In previous posts of the series we have discussed the relevance of Data Integrity in the pharmaceutical industry, as well as the most relevant key concepts of data management and examples of deficiencies found in audits. Today we will attempt to answer the question: How can a company become Data Integrity compliant?

Several actions should be made, but the basis of everything is to create a Data Integrity culture in the company, which makes the personnel understand the relevance of this topic. By doing this, we can ensure that personnel will be open to the implementation of the necessary changes in the systems and tasks, and also will make them conscious of their individual responsibilities in day-to-day work.

This Data Integrity culture is not something isolated within companies. It should be in fact part of the global GMP culture, and therefore part of the Quality System of the pharmaceutical companies. A Data Integrity policy should be created and aligned with all the other quality related policies. It should provide internal guidance on how the key data integrity topics, like the ones we saw (scope, training, Risk Management, controls in the data life cycle, etc.) are going to be addressed.

Once that policy is created and understood, it is possible to proceed with the next step, its implementation in the processes that manage the GxP data, through their critical evaluation in front of the Data Integrity requirements. And at this point is when we should be conscious of the opportunities and tools that the DIRA can provide. Evaluation of the systems, but specially CAPA definition and management, should take into account the relevance of the data being managed, as well as the risk associated to the flaws detected and the availability of control measures mitigating them.

A good example of a project like this can be found in the following case study published by TDV.

Once the processes have been evaluated and the CAPA established, it is necessary to ensure that the data integrity is kept under control along the time. This can be made using the same tools that should be already in place in the quality system: change management, deviation management and self-inspection, as well as periodical re-evaluation of the data integrity risks. Also, it is recommended to establish data integrity related quality indicators that provide estimation on the progress of the continuous improvement. Each company should establish their own ones, but the most basic one may be the number of data integrity related deviations per time period. In this last stage, training should not be forgotten.

Finally, it is necessary to mention the role of the personnel training in all this process. Training is a key element in any quality system and especially when a company faces a new topic. An initial training may be necessary for understanding this topic and creating the basic company data integrity culture, but extending it to all the personnel of the company (always adapted to the responsibility of each one), is a must. This training should be periodically refreshed.



Implementing Data Integrity in a company goes beyond randomly completing activities and verifications. Establishing a solid roadmap and generating the appropriate culture and knowledge are the basis for success. Creating the Data Integrity policy and doing a risk based evaluation of all the processes managing GxP data are the initial milestones, which can be a real tour-the-force which might require external help for success. Once the processes are evaluated and controlled, the tools available in the quality system should be used for maintaining this hardly-won status.