In the context of Good Manufacturing Practice (GMP), data integrity is not just a quality expectation—it’s a regulatory requirement. Regulatory authorities such as the MHRA, EMA, and FDA have made it clear that data must be trustworthy, complete, and verifiable throughout the product lifecycle. As a result, GMP inspectors are placing increasing emphasis on data integrity during inspections.
Understanding what inspectors are looking for—and how to prepare—can make all the difference between a successful audit and a critical finding.
What Is Data Integrity?
Data integrity refers to the accuracy, consistency, and reliability of data. In a GMP environment, this applies to both paper-based and electronic records used in the manufacture, testing, packaging, and distribution of medicinal products.
To guide their expectations, inspectors often refer to the ALCOA+ principles, which state that data must be:
- Attributable
- Legible
- Contemporaneous
- Original
- Accurate
And also:
- Complete
- Consistent
- Enduring
- Available
Key Focus Areas for GMP Inspectors
1. Audit Trails and Electronic Systems
Inspectors closely examine the configuration and use of electronic systems. They expect to see complete audit trails that cannot be altered or deleted and that clearly document who performed an action and when. Systems should prevent unauthorised changes and provide a clear record of all activities.
2. Access Controls and User Management
Data must be protected from unauthorised access. Inspectors will review how user accounts are created, managed, and deactivated, and whether roles and permissions are appropriately segregated. Shared login credentials are a major red flag.
3. Paper Record Controls
Even in largely electronic environments, paper records still exist and must be managed. Inspectors look for proper documentation practices—no unauthorised corrections, no missing pages, and full traceability of data entries.
4. Data Review Processes
It’s not enough to simply generate data; it must be reviewed and verified. Inspectors assess whether second-person reviews are effective, whether discrepancies are followed up, and whether quality decisions are based on verified data.
5. Training and Culture
GMP inspectors often probe beyond SOPs to assess whether staff understand the importance of data integrity and are trained to maintain it. A “tick-box” culture with minimal understanding of the risks can result in serious observations.
6. Risk-Based Approach to Data Integrity
Inspectors expect organisations to have conducted data integrity risk assessments and implemented mitigation measures proportionate to the risk. This includes system validation, procedure updates, and ongoing monitoring.
Preparing for Inspection: Best Practices
- Ensure all systems—electronic and paper-based—are covered by validated procedures
- Maintain clear audit trails and restrict user access appropriately
- Conduct internal audits focused on data integrity gaps
- Regularly train staff on data integrity principles and real-life examples
- Establish a culture of accountability and quality ownership
How Q&V Can Help
At Q&V, we assist pharmaceutical manufacturers in assessing and enhancing their data integrity framework. From conducting gap analyses and mock inspections to supporting remediation plans, our experts help you meet and exceed regulatory expectations. With our support, you can approach your next GMP inspection with confidence and clarity.
Worried about your data integrity controls? Contact Q&V for tailored support and guidance.