DATA 

INTEGRITY
From Concept to Implementation
apt. Silvia Widyany, S. Farm
 Learning Objectives
• Importance of Data Integrity
• DI Culture
• Data Life Cycle
• Quality Risk Management
Importance of

Data Integrity
 Data Integrity… It’s important!
Data Integrity: The degree to which a collection of data is complete,
consistent, and accurate.*

! We need data integrity to ensure the quality of our products !

*FDA Glossary of Computer Systems Software Development Terminology

 ALCOA++
All data (including manual/ paper-based data, electronic data incl. metadata, and data in a hybrid format) comply with
the following DI requirements throughout the data life cycle, often referred to as “ALCOA+” principles.
The main criteria for Data Integrity are:
A Attributable who acquired the data or performed an action (e.g. change) and when

L Legible data must be recorded permanently in a durable medium and be readable

C Contemporaneous documented at the time of the activity, date/time stamps should follow in order

O Original / Reliable is the information the original record or a certified true copy?

A Accurate no errors or editing without documented amendments

+ Complete all data are present and available (e.g. incl. repeat or reanalysis performed)

+ Consistent consistent application of data time stamps in the expected sequence

+ Enduring on proven storage media (paper or electronic)

+ Available available/accessible for review/audit or inspection over the lifetime of the record
 Why the Increased focus?
Data Integrity is not new, so why the emphasis?
• From the background section of the recent FDA guidance on Data Integrity:
“In recent years, FDA has increasingly observed CGMP violations involving data integrity during CGMP inspections. This is
troubling because ensuring data integrity is an important component of industry’s responsibility to ensure the safety, efficacy, and
quality of drugs, and of FDA’s ability to protect the public health”
• The industry is moving toward using more electronic systems to manage data.
• Many analytical instruments and computerized systems have gaps that allow for Data Integrity issues.
• There is a better understanding of these systems and how data is managed
• Expectations for ensuring Data Integrity are evolving.
• There has been a paradigm shift with regard to Data Integrity and how we ensure Data Integrity in our analytical
and computerized systems.
• We must know our data are complete and accurate or be able to detect any data issues.
 Data Integrity Trends, Changes and Improvement on Worldwide

Guidelines published by different organizations and regulatory agencies:

 FDA: Data Integrity and Compliance With CGMP (Dic2018) and 21 CFR part 820, 194, etc..
*FDA Warning Letter  MHRA: GMP Data Integrity Definitions and Guidance for Industry (March 2018)
 WHO: Guidance on Good Data and Record Management
 GAMP Records and Data Integrity Guide, DI Key Concept and DI Manufacturing Records
Data Integrity

Culture
Data Integrity Culture
“Culture can be described using many different
terms, but the key is to define, emphasize and
support the demonstration of desired behaviors and
results.”

The cultural excellence framework focuses on six

dimensions that together foster, develop, monitor,
measure, learn, and ultimately improve an
organization's culture of excellence
 Leadership and Vision
Leaders can influence mindsets and attitudes!
A clear Data Integrity direction or plan enables the entire organization, enabling employees to work in alignment with the specified
goals and standards.

Leaders must clearly articulate the importance of DI as regulatory standard for patient safety as well as a business success factor

The first step for success is to ensure that site leadership are aware of:
Recent situation about regulatory finding
Regulation about DI
Overview computerized system in site 
Current status of DI in site
DI program expectation 
Gaps identified and strategy to implement include support needed from other departments (resource)
Routine activity & Project activity impact to site (This is NOT a One Time Activity!)
Project timeline and KPI goals for site
 Organizational Structure
Executive • Consideration should be given to the
Management
structure organization.
Corporate Quality
Assurance
• Departments specifically designed to
Site Quality ensure compliance across functional
Assurance
areas is recommended.
Site DI Lead WHY…?
 Increase expertise and governance of DI
 Increase complexity, couple with automation
and computerized systems to ensure security
Process System Quality
and control of data.
IT Support
Owner Owner Assurance
 Data Integrity Roles and Responsibilities
• Responsible for the business • Deputy of Process Owner
process (typically a senior member • Takes operational responsibility in
of the functional unit) the context of the business
• Responsible for integrity and Process Owner Process
(Data Owner) process.
compliance of specific data at various Manager
stages of data life cycle Responsible as system Administrator.
Ensures:
• The availability, installation, maintenance and
Works with the system within Data Integrity System support of the system during the complete
business requirements End User Owner system life cycle.
Roles
• The security and technical data integrity of the
data residing on that system.
• Maintaining access rights
• Collecting and tracking errors, bugs.
• Coordinating computer system changes
IT Support Quality (hardware and software).
• Installs, maintains and supports the Assurance
computerized system during the • Responsible for independent
complete system life cycle in a oversight and review to assure
qualified environment. integrity of data throughout the data
life cycle
• Provides the IT infrastructure services
• Accountable for quality policy and
necessary to run the system.
standards.
 How to shape DI Mindset?
Gemba Walk
Purpose
Who will participate?
Best practice activity for the shop floor, laboratories, and other
Senior Leadership Team, SME, Manager Area
functional areas
Opportunity
Gemba Walks are not:
A coaching/ mentoring to build and/ or enhance capabilities
and behavior and recognized and reinforce desired An audit (neither quality/ compliance nor environmental health
behaviors. and safety)

To learn from shop floor, foster quality mindset, encourage A general complaint or venting session
informed decision making for leaders A debate to defend individual viewpoints without facts
A way to empower personnel A troubleshooting exercise in which participants focus
An opportunity for the operator/ technicians/ analyst to show exclusively on areas with (technical) issues.
their pride and excellence in their jobs
 Behavioral Criteria and Improvement Actions
Accountability Ownership
Employee consistently see quality and DI compliance as Individuals are fully engaged, empowered, and taking
their personal responsibility. action to improve on quality and DI compliance for shaping
Accountability should be communicated consistently the quality mindset.
through job desciptions, onboarding practices, GxP
training, and performance goals and be supported by
coaching, capability development programs, rewards, and
recognition.

