Since the 1938 United States Food, Drug and Cosmetics Act was put in place, legal requirements have existed mandating the integrity of the manufacturing and laboratory data supporting product quality and ensuring patient safety.  However, only within the last 10 years has the topic of data integrity been widely discussed and numerous guidance documents (draft and final) have been published.  The latest published guidance on the topic was the March 2018 MHRA update to “GXP Data Integrity Guidance and Definitions” (here).  A previous MHRA draft guidance was presented in July 2016 (here).

Although the format of the March 2018 guidance is not the same as that of the previous March 2015 guidance (here), the overall objectives of the March 2018 guidance remain the same. The March 2018 updated guidance includes the regulator’s current expectations on: (1) the principles of data integrity, (2) establishing data criticality and assessing inherent integrity risk, and (3) designing systems and processes to assure data integrity by creating the right environment for all GxP data.

The March 2018 guidance also comprehensively defines “data” throughout its life cycle, which includes: (1) raw data, (2) meta data, (3) data integrity, (4) data governance, (5) data life cycle, (6) recording and collection of data, (7) data transfer, (8) data migration, (9) data processing, (10) original record, (11) true copy, (12) computerized transaction, (13) audit trail, (14) electronic signature, (15) data review and approval, (16) computerized system user access/system administrator roles, (17) data retention, including data archive and backup, (18) file structures, (19) system validation for the intended use, and (20) IT suppliers and service providers.

Comparing the March 2018 and the March 2015 guidances, the following defined terminologies were included in the March 2018 guidance, but were not covered in the March 2015 guidance: (1) recording and collecting data, (2) data transfer/migration, (3) data processing, (4) electronic signature, (5) data approval, and (6) IT suppliers and service providers.  It was noted that the “primary record” in the March 2015 guidance was incorporated into the “raw data” definition in the March 2018 guidance.  Other differences include deletion of the terms “flat file” and “relational database” that were covered in the March 2015 guidance.

Additionally, the March 2018 guidance: (1) has been harmonized with other published regulatory agency guidance, (2) is applicable to all GXP data; however, it does not extend to medical devices, (3) promotes “a risk-based approach to data management that includes data risk, criticality and lifecycle”, (4) emphasizes the “+” elements of the “ALCOA +” concept (i.e., data should be Attributable, Legible, Contemporaneous, Original, Accurate “ALCOA” and Complete, Consistent, Enduring and Available (“+”).

Based on the March 2018 guidance, firms should consider an evaluation of all aspects of GxP operations and implementation of systems and procedures with adequate controls to ensure and safeguard the integrity of data.  Regulators expect the appropriate environment (systems and culture) exists to ensure the accuracy, reliability, and security of GxP data and hold senior management accountable for system implementation, including the effectiveness of the training provided to employees.

For further information or questions relating to any aspect of Data Integrity, please contact Thu Truong at, Ron George, Ph.D. at, or James Davidson, Ph.D. at