All You Need to Know About Data Integrity Management System.

What is data integrity management system


In this article, you will learn about the Data Integrity Management System and ALCOA as per FDA requirements.

The term “data integrity” means the degree to which data are complete, consistent, accurate, trustworthy, and reliable and that these characteristics of the data are maintained to support the quality of drug products throughout their lifecycle from the point of development through commercialization.

Data integrity can be compromised in different ways. Every time data is replicated or transferred, it should remain intact and unaltered between updates.

Error checking methods and validation procedures are typically relied on to ensure the integrity of data that is transferred or reproduced without the intention of alteration.

It is an endless journey of continuous monitoring and verification process. It describes measures used to ensure the validity and accuracy of a data set or all data contained in a database or other construct.

For instance, error checking and validation methods may be referred to as examples of data integrity processes.

Several references and guidelines exist for data integrity such as PDA Technical Report 80 which establishes laboratory data management practices and others as HIPAA, GDPR (General Data Protection Regulation), etc.

The intent of the PDA Technical Report 80 is to outline regulatory requirements and expectations, along with best industry practices, to highlight common gaps in Data Integrity Management System for Pharmaceutical Laboratories, and to recommend methods of remediation.

It summarizes the risks and the best practices, including audit approaches, that can be utilized to develop a robust data integrity management system for laboratory settings with both manual and electronic processes that firms can follow to achieve compliance and mitigate risks.

The scope of the PDA Technical Report 80 focuses on the management of data integrity within pharmaceutical quality control analytical and microbiology laboratories and is also applicable to analytical development and R&D laboratories. It provides the framework and tools necessary to establish a robust data integrity management system to ensure data integrity for paper, hybrid, and computerized systems within the laboratory.

It includes the maintenance and audit trail of the data over its entire life-cycle and is a critical aspect to the design, implementation, and usage of any system which stores, processes, or retrieves data.

ALCOA Approach to Data Integrity

ALCOA is used by regulated industries to evaluate its compliance with data integrity and is essential to ensuring Document Control Management (DCM) and Good Documentation Practices (GDPs).

ALCOA stands for;

  • Attributable,
  • Legible,
  • Contemporaneous,
  • Original,
  • Accurate

ALCOA applies to paper and electronic data.  For more information about ALCOA for electronic records, press here.

For answers to frequent questions about Data Integrity and Compliance With Drug CGMP Guidance for Industry, press here.

Data Validation Pre-requisites to Data Integrity.

Data integrity is contrary to data corruption.

The overall intent of any data integrity technique is the same: ensure data is recorded exactly as upon later retrieval, ensure the data is the same as it was when it was originally recorded.

It considers how well your systems prevent intentional or unintentional changes to information.

Data integrity is not to be confused with data security, the discipline of protecting data from unauthorized parties.

In the United States, the HIPAA Privacy Rule (Health Insurance Portability and Accountability Act of 1996) establishes national standards to protect health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically.

The HIPAA Privacy Rule is composed of national regulations for the use and disclosure of Protected Health Information (PHI) in healthcare treatment, payment, and operations by covered entities.

Other data integrity involves the safety of data in regards to regulatory compliance — such as GDPR (General Data Protection Regulation) compliance — and security.

The General Data Protection Regulation is a law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas.

It ensures the confidence, trust, and accuracy of the information in terms of recoverability and searchability, traceability, and connectivity

When the integrity of data is secure, the information stored in a database will remain complete, accurate, and reliable no matter how long it’s stored or how often it’s accessed. Data integrity also ensures that your data is safe from any outside forces.

Some best practices include input validation to preclude the entering of invalid data, error detection/data validation to identify errors in data transmission, and security measures such as data loss prevention, access control, data encryption, and more.

Types of Data Integrity

There are two types of data integrity: physical integrity and logical integrity. Both are a collection of processes and methods that enforce in both hierarchical and relational databases.

Physical integrity

Physical integrity is the protection of data’s wholeness and accuracy as it’s stored and retrieved. When natural disasters strike, power goes out, or hackers disrupt database functions, physical integrity is compromised. Human error, storage erosion, and a host of other issues can also make it impossible for data processing managers, system programmers, applications programmers, and internal auditors to obtain accurate data.

Logical integrity

Logical integrity keeps data unchanged as it’s used in different ways in a relational database. Logical integrity protects data from human error and hackers as well, but in a much different way than physical integrity does. There are four types of logical integrity.

 Entity integrity

Entity integrity relies on the creation of primary keys, or unique values that identify pieces of data, to ensure that data isn’t listed more than once and that no field in a table is null. It’s a feature of relational systems that store data in tables that can be linked and used in a variety of ways.

 Referential integrity

Referential integrity refers to the series of processes that make sure data is stored and used uniformly. Rules embedded into the database’s structure about how foreign keys are used ensure that only appropriate changes, additions, or deletions of data occur. Rules may include constraints that eliminate the entry of duplicate data, guarantee that data is accurate, and/or disallow the entry of data that doesn’t apply.

 Domain integrity

Domain integrity is the collection of processes that ensure the accuracy of each piece of data in a domain. In this context, a domain is a set of acceptable values that a column is allowed to contain. It can include constraints and other measures that limit the format, type, and amount of data entered.

User-defined integrity

User-defined integrity involves the rules and constraints created by the user to fit their particular needs. Sometimes entity, referential, and domain integrity aren’t enough to safeguard data. Often, specific business rules must be taken into account and incorporated into data integrity measures.

What data integrity isn’t

With so much talk about data integrity, it’s easy for the true meaning to be muddled. Often data security and data quality are incorrectly substituted for data integrity, but each term has a distinct meaning.

