The Vital Role of ALCOA Principles in Data Integrity for Life Sciences


Data integrity is central to the safe development and manufacturing of every life-science product on the market today. That’s why ALCOA  principles are embedded in the regulation and should be built into the QMS tools that support all your design, development and manufacturing decision-making. But what are they? 

Why is data integrity so important in life science development? 

Pharma developers rely on the accuracy of data to specify, design and manufacture their products effectively. Without reliable data they can’t make the right decisions around clinical effectiveness, or confidently assert that products have been tested properly and are safe for use. 

In the same way, if regulators are going to approve a medicine or medical device for launch, they need to have complete confidence that all the right design, testing and surveillance data has been gathered at the right time, by the right people in the right way. 

But how do we know that data has been gathered, recorded and stored appropriately? 

Step forward the data integrity principles known as ALCOA. 

Download our guide to GxP compliance

What does ALCOA stand for? 

This acronym was first coined by Stan W. Woollen at the FDA’s Office of Enforcement in the 1990s​​ and has been referred to in FDA and GxP guidelines around the world ever since. 

The principles of data integrity are summed up in the acronym ALCOA. which asks organisations to ensure that key pieces of data (such as the results of clinical studies and product batch testing) are always: 

  • Attributable: Data must clearly show who generated it and when, ensuring responsibility and traceability.
  • Legible: Data should be readable and understandable to anyone who accesses it, maintaining clarity over time. 
  • Contemporaneous: Documentation should occur at the time the activity is performed to preserve accuracy. 
  • Original: The first record of data, or source data, is prioritised for its authenticity and reliability. 
  • Accurate: Data must correctly reflect what was observed or performed, free from errors or alterations.

Applying ALCOA principles to record keeping, through a digital document control system, is a key way that many businesses seek to automate and animate their data integrity practices. 

Where does the term ALCOA appear in the regulation? 

The term ALCOA itself does not appear explicitly in the text of FDA regulation.

Instead, the principles of ALCOA are embedded within the regulations and guidelines established by regulatory bodies such as the U.S. Food and Drug Administration (FDA), the European Medicines Agency (EMA), the UK Medicines & Healthcare products Regulatory Agency (MHRA and the International Council for Harmonisation of Technical Requirements for Pharmaceuticals for Human Use (ICH).  

These principles are critical for compliance with Good Clinical Practice (GCP), Good Laboratory Practice (GLP), and Good Manufacturing Practice (GMP) standards, which dictate how data should be recorded and maintained throughout the product lifecycle to ensure its integrity.  

What does ALCOA-C stand for? 

But since ALCOA was originally conceived, a few other principles have been added. These additions are encapsulated in the expanded acronyms ALCOA - C (aka ALCOA ++).  

They further strengthen the framework for data integrity by ensuring that data is not only accurate and reliable at the point of creation but also maintained through its lifecycle in a way that supports auditability, traceability, and compliance with regulatory standards.   

  • Complete: All data, including any related or supporting information, must be complete. This includes all records, such as original observations, calculations, and derived data, along with the metadata necessary to reconstruct clinical studies. 
  • Consistent: All data must be recorded chronologically and reflect the sequence of activities. This ensures that the data timeline is logical and that any amendments or corrections are clearly documented. 
  • Enduring: Data should be recorded on a medium that preserves its integrity, quality, and readability over time, ensuring that it remains available and retrievable for the period required by regulatory requirements. 
  • Available: Data, once created, must be easily accessible for review, audit, or inspection purposes over its lifetime. 

It is, perhaps, no coincidence that these principles were developed post 1990s as the potential for computerised record keeping was becoming more widespread and the complexity of medical device development was on the rise. 

Across long multi-year product cycles, the need to index and organise record keeping in a faster and more comprehensive way was becoming more intense. 

Companies who wanted to live by these principles and ensure they were making them part of the ‘way they do things’ would, more and more, be looking for ways to digitise and automate compliant data handling. 

Download our guide to digital document control for medical device developers

What are the barriers to digitisation of data integrity? 

But despite the obvious benefits of digitisation of document management in terms of data integrity,  many scaling pharma and life science companies still work in a very analogue way. For example, many are still adding handwritten research notes and study data to a growing mountain of paper files as they build their clinical trial data. 

This may be unsurprising as the alternative to a paper based approach can often be large and expensive Electronic Trial Master File (eTMF) software built for pharma giants. These, typically, cost a fortune and offer very little flexibility to organisations who are not the size of GSK. 

Is there another way? 

But it doesn’t have to be like this, More flexible document control software is in the market that can offer a digital frame-work for smaller organisations to live by the principles of ALCOA in their record keeping, without the huge price tag. 

