Data Integrity in Pharma: ALCOA+, Regulators, and the 483 Failures
Data integrity is the assurance that records are complete, consistent, and accurate across their lifecycle. This guide explains ALCOA+, what FDA, MHRA and WHO expect, the failures that draw 483s, and where revised Schedule M fits.
Data integrity is the degree to which data are complete, consistent, accurate, trustworthy, and reliable throughout their entire lifecycle, from the moment they are generated, through processing, review, reporting, and retention, to eventual disposal. In a pharmaceutical manufacturing context it is the assurance that the record of what happened on the floor faithfully represents what actually happened, and that it stays that way for as long as the record is kept. When a regulator questions data integrity, they are questioning whether the evidence of quality can be believed at all, which is why it has become the dominant theme in FDA inspection findings and warning letters.
The reason the topic feels abstract is that integrity is not a single control you can install; it is a property that emerges from many controls working together. The industry compresses those expectations into a memorable framework, ALCOA, extended to ALCOA+, and the regulators (FDA, MHRA, WHO, PIC/S, and in India, the revised Schedule M) each express the same expectations in their own guidance. This guide walks the principles, the regulatory expectations, the failures that recur in 483s, and how electronic records turn the principles from aspiration into enforcement.
Data integrity is not a feature you switch on. It is the combined effect of attributable, contemporaneous, original, accurate records that stay complete, consistent, enduring, and available for their full retention life. ALCOA+ is the shorthand; the controls behind it are the substance.
The nine ALCOA+ principles, with examples
ALCOA is the original five; the '+' adds four. Together they define what a trustworthy record looks like.
ALCOA was coined by the FDA as the attributes of good records. ALCOA+ adds four further attributes that MHRA and WHO made explicit. The nine below are the working definition of data integrity for a pharma-manufacturing reader.
Attributable
Every record shows who generated it and when. A weight captured during dispensing is tied to the named operator who recorded it and the timestamp of capture. Failure mode: a shared login, so the entry traces to a generic account rather than a person.
Legible
Records are readable and permanent for their full retention life. A handwritten entry must be legible and not obscured by overwriting; an electronic entry must remain renderable. Failure mode: a corrected paper value written over the original so the first reading can no longer be read.
Contemporaneous
Data are recorded at the moment the activity is performed, not reconstructed later. An in-process pH is entered when it is measured. Failure mode: operators writing readings onto a scrap sheet and transcribing them into the logbook at end of shift, from memory.
Original
The first capture of the data, or a verified true copy, is preserved, not just a transcription. The balance printout or the raw instrument data file is the original. Failure mode: discarding the original printout after manually transcribing the number into the batch record.
Accurate
Records are correct, truthful, and free from error, with edits controlled and justified. A reported assay result matches the instrument's raw data. Failure mode: editing a chromatographic integration to pass specification without a recorded, reviewed reason.
Complete
All data are present, including repeats, reanalyses, and failing or aborted results, with nothing selectively deleted. Failure mode: deleting an out-of-specification injection and reporting only the passing re-test, often called 'testing into compliance'.
Consistent
Records follow a logical, expected sequence, with date and time stamps in the right order across related records. Failure mode: an audit trail showing a result signed before the test it reports was run, exposing back-dating.
Enduring
Records are durable and preserved for the entire required retention period on stable media. Failure mode: critical data held only in a temporary spreadsheet or on instrument memory that is overwritten on the next run.
Available
Records can be retrieved for review, audit, or inspection throughout their retention period. Failure mode: data archived in a format or system that cannot be read back, so a cleaning or analytical history cannot be reconstructed during an inspection.
What FDA, MHRA and WHO expect
Three frameworks, one expectation: data that can be trusted across its lifecycle.
The major regulators have each published dedicated data-integrity guidance over the past decade. They converge on the same principles and the same risk-based, lifecycle framing.
The FDA sets its expectations in the guidance Data Integrity and Compliance With Drug CGMP: Questions and Answers (2018), framed around the existing cGMP requirements in 21 CFR Parts 210, 211, and 212. It defines data integrity through the ALCOA attributes, expects audit trails for GMP-relevant electronic records to be reviewed with the same rigour as the records themselves, expects access controls that prevent unauthorised changes, and treats failures such as shared logins, disabled audit trails, and uncontrolled spreadsheets as serious cGMP violations. The controls in 21 CFR Part 11 are the mechanism through which these electronic-record expectations are met.
The MHRA publishes the GxP Data Integrity Guidance and Definitions (2018), which is among the most cited statements on the subject. It defines ALCOA and the ALCOA+ extensions explicitly, stresses that effort and control should be proportionate to the risk the data carry to patient safety and product quality, introduces the concept of the data lifecycle and of designing systems so the right behaviour is the easy behaviour, and is pointed about the limits of relying on people rather than system design. The WHO guidance, Annex 3 of Technical Report Series No. 1019, “Guideline on good data and record management practices,” covers the same ground for the WHO prequalification and member-state context, and PIC/S PI 041 provides the harmonised inspectorate guidance for participating authorities. Read across all four, the message is identical: integrity is a lifecycle property, controls should be risk-based, and the system should make the trustworthy path the path of least resistance.
