Imagine that a regulator is inspecting your manufacturing facility. At one point, the inspector starts walking toward the waste bins, and instead of throwing something away, he or she starts taking things out. The investigator discovers failing test results amongst the waste. The regulator has just discovered a major data integrity incident at your company. Situations like these happen again and again during inspections at multiple facilities around the world. They are a nightmare for corporate executives and management of life sciences companies because the consequences can be severe.

Data integrity means data that is reliable and accurate. Internationally, "ALCOA" principles have become a popular way to view data integrity requirements. ALCOA stands for "attributable, legible, contemporaneously recorded, original or a true copy, and accurate." In practice, this means, for example, that operators who perform tests record the actual test result, along with their name, in a neat, discernable way at the time of measurement. Companies often get into trouble when failing test results are discarded and not recorded or when documents are prefilled before steps have been completed.

As an increasing focus area for regulators, data integrity should be taken very seriously by companies both within their own business and with regard to suppliers, especially API manufacturers. Regulators care about data integrity because of extensive violations that have been identified during inspections in the past few years. If the production or analytical data cannot be trusted, regulators cannot effectively evaluate the information and ensure products' quality, safety and efficacy.

This is especially true for regulators that are members of the Pharmaceutical Inspection Cooperation Scheme (PIC/S). Swissmedic, the Swiss Agency for Therapeutic Products, is a member of PIC/S' Working Group on Data Integrity and in 2016 organized a training on "How to inspect data integrity" for inspectors from Switzerland and abroad. Data integrity, and the risk that data integrity for a product might be jeopardized, is the main criterion for Swissmedic for selecting companies for GCP (Good Clinical Practice) inspections.

If regulators discover data integrity violations, the consequences for a company can be severe, including but not limited to damaging press, the denial of an application or the prevention of product entry at the border. Additionally, because health agencies are increasingly working together, data integrity violations found by one regulator can lead to poor outcomes with another regulator. In the United States, there may also be criminal liability that can extend to senior executives.

Therefore, we advise to increase your company's compliance, by performing a data integrity assessment. A best practice would be to use an experienced, external third party for the data assessment. Based on gaps identified, corrective actions should be put in place. Keep in mind that corrective actions may include, depending on the root cause and scope of the issue, the need to take remedial employment actions, notify regulatory bodies of breaches of data integrity the audit has brought to light or recall products. It is also very important to foster a company culture in which employees know the meaning of data integrity, understand its importance and feel comfortable escalating any concerns. The data is only as reliable as a company's employees.