Within a flexible, closed loop eQMS - document management tools like:

  • E-signatures 
  • Audit histories 
  • Automated version control  
  • Phase gated, approval workflows 
  • Bespoke form building 
  • Automatic indexing 

can all be used to automate and secure your compliance record keeping where it counts.   

For example, the Newcastle Cancer Centre Pharmacology Group (NCCPG), were able to move from paper to an electronic format for their clinical trial documentation - by using the tools available with the modular Cognidox eQMS: 

“From a GCP perspective every document now has a full audit trail that is updated in real time. You can always see what changes were made by whom. It gives you peace of mind that nothing can be changed without authorisation and audit trail - and auditors can see the complete history of your decision making as it happened“.

Julie Errington, Clinical Trials Analyst/Coordinator, NCCPG 

The NCCPG were able to build their own eTMF that met the ALCOA and GCP (Good Clinical Practice Guidelines in a flexible and cost-effective way. 

Data integrity is the lifeblood of life science development 

Throughout the life science product development cycle, regulation continually calls on developers to demonstrate they can prove when, where and by whom specific data was generated, checked and approved for use.   

Data is collected throughout every stage of the product lifecycle as you: 

  • Identify the need for a product.
  • Research and model the efficacy of a potential solution.
  • Specify a product for manufacture (designs, bills of materials etc.
  • Calibrate and validate manufacturing equipment.
  • Validate a product’s efficacy once manufactured.
  • Report on results of clinical testing.  
  • Record results of batch testing.
  • Monitor a product’s impact in the market.

Proving traceability in all these areas ensures that the risk of error is controlled; that nonconformities can always be identified and corrected. It gives complete transparency around your decision-making process that auditors can scrutinise and understand. Not only this, but it allows you to rapidly trace the source of mistakes when they occur. It gives you the information you need to take corrective and preventive action to control future risk more effectively, and improve your process going forward. 

But data governance levels should be commensurate with risk 

As the data integrity guidelines written by the MHRA assert:

“Organisations are not expected to implement a forensic approach to data checking on a routine basis. Systems should maintain appropriate levels of control whilst wider data governance measures should ensure that periodic audits can detect opportunities for data integrity failures within the organisation’s systems.” 

The ability to apply the right data controls to specific areas of your QMS is very important. Having the flexibility to create the most robust workflows when it matters and to collaborate more freely at other times, can help you maintain the velocity of your projects where it counts.

Making the principles of data integrity ‘the way you do things’ 

In their excellent three-part blog on data integrity, the MHRA points out that ensuring accuracy and traceability in record-keeping, is really only possible when documentation procedures are followed consistently.

The MHRA quote Aristotle to make their point:

“We are what we repeatedly do. Excellence, then, is not an act but a habit”. 

Digital tools that automatically record who uploaded data and when, along with workflows that ensure the right reviews and approvals are gathered at the right time, are all part of the toolkit that can build the required traceability into the way we work when it matters most 

Applying the ALOCA principles to records and documents with digital document control tools allows you to demonstrate you have all the checks and guardrails in place that make individuals and your entire organisation accountable for their actions.  

The best eQMS systems turn what could be a laboured box-ticking compliance exercise into the  habitual support of data integrity. 

A comprehensive guide to GxP compliance

Tags: Quality Management System, Compliance

Joe Byrne

Written by Joe Byrne

Joe Byrne is the CEO of Cognidox. With a career spanning medical device start-ups and fortune 500 companies, Joe has over 25 years of experience in the medical device and high-tech product development industries. With extensive experience in scaling businesses, process improvement, quality, medical devices and product development, Joe is a regular contributor to the Cognidox DMS Insights blog where he shares expertise on scaling and streamlining the entire product development cycle, empowering enterprises to achieve governance, compliance, and rigour.

Related Posts

10 Steps for Seamless EQMS Data Migration

Transferring data to a new electronic Quality Management System (eQMS) can seem like a daunting ...

Mastering Non-Conformance Reports: A Guide for Quality Management

How do you log and deal with non-conformities so that faulty products don't end up in the hands of ...

Navigating UKCA Marking for Medical Devices: What You Need to Know

Post-Brexit, there is still confusion about the future use of the UKCA (UK Conformity Assessed) ...

5 Steps to a Robust Corrective Action Process

It’s the job of your corrective action process to identify and eliminate the systemic issues that ...

5 Challenges in Building a Pharmacovigilance System Master File

Managing the integrity and accessibility of a PSMF (Pharmacovigilance System Master File) is a key ...