FDA Data Integrity Guidance

Data integrity builds trust between the regulatory agencies and the company. FDA observed GMP violations regarding data integrity on GMP inspections. It is quite alarming since ensuring data integrity is an essential component of the FDA’s responsibility to ensure drugs’ efficacy, safety, and quality. In addition, it is also essential to protect the health of the public. Data integrity-related GMP violations result to different regulatory actions like import alerts, warning letters, and consent decrees. 

Importance of FDA data integrity guidance 

Aside from maintaining the safety of patients, data integrity compliance is also beneficial for the protection of organizations against the financial consequences of FDA’s enforcement actions. These include substantial remediation costs, facility shutdown, denied or delayed drug approvals, import or distribution bans, product calls, and customer loss because of damaged reputation. Therefore, the data needs to be consistent, complete, and accurate. 

The following are some questions to know if an organization meets the FDA data integrity guidance. 

Are there controls to make sure that data is complete?

Do the activities attributable to a specific person?

Can only authorized personnel make changes to records?

Do the activities are documented during the time of performance?

Are data securely maintained from data creation through disposition after the retention period of record?

Are there changes in data records?

Are records reviewed for completeness, accuracy, and compliance with established standards?

Important elements of FDA data integrity guidance 

The following are the essential elements of FDA data integrity guidance. 

Audit trail reviews 

Audit trails need to be review frequency for data in GMP. Companies should audit trail reviews after the processing, manufacturing, holding, or packing process. There should be a risk assessment that involves control mechanisms, data criticality evaluation, and impact on the quality of the product. 

Computer system validation 

FDA enforces that validations studies on computer systems need to validate for their specific use. There should be an assessment of non-GMP functions conducted by a system to affect the GMP operations. 

System suitability testing 

When it comes to data integrity, FDA considers a regulatory violation to use actual samples in a system prep, suitability test, or equilibrium runs as a source of disguising testing to compliance. With this, companies should correctly characterize secondary standards from a separate group of a sample being tested. In addition, the records for cGMP need to be complete and transparent. 

Employee training 

Aside from training to detect data integrity problems, the FDA mandates the company to train their personnel to establish preventative and corrective actions so data integrity problems don’t recur and are mitigated. 

Shared logins 

FDA also requires companies to have unique logins for users authorized to modify data. Shared login accounts for read-only data viewing are also acceptable. 

Backup records  

The FDA clears that backup is a true copy of the original record kept securely during the record retention period. Furthermore, the backup data must be complete, exact, and secure from inadvertent erasures, alteration, or loss. 

Access to computer systems 

The rights to change settings and files should not be assigned for those who handle record content. 


Generally, FDA data integrity guidance should be implemented by companies seriously. So, they can avoid consequences from enforcement action by FDA. 

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top