Data integrity refers to the accuracy, completeness and consistency of GxP data over its entire lifecycle. 

The steps that need to be overseen include the initial generation and recording, the processing, the outcome/use, the retention, retrieval, archive and finally the destruction. 

Data integrity means that all the steps defined above are well managed, controlled and documented and therefore the records of the activities follow the ALCOA principles. 


The target for data integrity audits is to find, should it exist, data or relevant metadata that may not be apparent to those involved in the final product disposition decision. 

This includes data that has been deleted, reprocessed, injected as test/trial samples, or resides outside of the review during the final batch disposition. 

Using a term borrowed from the technology sector, such data is referred to as orphan data.


A good strategy in preparing for the audit is to identify the intersection of “opportunity” and “motivation.” 

Opportunities that can allow for breaches in data integrity should be identified review of existing system controls and requirements designed to prevent and preclude such issues.

Motivations to breach data integrity tenets come in a variety of forms. 

Identifying and recognizing these potential inadequacies allows auditors to target the audit on a high risk data set. 

Good starting places for high risk targets are OOS and stability systems. 


Execution of the audit is the most important aspect of the process. 

Use the following CKECKLIST as a template from which to build out your own data integrity audit activities.

  • Does your company maintain a sinature log for employees work in GMP area?
  • Are your staffs are trained in good documentation practice?
  • Does your company use unique signature login for electronic signature?
  • Does the system can identify and record the person releasing or certifying the batches?
  • Are any control in place to ensure data is recorded using permanent, indelible ink?
  • Is the use of pencils, erasures and correction fluid prohibited?
  • Is your electronic data checked periodically?
  • Are secondary checks available to check the critical data?
  • Are original records readily available for inspection?
  • Is there a controlled and secure area for archiving of records?


During the final phase of the audit, document all problematic and/or questionable conditions discovered. 

Never definitively conclude that data integrity breaches don't exist just because nothing was discovered. 


The existence and impact of orphan data and impact thereof must be addressed to include the evaluation of such data for OOS results. Additionally, further action may include reporting through the Field Alert Reporting (FAR) system or Biological Process Deviation Report (BPDR) and/or recall assessment. 

Retrospective assessment of broader datasets may be appropriate when conditions are found that allow for additional orphan data; 

any new orphan data will need to be evaluated as described above.


Once the data assessment is complete, a CAPA plan should  include consideration for interim controls. 

A data integrity improvement map is also a useful tool to illustrate the progression of improvements and controls over the course of time.