In the regulated industries of pharmaceuticals, biotechnology, and medical device manufacturing, data integrity is a cornerstone of compliance. Regulatory authorities such as the Therapeutic Goods Administration (TGA), the U.S. Food and Drug Administration (FDA), and the European Medicines Agency (EMA) consistently emphasise that decisions affecting patient safety and product quality must be based on reliable, accurate, and traceable data. To achieve this, industry has widely adopted the ALCOA++ principles as the gold standard for data integrity. Originally introduced by the FDA as ALCOA, the framework has since been expanded with additional requirements to address evolving regulatory expectations. Complying with ALCOA++ principles ensures that organisations not only meet legal obligations but also protect product quality, patient safety, and organisational reputation.

The Origin of ALCOA and Its Evolution

The ALCOA framework was first articulated in the 1990s by the FDA to describe the key attributes of data integrity: Attributable, Legible, Contemporaneous, Original, and Accurate. These five principles provide a foundation for ensuring that data generated in laboratories, manufacturing environments, and quality systems can be trusted. Over time, regulators recognised that these five attributes alone were not sufficient to cover the full scope of data governance. The framework was therefore expanded into ALCOA+ and later ALCOA++, which add principles such as Complete, Consistent, Enduring, and Available. Together, ALCOA++ represents a comprehensive set of expectations for handling data in GMP-regulated industries.

Attributable

Data must clearly indicate who performed an action and when it was performed. Every entry, whether in a paper batch record or an electronic system, should be linked to a specific individual. For paper records, this is achieved through signatures or initials with dates. In electronic systems, this is typically ensured by secure user accounts with audit trails. Attributability provides accountability and traceability, making it possible to reconstruct the history of a batch, a test, or a process.

Legible

Legibility ensures that data can be read and understood throughout its retention period. For paper records, this means using permanent ink, avoiding overwriting, and ensuring handwriting is clear. For electronic records, legibility involves ensuring data formats remain accessible despite technological changes. Legibility is essential because data that cannot be understood is effectively useless and undermines the integrity of the record.

Contemporaneous

Data must be recorded at the time the activity occurs. Retrospective entries create opportunities for errors and intentional falsification. In practice, contemporaneous recording ensures that the record reflects the true sequence of events. For example, laboratory analysts should document test results immediately during analysis rather than hours later. Manufacturing staff should record process parameters as they occur, not after the shift has ended. Contemporaneity strengthens reliability and supports accurate reconstruction of events.

Original

The original record, or a verified true copy, must be preserved. This principle ensures that data is not altered or lost over time. For paper-based systems, the original entry in a controlled document must be maintained. For electronic systems, the primary electronic file along with secure backups must be retained. If copies are made, they must be verified as exact reproductions. The principle of originality ensures authenticity, protecting data from unauthorised alteration.

Accurate

Data must reflect the true values observed during the activity. Accuracy depends on properly calibrated instruments, validated methods, and trained personnel. It also requires that errors are corrected transparently, with the original entry remaining visible and the reason for correction documented. Inaccurate data, whether through human error or deliberate falsification, poses significant risks to product quality and regulatory compliance.

Complete

ALCOA+ adds the requirement that all data related to an activity must be retained. Selective recording or omission of data is unacceptable. For example, if multiple test runs are performed, all results—including those outside specification—must be retained, not just the passing result. Completeness also applies to metadata, audit trails, and supporting records. Regulators expect a full picture of activities, not curated subsets of information.

Consistent

Consistency ensures that records follow the correct sequence and time order. Events must be documented chronologically, and time stamps must align accurately with actual activities. Consistency also applies across systems; data recorded in batch records must match related data in laboratory information management systems (LIMS), equipment logs, or electronic resource planning (ERP) systems. Inconsistencies raise red flags during inspections and suggest potential manipulation or poor data governance.

Enduring

Data must remain intact and accessible for its entire retention period. Paper records should be stored in controlled environments to prevent damage or fading. Electronic records must be maintained in validated systems with secure backups. Endurance means that data remains unaltered and retrievable even years after creation. For therapeutic goods, where records may need to be reviewed long after product release, enduring data is essential.

Available

Finally, data must be readily available for review by regulatory authorities, quality assurance personnel, and other authorised individuals. Accessibility is a key compliance requirement. Records locked in inaccessible archives, corrupted files, or systems without retrieval capabilities do not meet regulatory expectations. Availability ensures transparency, supports timely decision-making, and demonstrates compliance during audits and inspections.

Practical Challenges in Compliance

Despite clear regulatory expectations, complying with ALCOA++ principles presents challenges. Paper-based systems are vulnerable to illegibility, lost records, and delayed documentation. Electronic systems, while offering advantages, introduce risks such as inadequate validation, poor user access controls, and insufficient audit trails. Organisations must also ensure that employees are trained to understand the importance of data integrity. Even well-designed systems fail if staff take shortcuts, backdate entries, or ignore documentation rules.

Best Practices for Implementing ALCOA++

To comply effectively with ALCOA++ principles, organisations should adopt best practices such as:

• Implement validated electronic systems: Ensure systems have secure audit trails, access controls, and data backup mechanisms.

• Train staff extensively: Emphasise the importance of data integrity and the risks of non-compliance.

• Audit data processes regularly: Conduct internal reviews to identify gaps and corrective actions.

• Document procedures clearly: SOPs should describe how data is generated, recorded, and stored.

• Promote a culture of integrity: Encourage employees to report errors honestly and discourage shortcuts.

• Align with international guidelines: Follow guidance documents such as MHRA’s GxP Data Integrity Guidelines and FDA’s Data Integrity Guidance.

The Regulatory Perspective

Regulators consistently take data integrity failures seriously. Common inspection findings include missing raw data, incomplete records, and inadequate audit trails. Such failures can result in warning letters, product recalls, or suspension of manufacturing licenses. By contrast, companies that demonstrate strong compliance with ALCOA++ principles build trust with regulators, streamline inspections, and strengthen their reputation for quality and reliability.

Talk to Quality Systems Now about ALCOA principles

Complying with ALCOA++ principles is not a bureaucratic exercise but a scientific and ethical requirement that safeguards data integrity across regulated industries. Attributable, Legible, Contemporaneous, Original, Accurate, Complete, Consistent, Enduring, and Available—together these principles provide a robust framework for ensuring reliable data. For manufacturers, laboratories, and biotechnology companies, embedding ALCOA++ into daily practice protects patient safety, ensures regulatory compliance, and strengthens organisational resilience. By combining strong systems, thorough training, and a culture of integrity, companies can navigate the complexities of data governance effectively and with confidence.