Pharmaceutical Data Integrity and ALCOA+ Compliance Audit Checklist
Data integrity failures are a primary driver of FDA warning letters, import alerts, and consent decrees. This audit systematically assesses data integrity controls across paper-based and electronic systems against ALCOA+ principles and regulatory expectations.
- Industry: Pharmaceutical
- Frequency: Annual / Pre-Regulatory Inspection
- Estimated Time: 60-90 minutes
- Role: QA Manager / IT Compliance Manager
- Total Items: 33
- Compliance: FDA Data Integrity and Compliance with CGMP Guidance (2018), MHRA Guidance on GMP Data Integrity (2018), WHO Guidance on Good Data and Record Management Practices (2016), EU GMP Annex 11 Computerised Systems, FDA 21 CFR Part 11 Electronic Records Electronic Signatures
ALCOA stands for Attributable, Legible, Contemporaneous, Original, and Accurate. ALCOA+ adds Complete, Consistent, Enduring, and Available. Under the FDA Data Integrity and Compliance with CGMP Guidance (December 2018) and MHRA GMP Data Integrity Guidance (March 2018), pharmaceutical manufacturers must ensure all GMP records satisfy these principles. Data integrity failures are a leading cause of FDA warning letters, import alerts, and consent decrees.
Primary regulatory references: FDA Data Integrity and Compliance with CGMP Guidance (December 2018); MHRA Guidance on GMP Data Integrity (March 2018); WHO Guidance on Good Data and Record Management Practices, WHO TRS 996 (2016); EU GMP Annex 11 Computerised Systems; FDA 21 CFR Part 11 Electronic Records and Electronic Signatures.
ALCOA+ Principles Assessment
Verify data meets ALCOA+ requirements.
- All data entries attributable to individual responsible for the action?
- All records legible and permanently recorded in indelible ink or electronic format?
- Data recorded at the time the activity was performed (no backdating)?
- Original data preserved and not transcribed without retention of original?
- Data accurately reflects the actual observations and is not manipulated?
- Complete data set including all raw data, anomalies, and excluded data documented?
Electronic System Controls
Verify electronic system data integrity controls.
- Audit trails enabled and active for all GMP electronic systems?
- Audit trails regularly reviewed and part of batch record review?
- All users have unique individual logins - no shared accounts?
- Access control matrix with role-based permissions documented and enforced?
- Former employee and contractor accounts deactivated promptly?
- Laboratory instrument computers not accessible to users with local administrator rights?
Paper Record Controls
Verify paper record data integrity.
- All corrections made correctly: single line strikethrough, initials, date, reason?
- No use of correction fluid (Wite-Out), overwriting, or obliterating original entries?
- No data recorded in pencil in batch records or laboratory notebooks?
- Controlled forms used with version number and effective date?
- No loose paper records or Post-it notes with data not attached to formal record?
Raw Data and Retention
Verify raw data availability and retention.
- All raw data (chromatograms, spectroscopy data, instrument printouts) retained?
- No evidence of data deletion or audit trail clearing in electronic systems?
- Regular backup of electronic data with tested restoration?
- Data retention schedule compliant with regulatory requirements (minimum per 21 CFR 211.68)?
- Archived records retrievable within required timeframe?
Laboratory Data Integrity
Assess QC laboratory data integrity controls.
- QC results reviewed by second person before reporting?
- No evidence of testing into compliance (excessive repeat testing until in-spec)?
- All OOS investigations properly documented including all test data?
- All analysts qualified for tests they perform?
- Sample chain of custody documented from receipt through disposal?
Management Oversight and Culture
Assess data integrity culture and management oversight.
- All relevant personnel trained on data integrity expectations and consequences?
- Data integrity policy in place with clear expectations and escalation path?
- Mechanism for anonymous reporting of data integrity concerns?
- Data integrity metrics reviewed at management review?
- Periodic data integrity audit conducted by QA or independent party?
- Data integrity included in self-inspection program?
