15 May 2023

APIC published document Data Integrity Frequently Asked Questions (FAQ)

In April 2023, the Task Force “Data Integrity” of the APIC Quality Group, which is a sector group of the European Chemical Industry Council (CEFIC), published the document Data Integrity Frequently Asked Questions (FAQ) on its website. Document provides numerous questions and answers on the topic data integrity that were submitted to the Task Force by the pharmaceutical industry and is divided into the following subsections; digital and electronic signatures, password management, access management, record life cycle management and various. Depending on the number of questions received, the individual paragraphs contain different amounts of explanations. As the document is intended to aid in the area of data integrity, you can always contact the Task Force with new or missing points at the e-mail address given in the document.

Data integrity refers to the accuracy, completeness, and consistency of cGxP data over its entire lifecycle. The steps that need to be overseen include the initial generation and recording, the processing (incl. analysis, transformation, or migration), the outcome/use, the retention, retrieval, archive and finally the destruction. Data integrity means that all the steps defined above are well managed, controlled and documented and therefore the records of the activities follow the ALCOA+ principles described in the guidelines. The ALCOA+ principles have been in place for several years in the industry and are widely known and implemented. Achieving data integrity compliance, for paper, electronic and hybrid systems, requires translation of these principles into practical controls in order to assure cGxP-impacting business decisions can be verified and inspected throughout the data lifecycle. The current guidelines on data integrity require that companies’ complete data integrity criticality and risk assessments to ensure that the organizational and technical controls that are put in place are commensurate with the level of risk to quality attributes.


Below the pillars of the Data integrity governance:

  • Organisational Culture

Organisational culture has the potential to increase the possibility for lapses in data integrity; intentional (e.g., fraud or falsification) or unintentional (e.g. lack of understanding of responsibilities and/or requirements).

  • Awareness

It is crucial that employees at all levels understand the importance of data integrity and the impact that they can have on cGxP data with the authorisations assigned for their job roles. Training is a major component of raising awareness and should be conducted periodically.

  • System and Process Design

Compliance with data integrity principles can be encouraged through the consideration of ease of access, usability, and location.

  • Management Commitment

Senior management should ensure that there is a written commitment to follow an effective quality management system and professional practices to deliver good data management.