paper, in electronic systems, or somewhere in between.
Breaking down each principle
Attributable
Every data entry must be traceable to the person who created it. In electronic systems, this means user authentication and audit trails. On paper, it means signatures and dates.
Common violations:
- Shared login credentials
- Missing signatures on paper records
- Generic “system” entries without user identification
Best practice: Implement individual user accounts with unique credentials. Never allow credential sharing, even for convenience.
Legible
Data must be readable throughout its required retention period. Faded thermal paper receipts fail this requirement. So do handwritten entries that no one can decipher.
Common violations:
- Thermal printer receipts that fade
- Handwriting that’s illegible
- Screenshots that lose resolution when zoomed
Best practice: Use permanent recording methods and verify readability at defined intervals.
Contemporaneous
Records should be created at the time of the activity, not reconstructed later. This is one of the most frequently cited violations during inspections.
Common violations:
- Batch records completed at end of shift instead of during activities
- Data entered days after collection
- Time stamps that don’t match actual activity timing
Best practice: Design workflows that make real-time recording the path of least resistance.
Original
The original record must be preserved. This doesn’t necessarily mean the first piece of paper—it means the first capture of data that will be retained.
Common violations:
- Discarding original chromatography data
- Keeping only summarized results
- “Transcribing” data without preserving the source
Best practice: Define what constitutes the original record for each data type and ensure it’s preserved.
Accurate
Data must reflect what actually happened. This includes not just the numbers, but the context around them.
Common violations:
- Rounding errors that compound
- Transcription mistakes
- Missing units or context
Best practice: Implement verification steps for manual data entry. Use automated capture where possible.
Complete
All data must be recorded, including failed runs, out-of-specification results, and anomalies. Selective recording is a serious integrity violation.
Common violations:
- “Unofficial” test runs not recorded
- OOS results discarded without investigation
- Partial records that exclude problematic data
Best practice: Create audit trails that capture all activities, including deletions and modifications.
Consistent
The same standards should apply across all records. Dating formats, naming conventions, and recording practices should be uniform.
Common violations:
- Different date formats in different systems
- Inconsistent naming conventions
- Varying levels of detail in similar records
Best practice: Establish and enforce data standards across all systems and processes.
Enduring
Records must be retained for their required retention period without degradation. This applies to both physical and electronic records.
Common violations:
- Media degradation (old backup tapes)
- System migrations that lose data
- File format obsolescence
Best practice: Implement verified backup procedures and test restoration regularly.
Available
Data must be accessible when needed—for routine operations, investigations, and regulatory inspections. Availability doesn’t mean convenience; it means retrievability.
Common violations:
- Archived data that can’t be restored
- Complex retrieval procedures that delay inspections
- System access issues during audits
Best practice: Test data retrieval procedures regularly and maintain access to historical systems.
Why regulators focus on data integrity
Data integrity isn’t about paperwork—it’s about patient safety. When pharmaceutical data can’t be trusted:
- Product quality becomes uncertain
- Process deviations go undetected
- Root cause investigations fail
- Patient safety decisions are based on unreliable information
The FDA, EMA, and other regulators have increased enforcement around data integrity because they’ve seen real cases where data manipulation led to patient harm.
Implementing ALCOA+ in modern systems
In a world of electronic systems and cross-functional workflows, ALCOA+ implementation requires:
- System-level controls - Audit trails, access controls, and electronic signatures
- Process-level controls - Training, SOPs, and verification procedures
- Cross-system integration - Consistent data handling across all systems
This is where many organizations struggle. Individual systems might meet ALCOA+ requirements, but what happens at the boundaries? When data moves from LIMS to QMS to ERP, is the chain of integrity maintained?
The path forward
ALCOA+ isn’t a checklist to complete—it’s a framework for thinking about data. Every time data is created, modified, or transferred, ask:
- Can we trace it back to who created it?
- Will it remain readable?
- Was it recorded when it happened?
- Do we have the original?
- Is it accurate?
- Is everything recorded?
- Is it consistent with other records?
- Will it last?
- Can we get to it when needed?
If the answer to any of these is uncertain, that’s a risk worth addressing.
BioWise helps pharmaceutical companies maintain data integrity across connected systems. Learn more about our approach.