Data integrity is not data security

Data security is the collection of measures taken to keep data from getting corrupted. It incorporates the use of systems, processes, and procedures that keep data inaccessible to others who may use it in harmful or unintended ways. Breaches in data security may be small and easy to contain or large and cause significant damage.

While it is concerned with keeping the information intact and accurate for the entirety of its existence, the goal of data security is to protect information from outside attacks. Data security is but one of the many facets of data integrity. Data security is not broad enough to include the many processes necessary for keeping data unchanged over time.

Data integrity is not data quality

Does the data in your database meet company-defined standards and the needs of your business? Data quality answers these questions with an assortment of processes that measure your data’s age, relevance, accuracy, completeness, and reliability.

Much like data security, data quality is only a part of data integrity, but a crucial one. It encompasses every aspect of data quality and goes further by implementing an assortment of rules and processes that govern how data are entered, stored, transferred, and much more.

Data Integrity Risks

 There is an assortment of factors that can affect the integrity of the data stored in a database. A few examples include:

  • Human error: When individuals enter information incorrectly, duplicate or delete data, don’t follow the appropriate protocol, or make mistakes during the implementation of procedures meant to safeguard information, data integrity is put in jeopardy.
  • Transfer errors: When data can’t successfully transfer from one location in a database to another, a transfer error has occurred. Transfer errors happen when a piece of data is present in the destination table, but not in the source table in a relational database.
  • Bugs and viruses: Spyware, malware, and viruses are pieces of software that can invade a computer and alter, delete, or steal data.
  • Compromised hardware: Sudden computer or server crashes, and problems with how a computer or other device functions, are examples of significant failures and may be indications that your hardware is compromised. Compromised hardware may render data incorrectly or incompletely, limit or eliminate access to data, or make information hard to use.
  • Physical compromise to devices – Many malware are been affecting the intended use and operation of the electronic device firmware(s) to alter or affect the information.

Risks can easily be minimized or eliminated by doing the following:

  • Limiting access to data and changing permissions to restrict changes to information by unauthorized parties.
  • Validating data to make sure it’s correct both when it’s gathered and used.
  • Backing up data.
  • Using logs to keep track of when data is added, modified, or deleted.
  • Conducting regular internal audits.
  • Using error detection software.

Getting Started a Data Integrity Management System

Protecting the integrity of your company’s data using traditional methods can seem like an overwhelming task. Secure, cloud-based data integration platforms offer a modern alternative that provides a real-time view of all of your data. With industry-leading cloud integration tools, you can connect multiple source data applications and get access to all of your company’s data in one location.

At CIQA, we can help you in technological aspects of achieving Data Integrity as well as the regulations (FDA, PDA, etc) for achieving data integrity compliance.

ALCOA is used by regulated industries to evaluate its compliance with data integrity and is essential to ensuring Document Control Management (DCM) and Good Documentation Practices (GDPs).

ALCOA applies to paper and electronic data.  For more information about ALCOA for electronic records, press here.

For more information questions and answers about Data Integrity and Compliance With Drug CGMP Guidance for Industry press here.

brought to you by CIQA logo

CIQA is a quality and regulatory consultant with 25 years of experience developing products and managing projects in the medical device supply chain, and pharmaceutical industries. His experience includes research, product development, operations management, manufacturing engineering, equipment design, regulatory affairs, and quality assurance. Specific questions about Document Control Management DCM or quality system training can be directed to CIQA at


For more details on specific FDA expectations, follow us.

Quality procedures templates

Three (3) Options to Create Document Control Management DCM Procedures:

Bronze Option. You Can Create Your Own Quality Procedures, using a Template.

You can download samples of the Document Control Management DCM procedure templates in .pdf format. 

To see the complete list of the most popular quality procedures templates, click here.

In addition, you can request a quotation to buy online a full SOP template document in MS Word format that is completely editable, ready to fill, and adapt to your specific needs.

Silver Option. We Can Bring You a Formal Training on FDA ALCOA Guidance for Data Integrity.

This option is recommended if you want to learn more about how to build robust quality system procedures. One of our expert(s) can provide online step-by-step training to your team (unlimited assistance) on how to build reliable SOPs using our template(s). Also, you can improve your corporate quality procedures and policies by incorporating our template(s) and tools.  It includes a fully editable template from the Bronze option, plus training, exams, and a training certificate for each assistant.  Request a quote now.

Gold Option. We Can Create Customized Quality Procedures.

One of our expert(s) will create and prepare your customized SOPs with the inputs and specific information of your company. It includes a fully editable template from the Bronze option, plus online support in document creation, implementation, and training. Request a quote online.



For more information about Data Integrity, refer to:




QS Regulation and Guidance • Quality System Regulation and Preamble

Inspection Guide – Pages 8, 15, 21, 22 and 23

Guide to Inspections of Quality Systems [Quality System Inspection Technique (QSIT)]

Ramon Cayuela, MS, BS, Chemical Engineering

Ramon Cayuela, MS, BS, Chemical Engineering

CIQA President and CEO.
I've been working in validation engineering since 1992 with many multinational pharmaceutical companies. I love sharing my passion and knowledge with others. If you have any questions about anything (or just have general questions). I will be more than happy to assist you. You can count on the BEST customer service on CIQA. I go to great lengths to make sure my clients are 100% satisfied with their purchases and check emails/messages consistently throughout the day. You can rest assured that everything being sold here is as-described or your money back. I look forward to working with you!

Related Articles

Subscribe to get validation
news and free tips by email.

Need Additional Help?

Request for Quotation