Related Pharmaceutical Life Sciences Checklists
- CAPA Review and Effectiveness Verification Checklist
- Pharmaceutical Deviation and Non-Conformance Investigation Checklist
- Pharmaceutical Data Integrity and ALCOA Plus Compliance Checklist
- Pharmaceutical Change Control Review and Approval Checklist
- Pharmaceutical Daily Manufacturing Area Inspection Checklist
- Active Pharmaceutical Ingredient (API) Manufacturing Inspection Checklist
- Pharmaceutical QC Laboratory Inspection Checklist
- Pharmaceutical Microbiological Contamination Testing Checklist
Related Quality Systems Checklists
- Pharmaceutical CAPA Review and Effectiveness Check Checklist - FREE Download
- CAPA Review and Effectiveness Verification Checklist - FREE Download
- Pharmaceutical Deviation and Non-Conformance Investigation Checklist - FREE Download
- Pharmaceutical Data Integrity and ALCOA Plus Compliance Checklist - FREE Download
- Pharmaceutical Change Control Review and Approval Checklist - FREE Download
Why Use This Pharmaceutical Data Integrity and ALCOA+ Compliance Audit Checklist?
This pharmaceutical data integrity and alcoa+ compliance audit checklist helps pharmaceutical teams maintain compliance and operational excellence. Designed for qa manager / it compliance manager professionals, this checklist covers 33 critical inspection points across 6 sections. Recommended frequency: annual / pre-regulatory inspection.
Ensures compliance with FDA Data Integrity and Compliance with CGMP Guidance (2018), MHRA Guidance on GMP Data Integrity (2018), WHO Guidance on Good Data and Record Management Practices (2016), EU GMP Annex 11 Computerised Systems, FDA 21 CFR Part 11 Electronic Records Electronic Signatures. Regulatory-aligned for audit readiness and inspection documentation.
Frequently Asked Questions
What does the Pharmaceutical Data Integrity and ALCOA+ Compliance Audit Checklist cover?
This checklist covers 33 inspection items across 6 sections: ALCOA+ Principles Assessment, Electronic System Controls, Paper Record Controls, Raw Data and Retention, Laboratory Data Integrity, Management Oversight and Culture. It is designed for pharmaceutical operations and compliance.
How often should this checklist be completed?
This checklist should be completed annual / pre-regulatory inspection. Each completion takes approximately 60-90 minutes.
Who should use this Pharmaceutical Data Integrity and ALCOA+ Compliance Audit Checklist?
This checklist is designed for QA Manager / IT Compliance Manager professionals in the pharmaceutical industry. It can be used for self-assessments, team audits, and regulatory compliance documentation.
Can I download this checklist as a PDF?
Yes, this checklist is available as a free PDF download. You can also use it digitally in the POPProbe mobile app for real-time data capture, photo documentation, and automatic reporting.
What are the ALCOA+ data integrity principles?
ALCOA+ is a framework for pharmaceutical data integrity: Attributable (who collected the data and when), Legible (readable throughout its retention period), Contemporaneous (recorded at the time of activity), Original (first-capture data, not a transcription), and Accurate (free from errors and reflective of the actual observation). The ALCOA+ extensions add Complete (all data including reanalysis), Consistent (all elements in chronological order), Enduring (recorded in durable medium for the required retention period), and Available (accessible for review and inspection). FDA, MHRA, WHO, and EU GMP Annex 11 all use the ALCOA+ framework as the basis for data integrity assessment.
What does FDA 21 CFR Part 11 require for pharmaceutical electronic records?
FDA 21 CFR Part 11 requires that electronic records be accurate, reliable, and protected from unauthorized access and alteration. Closed systems must have authority checks, device checks, and time-stamped audit trails capturing the date, time, operator, and nature of any change. Electronic signatures must be unique to the individual and linked to the electronic record. Systems must be validated per 21 CFR Part 211.68 to ensure accuracy and reliability. The regulation applies to records required under FDA predicate rules (21 CFR Parts 210-211, 820) when created, modified, maintained, archived, retrieved, or transmitted in electronic form.
What data integrity violations lead to FDA warning letters?
FDA warning letters for data integrity violations commonly cite: backdating or pre-dating of GMP records; deletion or overwriting of original data without a complete audit trail; out-of-specification results followed by retesting without investigation; shared login credentials making data entries unattributable; computerized systems lacking access controls or Part 11-compliant audit trails; and paper records altered with correction fluid without the original entry preserved. The FDA Data Integrity and Compliance with CGMP Guidance (2018) is the framework FDA investigators apply during inspections.