Data Integrity Incident Handling Procedure

Standard Operating Procedure (SOP) for Handling of Data Integrity Incident Investigation and compliance in Pharmaceutical Drug Manufacturing Plant.

Handling of Data Integrity Incident

1.0   PURPOSE:

    • To provide a procedure to investigate and handle data integrity incidences related to GXP data, identified during internal audit or during review of data.

2.0   SCOPE:

    • Applicable to all GxP data generated by electronic and paper based systems at site.


    • All Personnel handling, generating, reviewing and approving the GxP documents.
  • Human Resource (HR):

    • Ensure the code of conduct is signed by all employees, contractors, service.
    • Be a part of task force to investigate the impact of violation of data.
    • Take appropriate Disciplinary Action, as applicable.
    • Counselling of the person involved in violation of data.
  • Task Force:

    • Comprising of senior management like HR, Concerned Department head, Reporting Manager, QA  Head, Unit Head, Site QA Head, Site QC Head, Manufacturing head, any other department head, as applicable.
    • To investigate the impact of violation of data integrity.


    • The extent to which all data are complete, consistent and accurate throughout the data lifecycle.
    • Complete, consistent and accurate data should be attributable, legible, contemporaneously recorded, original or true copy and accurate (ALCOA).
    • Breach of Data Integrity (BDI):
    • It is a violation of the integrity of Data.
    • This means, the actions performed and the documents/records written do not reflect the truth and the reality which has taken place.
    • Breaches of Data integrity can be observed during all activities of manufacturing and testing, inspection and post inspection.
  • Common terms used as Falsification of data , Alteration of data and events, Misleading information, statements or facts, Misrepresentation of what really happened, Untruthful statements, Deceit, Forgery.
  • Few examples of Breach to Data Integrity are as below, but not limited to:

    • Data alteration & generation of unauthorized documents.
    • Data not recorded contemporaneously i.e. not entering the data at the time of activity
    • Signing off or owning records for activity not performed by self
    • Intentionally misplacing or replacing
    • Trial runs in analysis (Actual samples shall not be used to perform system suitability test)
    • Extrapolating values to achieve the desired
    • Manipulating date and time in computer system or any other system used for GMP activities
    • Manipulating and or misrepresenting any parameters such as process or analytical parameters
    • Recording of an activity not performed
    • Copying existing data as new data
    • Re-running samples without justification and investigation
    • Discarding/deletion of data
    • Not saving electronic or hard copy data.

ALCOA + (Attributable, Legible, Contemporaneous, Original, Accurate). The + sign indicates complete, consistent, enduring and available

Criterion Meaning


Attributable means information is captured in the record so that it is uniquely identified as executed by the originator of the data (e.g. a person, computer system).Who performed the activity and when. If the record is changed, who did it and why. Link to the source document.


The terms legible and traceable and permanent refer to the requirements that data are readable, understandable and allow a clear picture of the sequencing of steps or events in the record.
Contemporaneous Contemporaneous is process of documentation (on paper or electronically) at the time of an activity.


Original data includes the first or source capture of data or information and all subsequent data required to fully reconstruct the conduct of the GxP activity.
Accurate The term “accurate” means data are correct, truthful, valid and reliable.
Complete All data from an analysis, including any data generated before a problem is observed, data generated after repeat part or all of the work or reanalysis performed on the sample.

For hybrid systems, the paper output must be linked to the underlying electronic records used to produce it.

Consistent All elements of the analysis, such as the sequence of events, follow on and data files are date (all processes) and time (when using a hybrid or electronic systems) stamped in the expected order.
Enduring Recorded on authorized media e.g. laboratory logbooks, controlled worksheets, log etc. for which there is accountability or electronic media

Not recorded on the backs of envelopes, laboratory coat sleeves, Post-It notes

Available The complete collection of records can be accessed or retrieved for review at any time and during audit or inspection over the lifetime of the record.