The 483 failures that recur
The same handful of integrity gaps appear inspection after inspection.
Data-integrity findings are remarkably consistent. The same root causes appear across facilities and years, and each maps directly back to an ALCOA+ principle that the system failed to enforce.
Reading across published FDA 483s and warning letters, the recurring data-integrity failures cluster into a short list: shared or generic logins that break attributability; audit trails that were disabled, not reviewed, or did not capture deletions; original electronic data deleted or overwritten after acquisition; “testing into compliance,” where failing results are discarded and only passing re-tests reported; back-dated or fabricated records; and uncontrolled spreadsheets standing in for validated systems. Our own inspection write-ups show the pattern concretely: the data-integrity findings at Tyche Industries, the data-integrity observations at Immacule Lifesciences, the environmental-monitoring data-integrity findings at Natco, and the QC data-integrity observations at Catalent each trace to one or more of these root causes.
What links them is that paper and hybrid systems cannot enforce the principles; they can only request them. Electronic records, properly controlled, enforce them by design: a unique login makes every entry attributable; capture at the instrument makes it contemporaneous and original; a non-defeatable audit trail makes it consistent and complete; and managed retention keeps it enduring and available. This is why the FDA’s data-integrity guidance and Part 11 are so tightly linked: the controls that satisfy Part 11 are the same controls that make ALCOA+ real on the floor.
Revised Schedule M (CDSCO GMP)
India's GMP modernisation makes data integrity and computerised-system control explicit.
For manufacturers serving or based in India, the revised Schedule M is the domestic GMP instrument that now carries explicit data-integrity expectations. It is the highest-volume regulatory reference for the India audience, and it moves Indian GMP closer to WHO-GMP and PIC/S thinking.
Schedule M sits within India’s Drugs and Cosmetics Rules and defines the Good Manufacturing Practices and requirements for premises, plant, and equipment for pharmaceutical products, administered by the Central Drugs Standard Control Organisation (CDSCO). Its revised version modernises Indian GMP substantially: it introduces a formal Pharmaceutical Quality System, quality risk management, and a product quality review, and, most relevant here, it makes data integrity and the control of computerised systems explicit requirements rather than implicit ones, aligning the domestic standard far more closely with WHO-GMP and the expectations in EU GMP and PIC/S. For a manufacturer, the practical effect is that the ALCOA+ principles and computerised-system controls described above are now domestic regulatory expectations, not just the price of exporting to the US or EU.
The implementation has been phased by manufacturer size, with different timelines for larger manufacturers versus small and medium enterprises, and CDSCO has revised those timelines over the course of the rollout. Because the exact notification date and the current compliance deadlines have shifted during implementation, this guide describes the substance of the revised requirements rather than asserting specific dates; the precise effective dates applicable to a given manufacturer should be confirmed against the current CDSCO notification before they are relied upon. The direction, however, is settled: revised Schedule M brings explicit data-integrity, quality-system, and computerised-system requirements into Indian GMP, so a site that has built genuine ALCOA+ controls for FDA or EU purposes is already most of the way to meeting it.
From principle to enforcement: data integrity software
The controls that make ALCOA+ real are the same ones a modern MES applies by design.
For a quality leader evaluating how to close data-integrity gaps, the question is less “what are the principles” and more “what system enforces them without relying on people to remember.” That is the shopping intent behind data-integrity software.
The durable way to satisfy data integrity is to remove the opportunities for it to fail: to capture data at the source, attribute every entry to a unique identity, record every change in an audit trail that cannot be switched off, and retain records in a controlled, retrievable form for their full life. That is exactly what a purpose-built manufacturing execution system does across batch execution, electronic logbooks, and QA review: guided steps that must be performed in sequence, instrument data captured without transcription, electronic signatures linked to records, and a complete 21 CFR Part 11 audit trail behind every action. The result is that ALCOA+ stops being a training topic and becomes the way the floor already works.
Getting there does not require a single high-risk cutover. The pragmatic route is the phased one described in our MES implementation strategy: start with the highest-risk records (batch records and logbooks), prove the controls, then expand, so data-integrity risk falls from the first phase rather than waiting for a complete deployment. For the underlying batch record itself, the electronic batch records guide describes how the record is built as the batch runs, which is where attributability, contemporaneousness, and originality are won or lost.
Frequently asked questions
What is data integrity in pharma?
Data integrity in pharma is the assurance that data are complete, consistent, accurate, trustworthy, and reliable across their entire lifecycle, from generation through processing, review, reporting, and retention to disposal. In manufacturing it means the record of what happened on the floor faithfully represents what actually happened and stays that way for as long as the record is retained. Regulators assess it because the evidence of product quality is only as good as the integrity of the records behind it. The industry expresses the expectation through the ALCOA and ALCOA+ principles, and FDA, MHRA, and WHO each publish dedicated data-integrity guidance built on the same ideas.
What does ALCOA+ stand for?
