Integrating Data Integrity into Your Quality System
If you’re an organization seeking guidance for integrating data integrity into your quality system to ensure regulatory compliance, our experts shed light into key considerations below.
With such a heavy focus on data integrity by the U.S. Food and Drug Administration (FDA) in its assessment of quality systems, it has become vital for the pharmaceutical industry and its regulatory agencies to embed data integrity into the center of their quality approach. These principles are referred to as ALCOA, with two additions being made in recent years indicated by ALCOA++. Each letter in the ALCOA acronym refers to a concept that is key to maintaining successful data integrity in an organization, and each plus sign refers to additional concepts added later following the conception of ALCOA. ALCOA++ can be defined by the following:
ALCOA
Attributable: All paper and electronic data must be attributable to the person generating the data, including who performed an action and when. Ensuring data is attributable can be accomplished by initialing (or signing) and dating a paper record when recording manually or by audit trail in an electronic system.
Legible: All paper and electronic data must be legible and permanent. On paper, handwriting must be clearly written to make out any information, while electronic data must have the storage of clear and readable metadata to support it. Ensuring records are legible and permanent assists with its accessibility throughout the data lifecycle, including the storage of paper and electronic data.
Contemporaneous: Contemporaneous means recording the paper or electronic data at the time it’s generated. Date and time stamps should be recorded in a meaningful order to consider the data credible. Data should never be backdated, and forms should never be completed with expected results prior to execution.
Original: Original data is the paper or electronic medium in which the data point is initially recorded, including protocol, form, notebook, spreadsheet, database, or software application. Understanding where the original data is generated is critical to ensure content and meaning are preserved.
Accurate: For paper and electronic data to be accurate, the data should be free from errors, truthful, and reflective of the observation. Editing should only be performed by using the principles of good documentation practices. Accuracy is ensured by following standard operating procedures, validated analytical methods, and using qualified computerized systems.
ALCOA++
Following the core ALCOA principles, these five additional concepts round out the rest of the ALCOA++ principles: the first 4 are ALCOA +, the last one was added for ALCOA ++
Complete: All recorded paper and electronic data generation must be properly recorded, clearly identifying the person generating the data, and all recorded data requires an audit trail to show nothing has been deleted or lost.
Consistent: Data consistency means that data values are the same for all instances of an application. This data belongs together and describes a specific process at a specific time, meaning that the data is not changed during processing or transfers. The data’s sequence of events should be in the expected sequence of operations and appropriately dated or time-stamped to demonstrate the data are contemporaneous.
Enduring: Paper and electronic data are appropriately recorded in laboratory notebooks or validated software systems, including spreadsheets and databases. This principle of ALCOA+ places specific emphasis on ensuring data is available throughout the data’s retention period.
Available: Paper and electronic data must be available for review, audits, or inspections for the required lifetime of the record. Paper and electronic data should be clearly indexed and/or appropriately labeled and stored to facilitate retrieval.
Traceability: Starting in 2023, a 10th ALCOA principle of traceability was included, making it ALCOA++: stating that data must be traceable throughout the process and the data’s lifecycle. Changes to said data must be reflected in its metadata.
Ensuring Data Integrity with Effective Data Governance
For pharmaceutical organizations to maintain their data integrity and successfully follow ALCOA++ principles, they must deploy frameworks and controls to track and monitor their data management. How can data be ensured to be reliable and trustworthy if there aren’t rules and standards governing its controls? This is where the concept of data governance comes in.
While data integrity ensures that the data in use is accurate and complete, data governance is the framework that ensures a robust, cross-functional, and sustainable approach to data integrity. Data governance sets the internal rules, principles, and standards that dictate how an organization controls its data.
Data integrity is the output of a well-defined and robust data governance program. Quality data cannot be achieved if quality measures are not being taken to govern that data. From the creation to deletion of data, data governance dictates the controls needed for managing the data successfully throughout its lifecycle. A robust data governance framework will prevent unauthorized access, destruction, use, and many other inhibiting factors that arise throughout the data lifecycle while maintaining organizational compliance with ALCOA++ principles. Organizations will typically dedicate a department or division to managing data governance within the firm, due to the criticality of data governance in the pharmaceutical industry.
Successful data governance is not an instantaneous process. Organizations are complex entities with employees, third parties, and other stakeholders that need to be accounted for. Data governance frameworks need to evolve – not only as systemic data integrity deficiencies or gaps in the organization arise, but as emerging technologies become validated and indoctrinated into company practices. Organizations must be proactive and think about the road ahead. Just because something works now does not mean it will work later or cannot be improved.
Data Governance and Data Integrity Maturity
Data governance and data integrity maturity are a continuum. Some companies may be lagging in their data governance frameworks with large amounts of data assets being uncontrolled while other companies may have reached leading practices with their data, where data governance initiatives and improvements have been implemented. This development of an organization’s data governance capabilities is commonly referred to as Maturity.
A commonly used tool in pharmaceuticals to measure the progression of this data governance maturity is known as a maturity model. Maturity models track the development of the organization in its data governance by utilizing progressing maturity levels as references or measures to indicate the position of the organization’s current maturity.
Maturity models tend to differ depending on the industry or the organization in question, but a typical maturity model will comprise of five levels that quantify the organization’s data governance ability, with “1” being the lowest level of maturity and “5” being the highest level of maturity. At a maturity level of 1, an organization will be nonexistent when it comes to data governance frameworks or a dedicated team, while at a 5, an organization will be continuously improving its data governance initiatives and frameworks via a robust organizational data governance culture.
Embedding Data Integrity into Your Quality Approach
Embedding data integrity into your quality approach requires a robust data governance program. Wherever your organization may be on your data governance journey, Clarkston can partner with you to identify your data governance maturity level with a comprehensive maturity assessment. Reach out to us today.
Subscribe to Clarkston's Insights
Contributions from Jonathan Benincosa and Hugo Rincon