    • Data Integrity is a life cycle approach, it refers to maintaining and assuring the accuracy and consistency of data over the entire data life cycle i.e. from

Data collection—>Data Processing—>Data Review—>Data Reporting—>Data Archival

    • Assuring data Integrity requires appropriate quality and risk management systems for each data/ processing step, including adherence to sound scientific principles and good documentation
    • Compliance to Data Integrity starts from-

Development—>Manufacturing—>Packing—>Distribution—>Other (post-marketing activities like pharmacovigilance/ complaints etc.

    • During this life cycle of Gxp processing inclusive of documentation, any observation made during internal audit or assessment, following procedure shall be followed to investigate and suggest corrective actions.
    • Procedure to investigate and handle Data Integrity issues : (Refer Annexure 1)

    • Principles of Data Integrity apply to paper, electronic records that were created during manufacturing, packaging, testing, holding, shipping and distribution and any other ancillary or supporting activities within the framework of good manufacturing
    • During periodic review of GxP documents or at any point of time of review, if any observation related to Data Integrity is found, the concerned individual shall inform the incident to department head and QA head within one (1) Business day.
    • Deviation SOP shall be filed to find out root cause, assess impact and assign appropriate Corrective action and Preventive actions. Deviation shall be logged immediately without waiting for investigation to
    • The department head shall form a Task Force in consultation with unit head and QA Head.
    • The task force shall comprise of HR, Concerned Department head, Reporting Manager, QA Head, Unit Head, Site QA Head, Site QC head Manufacturing head and other Cross Functional team (CFT) as applicable.
    • The Head Unit Quality Assurance shall be the lead investigator and enlist other discipline Heads as necessary.
    • Investigation shall be completed preferably within 5 working days from the date of incident reporting.
    • Detail investigation shall be conducted as follows:

    • Record the investigation in Annexure 1 and attach with the deviation.
    • Detailed Investigation shall contain summary of all information from laboratories, manufacturing operations, and systems covered by the assessment. In case of exclusion of any part of the operation, justification for the same shall be prepared.
    • The investigation process shall include interviews of the alleged employee to involved employee in the Data Integrity issue.
    • In the event more than one person is involved, all personnel (present and past) shall be interviewed to identify the nature, scope, and root cause of data inaccuracies.
    • An assessment of the extent of data integrity deficiencies at the facility shall be conducted.

    • Any omissions, alterations, deletions, record destructions, non-contemporaneous record completion, and other deficiencies shall be identified.
    • A comprehensive description of the root causes of the data integrity lapses shall be mentioned in the investigation form.
    • Comprehensive retrospective evaluation shall be conducted to identify the nature of the data integrity deficiencies; these shall include all the work that the individual may have done before.
    • Risk assessment as per SOP – Quality Risk Management shall be performed to identify the potential effect of the observed failures on the quality of the product that was released.
    • The risk assessment shall include the following but not limited to;

    • Analyses of the risks to patients
    • Risks posed by ongoing operations
    • Any impact on the veracity of data submitted to regulatory agencies including data related to product registration
    • Once the investigation is completed, data integrity issues shall be categorized as defined below:

Note: The below list and examples are not comprehensive in itself, it may cover other areas and functions as well.

    • Impact to product with risk to patient health: Critical deficiency:

    • Product failing to meet specification at release or within shelf Reporting of a ‘desired’ result rather than an actual out of specification result when reporting of QC tests, critical product or process parameters.
    • Impact to product with no risk to patient health: Major deficiency

    • Data being miss-reported, e.g. original results ‘in specification’, but altered to give a more favorable trend.
    • Reporting of a ‘desired’ result rather than an actual out of specification result when reporting of data which does not relate to QC tests, critical product or process.
    • Failures arising from poorly designed data capture systems (e.g. using scraps of paper to record info for later transcription).
    • No impact to product; evidence of widespread failure: Major deficiency:

    • Bad practices  and  poorly  designed  systems  which   may   result   in opportunities for data integrity issues or loss of traceability across a number of functional areas (QA, production, QC etc).
    • Each in its own right has no direct impact to product quality.
    • No impact to product; limited evidence of failure: Other deficiency

    • Bad practice or poorly designed system which result in opportunities for data integrity issues or loss of traceability in a discrete area.
    • Limited failure in an otherwise acceptable
    • Based on the categorization, strategy for global corrective action and preventive action plan shall be decided.

