Data Integrity Policy (ALCOA+)

Data Integrity Policy. The organization is committed to ensuring the integrity of all data generated, recorded, processed, reported, and retained in connection with regulated activities, in accordance with 21 CFR Part 11 and applicable FDA and international guidance on data integrity (including WHO, MHRA, and PIC/S guidelines). Data integrity is defined in terms of the ALCOA+ principles: all data must be Attributable (traceable to the person who generated it), Legible (readable and permanently recorded), Contemporaneous (recorded at the time the activity was performed), Original (the first recording of the data, or a certified true copy), and Accurate (free from errors, complete, and truthful); with the additional requirements that data must be Complete (including all re-tests, repeat analyses, and any data generated during an investigation), Consistent (recorded in a chronologically logical sequence using approved timestamps), Enduring (recorded on permanent, approved media), and Available (accessible for review and audit throughout the retention period). The organization shall: (a) implement technical controls within Part 11-applicable systems to enforce ALCOA+ principles, including audit trails, access controls, and electronic signatures; (b) establish procedural controls, including SOPs for data entry, review, correction, and reporting; (c) prohibit the use of informal or unofficial records (e.g., scrap paper, personal notebooks, or unapproved spreadsheets) for recording regulated data; (d) conduct periodic data integrity assessments to identify risks and implement mitigating controls; and (e) include data integrity as a standing agenda item in management review meetings.