Evidence & Data Integrity GLP/GCP/GMP expectations by phase

Evidence & Data Integrity GLP/GCP/GMP expectations by phase

June 18, 20267 min read

Evidence generation in regulated life science environments is governed by a progressive framework of Good Laboratory Practice, Good Clinical Practice, and Good Manufacturing Practice. Each framework defines expectations for how data is created, recorded, reviewed, stored, and ultimately used to support decisions about safety, efficacy, and quality. While the terminology differs between GLP, GCP, and GMP, the underlying requirement is consistent: data must be trustworthy, attributable, contemporaneous, original, accurate, and complete, with appropriate controls to ensure reliability over time.

As organisations move from discovery through preclinical research, clinical evaluation, and commercial manufacturing, the nature of evidence changes. Early-stage data tends to be exploratory and flexible, whereas later-stage data must withstand regulatory scrutiny and support product approval or release decisions. Understanding how data integrity expectations evolve by development phase is essential for building systems that are neither under-controlled nor unnecessarily burdensome.

Data Integrity as a Lifecycle Principle

Data integrity is not a static requirement applied at a single point in development. It is a lifecycle principle that governs how evidence is generated and maintained from initial observation through to regulatory submission and post-market surveillance.

Core expectations are consistent across all GxP domains. Data must be attributable to a clear source, recorded at the time of activity, and preserved in its original form or in a validated true copy. Changes must be traceable, justified, and approved. Completeness ensures that all relevant data, including deviations and outliers, are retained rather than selectively removed. Accuracy requires that recorded information reflects the actual observation or result without distortion.

The ALCOA+ framework extends these principles by incorporating elements such as consistency, durability, and availability. Across all phases, these attributes define whether evidence is suitable for decision making and regulatory reliance.

GLP Expectations by Phase

Good Laboratory Practice primarily governs non-clinical safety studies intended to support regulatory submissions. In early discovery phases, GLP principles may not be fully implemented, but elements of controlled documentation and traceability are still necessary to ensure scientific reliability.

As development transitions into formal non-clinical studies, GLP requirements become strict. Study protocols define the experimental design in advance, including objectives, methods, statistical approaches, and acceptance criteria. Any deviation from the protocol must be documented, justified, and assessed for impact.

Raw data becomes a critical regulatory asset. It must be retained in a manner that prevents loss or unauthorised modification. This includes handwritten records, instrument outputs, and electronic data files. Laboratory systems must ensure traceability from sample receipt through to final reporting.

Quality assurance units play a key role in GLP environments by conducting independent inspections of study conduct and data integrity. Their role is not to generate data but to verify that systems are functioning in accordance with applicable standards.

As studies become more complex, increasing emphasis is placed on validation of analytical methods, calibration of equipment, and controlled handling of test materials. These controls ensure that data generated is reproducible and scientifically defensible.

GCP Expectations by Phase

Good Clinical Practice governs clinical trials involving human participants. Data integrity in this environment is directly linked to participant safety and the validity of efficacy outcomes.

Early clinical phases often involve smaller datasets but require heightened attention to informed consent, protocol adherence, and safety reporting. Data must be recorded contemporaneously at the point of care or observation, typically within case report forms or validated electronic data capture systems.

As trials progress into later phases, data volume and complexity increase significantly. Multi-site studies introduce variability in data collection practices, requiring harmonised procedures and robust monitoring systems. Source data verification becomes an important mechanism to ensure that recorded information accurately reflects original medical records or observations.

Audit trails in electronic systems are essential to maintain traceability of changes. Any modification to clinical data must preserve the original entry, identify the individual making the change, and record the reason for the alteration.

Data cleaning and query resolution processes must be documented and controlled to ensure that corrections do not introduce bias. Statistical analysis relies on datasets that have been locked and verified, ensuring that results reflect pre-defined analysis plans rather than post hoc manipulation.

Patient safety reporting introduces additional integrity requirements. Adverse event data must be captured, assessed, and reported within defined timelines, ensuring that regulatory authorities receive accurate and complete safety information.

GMP Expectations by Phase

Good Manufacturing Practice applies to the production and control of medicinal products and other regulated goods. Data integrity in GMP environments directly impacts product quality and batch release decisions.

During early development manufacturing, processes may still be evolving, but documentation of batch production records, material traceability, and equipment usage remains essential. Data must demonstrate how materials were produced and under what conditions.

As processes mature into validated commercial manufacturing, expectations increase significantly. Critical process parameters must be defined, controlled, and recorded. Deviations from established ranges require investigation and documented justification.

Analytical testing data used for batch release must be generated using validated methods and recorded in controlled systems. Any electronic data systems used in manufacturing or quality control must include appropriate access controls, audit trails, and data backup mechanisms.

Change control systems ensure that modifications to processes, equipment, or materials are assessed for potential impact on product quality and data integrity before implementation. Batch release decisions depend on complete and accurate review of all associated manufacturing and testing data.

Transition Points and Hybrid Environments

Life science organisations often operate in hybrid environments where GLP, GCP, and GMP activities coexist. Early-stage companies may conduct preclinical studies while also preparing for clinical trials or pilot manufacturing.

Transition points between phases represent areas of increased risk for data integrity issues. Moving from exploratory research to regulated studies requires formalisation of documentation practices, system validation, and procedural control. Similarly, transitioning from clinical development to commercial manufacturing introduces stricter expectations for process validation and data lifecycle management.

At these transition points, systems must evolve without disrupting continuity of evidence. Historical data must remain traceable and usable, even as new systems are introduced. Bridging strategies are often required to maintain integrity across legacy and current platforms.

Systems Supporting Evidence Integrity

Robust data integrity depends on underlying systems rather than isolated procedures. Document control ensures that only approved versions of protocols, specifications, and procedures are in use. Training systems ensure that personnel understand and consistently apply requirements relevant to their roles.

Electronic systems must be validated to ensure they perform as intended. This includes access control, audit trail functionality, data storage reliability, and system security. Where paper records are used, controls must ensure legibility, retention, and protection from unauthorised changes.

Investigation systems are essential for managing deviations, unexpected results, and data discrepancies. Each investigation must assess root cause, evaluate impact on data integrity, and define corrective and preventive actions.

Quality management systems provide oversight through internal audits, management review, and continuous improvement processes. These mechanisms ensure that data integrity is maintained not only at the point of generation but throughout the entire lifecycle of the data.

Common Failure Modes and Controls

Data integrity failures often arise from inadequate system design rather than intentional misconduct. Common issues include incomplete documentation, uncontrolled spreadsheets, insufficient audit trails, and unclear data ownership.

Another frequent failure mode involves delayed recording of results, which can lead to transcription errors or loss of contextual information. Weak system validation can also result in data being altered without traceability.

Controls must therefore be both technical and procedural. Technical controls include validated systems, secure access, and automated audit trails. Procedural controls include clear SOPs, training, and periodic review of compliance.

A strong quality culture reinforces the expectation that data integrity is a shared responsibility across scientific, clinical, and manufacturing functions.

Conclusion

Evidence and data integrity expectations evolve progressively across GLP, GCP, and GMP environments, reflecting the increasing regulatory and patient impact of the data being generated. While early-stage research may rely on flexible systems, later stages demand rigorous controls that ensure full traceability, accuracy, and accountability.

The fundamental principle remains consistent across all phases: data must be reliable enough to support scientific conclusions, regulatory decisions, and product quality assurance. Organisations that embed data integrity principles early and adapt them appropriately through each development phase establish a stable foundation for regulatory success and sustainable innovation.

Back to Blog