A common acronym for representing data integrity by meeting the following criteria:

  • Attributable / attributable (i.e., source identification – human or technology)
  • Legible / readable (and understandable)
  • Contemporaneous (i.e. immediately recorded)
  • Original (handwritten records or certified / true copies)
  • Accurate (that means, no change (cave: permission correct?) or no change without justification)

In the literature, additional criteria are often cited leading to acronyms such as e.g. ALCOA (+) or ALCOA CCEA:

  • Complete (i.e., all process-relevant data for robust decision-making)
  • Consistent (relevant data are recorded in the correct chronological order and with correct timestamps)
  • Enduring / permanent (recorded on appropriate media – i.e. no sticky notes, back pages, loose uncontrolled sheets, flat files or USB sticks)
  • Available (i.e., data is available over the entire data lifecycle – e.g. for audits, inspections, reviews)

Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which agreed criteria are fulfilled.

Generating the program code to create software modules. The coding is subject to programming guidelines, which define the quality requirements for code generation and thus ensure the traceability of the program code. The correctness of the generated code is verified in the module test. Compliance with programming standards is verified on the basis of code reviews.

A functional unit that can perform substantial computations, including numerous arithmetic operations and logic operations without human intervention.

A broad range of systems including, but not limited to, automated laboratory equipment, laboratory information management, clinical trials data management, vigilance systems, process control and process analytics, manufacturing resource planning, automated manufacturing equipment, manufacturing execution, and document management systems. The computerized system consists of the hardware, software, and network components, together with the controlled functions and associated processes, trained people, qualified equipment and specifications and records.

Achieving and maintaining compliance with applicable GxP and Medical Device regulations and establishing documented evidence that the system is fit for intended use by:

  • the adoption of principles, approaches, and life cycle activities within the validation framework by executing project specific validation plans
  • establishing and applying appropriate operational controls throughout the life of the system

A system containing one or more computers (or hardware components) and associated software.

Data generally denotes facts, values (numerical or otherwise) or recordable findings, such as those obtained by measurements or observation.

Data integrity is the degree to which a collection of data is complete, consistent and accurate throughout the data lifecycle. The collected data should meet the ALCOA criteria. Ensuring data integrity requires appropriate quality and risk management systems and compliance with good documentation practices.

A planned approach to assessing and managing data risks in a way that reflects the potential impact on

  • Product quality,
  • Patient safety and/or
  • the reliability of the decisions taken

in all phases of the process in which data is

  • created,
  • processed,
  • checked,
  • analyzed,
  • reported,
  • transferred,
  • saved and
  • retrieved

and which is continuously monitored.