ALCOA+ - what does it mean?
Recommendation
19-22 November 2024
with 7 Case Studies
Since data integrity has become a "hot topic" in the pharmaceutical industry, ALCOA+ has been cited as the ultimate reference. Nevertheless, the meaning and consequences of this acronym should be clearly understood, avoiding mistakes and shortcuts. Keep in mind that ALCOA+ criteria like the overall data integrity requirements cover equally paper, electronic as well as hybrid records, the following interpretation should be considered:
Attributable
Who acquired the data or performed an action and when?
Where - what system, what device, what sensor, etc. - does the data come from?
Legible and intelligible
Can you read and understand the data?
- Legible handwritten records
- Intelligible records, especially (but not only) for audit trail entries
Contemporaneous
Are data, observations, and activities timely recorded?
For paper records:
- The observation must be recorded at the observation time.
- The activity must be recorded at the execution time.
- The control of this requirement is particularly difficult and finally impossible at the time of the second person review since "paper is patient"!
For electronic records generated by a computer system the system architecture needs to be accurately reviewed ensuring that the data is effectively timestamped (incl. the time zone as appropriate) at the capture respectively creation time and not after standing in a queue for an undetermined period of time.
Original
This requirement is particularly versatile since it covers various contexts.
For paper records:
- Data is directly recorded on a controlled blank paper form.
- It is possible to accurately distinguish between the original record and a copy.
- If a paper or an electronic copy is required the copy is generated according to a formal process (in particular important when paper records shall be scanned for being retained or transmitted as a PDF document) ensuring that the copy has been formally verified, i.e. true copy resp. certified copy.
For copied electronic data: all essential metadata and the original record format [WHO]
- Attention shall be paid to ensure that the GxP relevant electronic data is properly and exhaustively identified and part of the copy process.
- Especially for electronic records, this requirement is very close to "complete data".
Accurate
Because "accurate" is a commonly used generic term, it is necessary to address its different meanings within the context of data integrity, in particular: correctness and precision.
Use of accurate (e.g. calibrated) and controlled data sources.
No errors or editing without documented amendments, i.e.:
- On paper, application of the good documentation practice in case of correction
- When electronic data required to be modified, it must be documented using audit trail entries.
- The access to the electronic data must be controlled.
For paper records, the process to capture the data shall be clearly defined, and the data must be recorded accordingly, incl. expected record format (e.g. date) and precision (e.g. number of decimal places). The unambiguous identification of the data source must be clearly documented. For data recorded using a computer system, the verification executed during the initial qualification and later in case of changes and repair activities must secure that the data is captured from the right source and properly processed (e.g. linearization, normalisation, conversion, etc.).
Complete
All data present (no omission, no deletion), incl. initial data, meta-data, etc.
- Selective reporting is falsification.
When electronic data shall be printed on paper or as PDF, it is necessary to ensure that the printout contains the complete data with the required accuracy.
- This requirement impacts both the initial qualification activities as well as the second person review activities during operation (see also "accurate data").
Consistent
All elements of the record sequence of events follow on and are date or time stamped in the expected sequence.
- The timestamps are consistent and refer to a common reference (time server).
- When data must be manually recorded, the operator shall read the time from a qualified time source and record it.
Enduring
Data must not be recorded on the back of envelopes, sticky notes, etc. but directly on authorised media (see also "original data").
- The use of thermal paper for device printer shall be avoided.
Electronic data must be stored on controlled and robust electronic media; i.e.:
- CD-ROM, DVD-ROM, uncontrolled USB media cannot be considered being GxP compliant and endurable.
Available
Can the data be accessed for review, audit or inspection over the lifetime of the record? Including after the contract end in case of outsourced activities? Data must be recorded on controlled paper forms resp. on controlled electronic media. Remark:
- The availability of GxP-relevant data (maybe critical for patient safety) stored in a cloud could cause significant problems in case of a short or long-term failure of the cloud service provider.
ALCOA+ criteria shall always be considered context related. Furthermore some "single word" can cover complex reality and interpretation which requires to be taken into account in its full extent. It shall not be forgotten that Data Integrity requirements are as old as the GMP/GxP requirements; consequently GxP compliance cannot be achieved without securing and enforcing Data Integrity. The adequate implementation of the ALCOA+ criteria is the condition for being able to rely on the generated, processed, and reported data.
Author: Yves Samson
- WHO TRS 996, Annex 5: Guidance on Good Data and Record Management Practices, June 2016
- Guidance on Good Manufacturing Practice and Good Distribution Practice: Questions and Answers Data Integrity, August 2016
- US FDA Guidance for Industry: Data Integrity and Compliance with drug cGMP: Questions and Answers, December 2018
- ECA Guidance Document: Data Governance and Data Integrity for GMP Regulated Facilities: European Compliance Academy, Version 2, January 2018
- GAMP Records and Data Integrity Guide - ISPE/GAMP, March 2017
- Data Integrity, David Churchward, MHRA - ISPE 2016 Europe Annual Conference, Frankfurt am Main
Related GMP News
13.11.2024Glossary of ICH Terms and Definitions published
02.10.2024MHRA: New Rules for Manufacturers and Wholesalers after Brexit
24.09.2024What is RCA (Root Cause Analysis)?
18.09.2024Lack of GMP Training and related Documentation: What Deviations can be found in FDA Warning Letters?
04.09.2024Switzerland: Changes for the Qualification of QPs (Responsible Person; RP in Switzerland)
04.09.2024Insufficient Root Cause Analysis leads to FDA Warning Letter