Data Integrity & ALCOA++ principles in GxP continuous monitoring

Data Integrity and ALCOA++ in continuous monitoring systems
Paul Daniel, Senior Regulatory Compliance Expert
Paul Daniel
Senior GxP Regulatory Expert
Published:
Life Science

In our recent webinar “GxP data integrity: What you don't know may make you non-compliant” we received many questions. Vaisala Senior GxP Regulations expert Paul Daniel has answered all questions by email, but here we share a few of his answers in blog form. In this blog, we will focus on questions related to ALCOA. The acronym stands for Attributable, Legible, Contemporaneous, Original, Accurate. Later, the European Medicines Agency (EMA) added four more items that focus more on data management: Complete, Consistent, Enduring and Available. Rather than change the acronym to ALCOACCEA, we now use ALCOA++.

But how does ALCOA++ relate to data integrity? Here we refer to the definition of data integrity in the FDA 2018 document “Data Integrity and Compliance With Drug CGMP Questions and Answers Guidance for Industry

What is “data integrity”?
For the purposes of this guidance, data integrity refers to the completeness, consistency, and accuracy of data. Complete, consistent, and accurate data should be attributable, legible, contemporaneously recorded, original or a true copy, and accurate (ALCOA).

Question: What are the requirements for electronic signature to comply with ALCOA principle?

Paul Daniel: This sounds like a big question, but in regard to monitoring systems, the answer is fairly straightforward. A monitoring system is a specialized system, unlike a classic automation system, it does few things: record, monitor, alarm. A monitoring system involves a physical network of monitoring sensors. 

Electronic Signature, as a function of a program, is another computer system. To ensure it does what it is intended to do, an electronic signature system needs a way of verifying device identity. In addition, its important that users understand that their electronic signature is as legal and binding as any paper signature. So, I would expect that standard data integrity controls for electronic records would suffice, with a little extra emphasis on A for Attributable. Having said all that, I need to qualify my statements because I do not specialize in Electronic Signature controls, so I recommend that you consult some other sources as you put together your Data Integrity controls for a system with Electronic Signature capabilities.

Question: In the webinar, I think you missed the TRACEABLE requirement from the new GLP.

Paul Daniel: Yes, thank you! You are correct that Traceable is the newest addition to the acronym ALCOA, now ALCOA++ as of 2021. The only publication where I have seen this specifically added is in a 2021 draft guideline from the EMA intended for clinical trials, though there may be something more recent.  From that document:

Data integrity is achieved when data (irrespective of media) are collected and maintained in a secure manner, to fulfil the ALCOA++ principles of being attributable, legible, contemporaneous, original, accurate, complete, consistent, enduring and traceable as described in section 4.5 in order for the data to adequately support robust results and good decision making throughout the data life cycle. Assuring data integrity requires appropriate quality and risk management systems as described in section 4.6., including adherence to sound scientific principles and good documentation practices.

Good Laboratory Practice (GLP) is likely the most sensitive area of GxP in regard to data integrity. This makes sense because a great deal of raw data is collected and analyzed or interpreted to give usable final data and results. 

I did not mention traceability independently in the webinar, because when I used the Vaisala viewLinc monitoring system as an example, most of the elements of traceability are covered under Attributable and Contemporaneous. In monitoring applications, it is important to know when and where the data was collected (time and device ID). But once the data is in the viewLinc database, it is protected from any future changes. 

I decided to leave out Traceability as an independent item for data integrity in a Monitoring System. I hope you forgive this choice. 

Here is a round up of links that refer to ALCOA and ALCOA++ 

21 CFR Part 11 Learning module

In this learning module "Understanding 21 CFR Part 11 & Annex 11 we provide several ways to learn about the "elevens" as they pertain to continuous monitoring systems.

  • On-demand Webinar: CMS Compliance with Part 11 and Annex 11 - Easier than you think 
  • 21 CFR Part 11 Application Note
  • Annex 11 Application Note

Start learning

Add new comment