FDA draft guidance on Data Integrity – 18 Questions & Answers

On April 14th 2016 U.S. Food and Drug Administration published a draft guidance for comments on Data Integrity: Data Integrity and Compliance With Current Good Manufacturing Practice Guidance for Industry. The draft guidance is a question & answer document, raising 18 questions regarding data integrity and provides FDA’s current thinking about the role of data integrity in current good manufacturing practice (CGMP) for drugs, as required in 21 CFR parts 210, 211, and 212. As stated in the introduction section, “FDA expects that data be reliable and accurate”. According to the guidance document, FDA expects firms to “implement meaningful and effective strategies to manage their data integrity risks based upon their process understanding and knowledge management of technologies and business models.”

With the 18 questions and answers the guidance document provides a good overview on data integrity, FDA’s view on data integrity and how the FDA expects data integrity to be implemented. The first important answers that the documents gives, are for the questions:

  • What is data integrity? and
  • What is metadata?

FDA refers to the ALCOA principle, an acronym that was introduced by the FDA themselves and already used for years in many industry presentations. In this guidance document FDA not only explains the acronym ALCOA, standing for

A ttributable,
L egible,
C ontemporaneously recorded,
O riginal or a true copy, and
A ccurate.

They also providing guidances for the regulatory sources, i.e. “for attributable, see §§ 211.101(d), 211.122, 211.186, 211.188(b)(11), and 212.50(c)(10); for legible see §§ 211.180(e) and 212.110(b); for contemporaneously recorded (at the time of performance) see §§ 211.100(b) and 211.160(a); for original or a true copy see §§ 211.180 and 211.194(a); and for accurate see §§ 211.22(a), 211.68, 211.188, and 212.60(g)”.

Other questions that are answered by the draft guidance are:

  • When is it permissible to exclude CGMP data from decision making?
  • Does each workflow on our computer system need to be validated?
  • How should access to CGMP computer systems be restricted?
  • Why is FDA concerned with the use of shared login accounts for computer systems?
  • How should blank forms be controlled?
  • How often should audit trails be reviewed?
  • Who should review audit trails?
  • Can electronic copies be used as accurate reproductions of paper or electronic records?
  • Is it acceptable to retain paper printouts or static records instead of original electronic records from stand-alone computerized laboratory instruments, such as an FT-IR instrument?
  • Can electronic signatures be used instead of handwritten signatures for master production and control records?
  • When does electronic data become a CGMP record?
  • Why has the FDA cited use of actual samples during “system suitability” or test, prep, or equilibration runs in warning letters?
  • Is it acceptable to only save the final results from reprocessed laboratory chromatography?
  • Can an internal tip regarding a quality issue, such as potential data falsification, be handled informally outside of the documented CGMP quality system?
  • Should personnel be trained in detecting data integrity issues as part of a routine CGMP training program?
  • Is the FDA investigator allowed to look at my electronic records?
  • How does FDA recommend data integrity problems identified during inspections, in warning letters, or in other regulatory actions be addressed?

The document is a good source when looking for answers for a data integrity implementation, respectively for assessing if a firms quality systems has the right measures and procedures in pace to comply with FDA’s expectations regarding data integrity. We will publish more articles soon that will comment the draft guidance and provide details regarding the impact on data integrity implementation. For example, we will comment on the issue how electronic batch recording systems like MES are impacted by this guidance document.

The document has been published for comments that can be submitted within 60 days after publication. It can be downloaded from the FDA website: http://www.fda.gov/ucm/groups/fdagov-public/@fdagov-drugs-gen/documents/document/ucm495891.pdf


  1. KS Lam on 18. May 2016 at 5:18

    Thanks very much for your article.
    In the guidance, it specifies 21 CFR parts 210, 211, and 212. Part 210 but no mention of ICH Q7 for Active Pharmaceutical Ingredient. My question is ” Can API manufacturer use this guidance as a point of argument with FDA on the citations of data integrity after inspection?

    • hgp on 18. May 2016 at 11:34

      Dear KS Lam,

      ICH Q7 (GMP for APIs) was developed in accordance with the ICH process and therefore was subject to consultation by the regulatory parties. ICH Q7 was adopted by the participating ICH regulatory bodies of the European Union, Japan, and the United States. It therefore, has international adoption and acceptance, including the FDA.

      FDA considers ICH Q7 to be the equivalent of with a “guidance” document. FDA guidance documents explain FDA’s interpretation of laws and regulations, describing acceptable means and methods that would comply with the law and that may be considered best practices. Although guidance documents are not legally binding, following them is highly recommended. However as ICH Q7 is considered as a guidance document, FDA does not enforce the guidance provided by ICH Q7 nor will it cite deviations from this guidance document during an inspection.

      For finished pharmaceuticals, the GMP requirements are obvious (21 CFR 210/211), however FDA has not established GMP regulations for APIs. Nevertheless, APIs must meet the provisions of the law and be manufactured in conformance with GMP as stated by thee Federal Food, Drug and Cosmetic Act. As there is no explicit law regarding GMP for APIs, ICH Q7 is considered best practice GMP for API manufacturing.

Leave a Comment