    • The CAPA shall be raised as per SOP. The strategy shall include:
    • The detailed corrective action plan shall describe assurance of the reliability and completeness of all of the data generated, including analytical data, manufacturing records, and all data submitted to and Regulatory Authority through filings.
    • Interim measures describing the actions that have been taken or will be taken to protect patients and to ensure the quality of the drugs (finished or bulk), such as notifying customers (if applicable), recalling product, conducting additional testing, adding lots to current stability programs to assure stability, drug application actions, and enhanced complaint monitoring.
    • Long-term measures describing any remediation efforts and enhancements to procedures, processes, methods, controls, systems, management oversight, and human resources (e.g., training, staffing improvements) designed to ensure the integrity of data.
    • Based on the criticality of data integrity issues, investigation carried out and the conclusion derived, disciplinary action including issuance of termination letter shall be taken.
    • Log the summary of the incidence of data integrity in Annexure 3.


    • DI              :           Data Integrity
    • GMP         :           Good Manufacturing Practices
    • GxP           :           Good X Practices where X stands for Chromatographic, Clinical, Manufacturing, laboratory, distribution, quality, pharmacovigilance etc.
    • HR            :           Human Resources


    • MHRA GMP Data Integrity Definitions and Guidance for Industry January 2015.
    • USFDA – Data Integrity and Compliance with cGMP – Guidance to Industry (Draft Guideline) PIC/S Draft Guidance on – Good practices for data management and integrity in regulated Environment.
    • Deviation Handling – SOP
    • Quality Management System Deviation – SOP
    • Risk Management by Failure Mode, Effect and Criticality Analysis – SOP
    • Management review and escalation procedure – SOP
    • Corrective Action and Preventive Action (CAPA) – SOP


Annexure 1 – Flow chart to handle data integrity incidences

Annexure 2 – Investigation of Data Integrity incident

Deviation reference No:                                                          

Date :
Department :
Product / Item / Document/ System/ Facility :
Brief description of incident:
Impacted system and document no :
Summary of Impact of incident on any Six system:
Material System Production System Quality System
Packaging and Labelling System

Laboratory Control System

Facility and Equipment System
Justification if any system excluded from impact assessment:
Name of person (s) interviewed :
Outcome of the interview :
Extent of data integrity deficiencies :
Omissions                                       Alterations                                       Deletions

Record destructions                       Non-contemporaneous                    Other deficiencies

record completion

If Others, please specify:
Description of Root Cause:
Comprehensive retrospective evaluation:
Categorization of Data integrity incident :

Impact to product with risk to patient health: Critical deficiency Impact to product with no risk to patient health: Major deficiency

No impact to product; evidence of widespread failure: Major deficiency

No impact to product; limited evidence of failure: Other deficiency

Risk assessment performed: YES / NO:

If Yes, Reference FMECA no.                                                

Justification, If no risk assessment performed :

Conclusion and Recommendations:
Sign Off by Investigating team:

Annexure 3 – Summary Log of Data integrity incidences



Date of incident

Deviation reference No

Short Description of incident

Root cause of incident

Category of incident (Critical/Major/ Minor)

Corrective actions (CAPA Ref No)

Close out date

Entry done by and date
Janki Singh: Mrs. Janki Singh is the professional pharmaceuticals Blogger. She has already posted more than #1000 articles on varrious topics at different blogging plateforms. Contact : guideline.sop@gmail.com