ALCOA stands for Attributable, Legible, Contemporaneous, Original, and Accurate, the five original attributes of a good record defined by the FDA. ALCOA+ adds four further attributes made explicit by MHRA and WHO: Complete, Consistent, Enduring, and Available. Together the nine describe what a trustworthy record looks like: it shows who recorded it and when, it is readable and permanent, it is captured at the time of the activity, the first capture or a true copy is preserved, it is correct and truthful, nothing is selectively omitted, related records are in a logical time sequence, the data are durable for the full retention period, and they can be retrieved for review or inspection.
What is the difference between ALCOA and ALCOA+?
ALCOA is the original five-attribute framework, Attributable, Legible, Contemporaneous, Original, and Accurate. ALCOA+ keeps those five and adds Complete, Consistent, Enduring, and Available, four attributes that MHRA and WHO articulated to close gaps the original five did not state explicitly, such as the need to keep all results including failures, to keep related records in a consistent sequence, to preserve data for the full retention period, and to keep them retrievable. The two are not competing models; ALCOA+ is simply the more complete statement, and most current regulatory guidance uses the ALCOA+ set.
Why is data integrity a top FDA 483 and warning letter theme?
Because a data-integrity failure undermines the credibility of every other record a site produces, the FDA treats it as one of the most serious categories of cGMP violation. The recurring findings are consistent across inspections: shared or generic logins that break attributability, audit trails that were disabled or never reviewed, original electronic data deleted or overwritten, testing into compliance where failing results are discarded, back-dated or fabricated records, and uncontrolled spreadsheets used in place of validated systems. Each maps to an ALCOA+ principle the system failed to enforce, and because paper and hybrid systems can only request the right behaviour rather than enforce it, the same gaps reappear until records are captured and controlled electronically.
How do electronic records and 21 CFR Part 11 support data integrity?
Electronic records, when controlled to 21 CFR Part 11, enforce the ALCOA+ principles by design rather than relying on people to follow them. A unique user login makes every entry attributable; capture directly from an instrument makes data contemporaneous and original by removing transcription; a secure, time-stamped audit trail that cannot be disabled makes records consistent and complete by preserving every change and deletion; and managed, validated retention keeps records enduring and available for their full life. This is why the FDA's data-integrity guidance and Part 11 are tightly linked: the Part 11 controls are the practical mechanism that turns the data-integrity principles into something the system guarantees.
What does revised Schedule M require on data integrity?
Revised Schedule M, the Good Manufacturing Practices standard within India's Drugs and Cosmetics Rules administered by CDSCO, modernises Indian GMP and makes data integrity and the control of computerised systems explicit requirements, alongside a formal Pharmaceutical Quality System, quality risk management, and product quality review. In practice that means the ALCOA+ principles and computerised-system controls expected by FDA, MHRA, and WHO are now domestic regulatory expectations in India as well. Implementation has been phased by manufacturer size and the timelines have been revised during the rollout, so manufacturers should confirm the specific current effective dates against the latest CDSCO notification, while treating the substantive requirements as already in force in direction.
What is data integrity software, and what should it do?
Data integrity software is any system whose purpose is to make records satisfy the ALCOA+ principles automatically rather than through manual discipline. At minimum it should capture data at the source to avoid transcription, enforce unique user identities and role-based access, apply electronic signatures linked to the records, maintain a secure time-stamped audit trail that cannot be disabled and that captures every change and deletion, and retain records in a controlled, retrievable form for their full retention period, all validated for intended use under 21 CFR Part 11. In pharmaceutical manufacturing this is delivered most completely by a manufacturing execution system that applies these controls across batch execution, logbooks, and quality review.
Every recurring 483 data-integrity finding maps to an ALCOA+ principle a paper or hybrid system could only request, not enforce. Capturing records electronically under proper controls is what turns the principles into guarantees.
Data integrity and cleaning validation are the two areas where the gap between a written procedure and the enforced reality is most visible to an inspector, which is why the electronic batch records and cleaning validation guidelines pillars sit alongside this one. The common thread is that integrity is won at the point of capture: a record that is attributable, contemporaneous, and original when it is created rarely becomes a finding later, while one reconstructed from memory at end of shift almost always can. Build the controls into how the work is done, and ALCOA+ stops being an audit anxiety and becomes a property of the record itself.
Related Articles
21 CFR Part 11: What It Is and What It Requires
What 21 CFR Part 11 requires in plain English: electronic records and signatures, predicate rules, audit trails, validation, and Annex 11 mapping.
Swab Sampling Procedure for Cleaning Validation: Methods, Recovery and Limits
How to run swab and rinse sampling for cleaning validation — worst-case locations, the swab technique, recovery studies, the swab limit, and visual checks.
MACO Calculation: Methodology and Formulas for Cleaning Validation
How to calculate MACO three ways — health-based (PDE/ADE), dose-based, and 10 ppm — with formulas, a worked example, and an interactive calculator.
Newsletter
Stay ahead in the Industry
Regulatory updates, pharma quality insights, and AI in manufacturing — written for quality leaders, not marketers.
Please use your official work email. Personal email addresses (Gmail, Yahoo, etc.) will not receive the newsletter. No spam. Unsubscribe anytime.
Ready to see what an AI-native quality platform looks like? Leucine unifies quality management, regulatory compliance, and production operations into one intelligent system.