Action Orientation Speak Up

Employees commited to cultural excellence regularly Employees are not afraid to speak up, identify quality
identify issues and intervene to minimize potential future issues, or challenge the status quo for improved quality;
data integrity weakness. they believe management will act on their suggestions.
Why do we need Key Performance Indicators?
• To know where we are and where we should be
• To know our risk areas
• Increase the visibility of our strengths and weakness 
(Dashboard)
• Identify where the training have to be reinforced and 
prioritized investment
• Support that Data Integrity is not only QA 
responsibility. Data Integrity is the entire site 
responsibility.
 Management Oversight and Review
Key implementation considerations for a data integrity program
A documented rationale
Do adequate process exist within the QMS to prevent, detect, report, and address DI failures?
Are the ALCOA+ requirement clearly address within the QMS?
Are there adequately defined processes for generating and reviewing data?
Are there adequate controls for the entire life cycle of data?

Executive sponsorship and governance process

A sponsor is considered crucial to the overall success and will be required to set the direction, define the priorities, provide the resources, 
breakdown organizational barriers. 

Management accountability
Management should provide the appropriate resource to ensure DI, incl. personnel, instruments, systems, and understandable business 
process. 
Management should acknowledge some level of DI issue have & will occur. 
 Management Oversight and Review
Key implementation considerations for a data integrity program
Level of training
Is there appropriate knowledge and accountability for DI requirement & expectation at the operational level, as these are the personnel 
who typically generate and manage the data used to support product quality? 
User should be trained to understand their:
Role in maintaining DI
Business process and the information and the data they generate
Responsible for identifying and escalating concerns regardless of the impact on delivery, quotas or timeline. 
Metrics to measure performance
Program reporting to communicate progress
Audit and assessment processes
Audit can provide critical information to set a baseline and measure the success of implementation, as well as highlight possible gaps and 
possible corrections and additions to project scope.
Review and Assess the Effectiveness of Data Integrity Controls

Periodic review User access

of system review

Routine review
IT security audits
audit trail (data)

Periodic Review
audit trail QA Audits
(system)
Data
Life Cycle
Data Life Cycle

• Each life cycle phase can have an impact on data integrity.

• Risk-based business process should be defined and
implemented, and data flows should be understood to
identify, assess and mitigate and communicate potential data
integrity issues throughout the data life cycle.
• Data Owner responsible for the design, operation, working
environment and monitoring process/ system.
• GxP computerized systems supporting the data life cycle
and business process should be validated.
Quality

Risk Management
 Risk Management Approach
Perform initial risk assessment and   Perform functional Risk  Assessments  Review Risks and Monitor  
determine system impact. and Identify Controls Controls
Hazards and vulnerabilities should be 
identified and documented as part of 
risk assessment.

Step 1 Step 2 Step 3 Step 4 Step 5

Identify function with impact on   Implement and Verify Appropriate  

patient safety, product quality and   Controls
data integrity.
Initial Risk Assessment and Determine System Impact

IT
Infrastructure
 Identification of GxP Systems
Impact on patient safety, product quality and data integrity.

Does the system support processes in the manufacturing, packaging, quality control or
storage for APIs, finished products that are required by regulations?
All Systems
Is the system used to support Quality Management System?
Does this computerized system create, modify, maintain, archive, retrieve, or transmit
any electronic record(s) that are required to demonstrate compliance with GxP
GxP requirements?
Systems
Is the system used in the handling of a product following its release (e. g. for complaint
handling, adverse events, quarantine, recall, or stability purposes)?
Could an unintended malfunction of the software or use error lead to serious (injury or
impairment requiring professional medical intervention), critical (permanent impairment
or life-threatening injury) or catastrophic (death) patient harm?
 Hazard & Vulnerabilities
Examples of hazard & vulnerabilities potentially impacting to data integrity:
Data falsification due to storing data electronically in temporary memory in a manner that allows for 
manipulation
Loss or corruption of data due to system interface errors
Manual transcription or data entry errors
Unauthorized approvals due to uncontrolled access
Data corruption due to information security failures (e.g. firewall breaches or malware attacks)
Processing failure due to software or configuration error
Loss of data availability due to environmental problems or hardware failures
 Functional Risk Assessments
Perform, Identify, Implement and Verify Appropriate Controls

Data Integrity requires a comprehensive approach and a close collaboration with IT, Process Owners, System Owners
and QA:
• A comprehensive questionnaire to identify potential data integrity gaps
 Requires critical thinking and analysis
 Determine how to detect data integrity issues

• Documentation review
 Validation (data flow/definition, system configurations, roles/privileges, etc), SOPS (administrative and operational), reviews (access rights
and audit trails)

• System walkthrough
 Current configuration settings, changes to configuration settings, user access and segregation of duties, how data is modified and how data is
reviewed and approved.

• Completing the assessment

 Describe the DI controls
 Complete the Action Summary with an appropriate quality record to ensure completion.
 Reference
• ISPE GAMP RDI Good Practice Guide: Data Integrity – Key Concept
• ISPE GAMP RDI Guide: Record and Data Integrity Guide
• ISPE GAMP RDI Good Practice Guide: Data Integrity Manufacturing Records
• FDA: Data Integrity and Compliance With CGMP