Data Integrity Compliance: How to reach the Status of Compliant

by: Gerardo Vece - Executive Consultant @PQE Group

In recent years, Data Integrity Compliance has become a cornerstone for the pharmaceutical industry. 

Although knowledge of data integrity principles is considered to be well established throughout the entire pharmaceutical field, with a high level of awareness that the true focal point is on data itself, it is still very common that, when talking about Data Integrity (DI), the discussion is typically about computerized systems, with almost no reference to processes and data written or archived on paper such as forms, log books, batch records, and other types of physical records.

Such a mindset amplifies the risks of not meeting Data Integrity regulations and contributes to a wider gap between procedures and data integrity principles. 

Data Intergity Compliance_Global_Site Banner (1)

What should a company do to align with Data Integrity requirements?

One of the core aspects of ensuring compliance is driving awareness through company culture. Employees should be aware of the importance of DI and all DI requirements should be present in the company’s Quality Management System (QMS) and embedded throughout work streams, including in policies, SOPs, documentation creation and management, computerized systems management, archiving and training. 

The best tool a company can utilize to improve its DI culture is a well-constructed training program for its employees, which should include not only DI requirements, but also the potential consequences the company might face if it is not compliant with them. Thanks to this tool, employees will be fully aware of the requirements and of the importance of respecting and maintaining them.

What should be included in a data integrity compliance program?

Certainly, the base for an exhaustive program can be established with the development of a detailed project plan, which defines  the program’s scope, actions to take and a timeline with due dates. 

Such a project plan should take into consideration two fundamental aspects: 

  • Phase I, during which an analysis that confronts the actual QMS vs. DI requirements and identifies a list of gaps that must be filled through a dedicated Corrective and Preventive Actions (CAPA) Plan is created. The CAPA Plan implementation must correspond with the creation of a “point zero” or “starting point”, after which everything that is implemented in the QMS is already compliant with the DI requirements.
  • Phase 2, when a program to evaluate everything that was already present in the company prior to the CAPA Plan implementation is developed to ensure DI Requirements are fully met. This phase should focus on assessing the principal work streams: paper, instruments and systems with a GMP impact, employed/installed in different areas. The assessment goal is to identify gaps that can be filled through the CAPA Plan and will lead to a Remediation Plan, which will align all the existent processes to the DI Requirements.

This strategy ensures that everything implemented from the end of Phase 1 will be compliant with the DI requirements, while with the conclusion of Phase 2, everything that was already present will be compliant. The time spent on Phase 1 implementation will contribute to a more condensed Phase 2, as the items revision list that goes in the Remediation Plan will be reduced.

Both phases are composed of:

  • An assessment sub-phase that analyzes gaps and identifies actions to implement.
  • The required actions for implementation.

It is clear that a simultaneous implementation of both phases would be difficult to complete, and it is fundamental to establish priorities based on a risk assessment that produces a hierarchical list of items that includes different levels of criticality and due dates for every action, giving each short, medium or long-term deadlines and creating a structured remediation plan.

During the implementation phase, the interaction between the DI regulations and the QMS plays a key role because it must ensure:

  • Details of the due dates included in the project plan.
  • The conformity between the planned actions and the implemented actions 

How does the interaction translate into practice between planned and implemented action?

QMS must manage the process of reaching compliance with DI Regulations, moving all aspects of the project to the company tools involved in quality management such as CAPA, Change Control and Commitment, ensuring three core aspects:
  • Traceability
  • Correct implementation of what has been identified during DI Assessment
  • Continuous monitoring of all actions to implement 

These three aspects, each of which are fundamental for reaching full compliance, have the same importance as the entire planning and assessment phases for the reasons listed below: 


Linking the actions created with what has been identified during DI Assessment, tracing every change to ensure the project is solid and ready for potential requests or checks by regulatory entities or clients.

Correct Implementation

Verifying that what has been identified during the assessment is implemented correctly, always keeping in mind the initial request and every change required and made (e.g., review the DI assessment to make changes and ensure traceability) 


Ensuring that all due dates are met, managing possible delays, and guaranteeing traceability and correct implementation, are all factors that play a fundamental role in avoiding wasted efforts and ensuring the site reaches and maintains full compliance with DI Regulations.  

In Conclusion

The goal of Data Integrity Compliance is to ensure a site is fully compliant with Data Integrity Regulations. Such a process must be built by creating a company culture where all employees are aware of the critical nature of DI, structuring a management plan focusing on DI and monitoring the advancement status of the entire project to assure the company reaches this status: “Compliant.” 

Are you compliant ?

PQE Group can support your business in reaching the compliance for your products as well as in implementing new procedures, tools and software.

To get more information or support, check our Data Integrity dedicated page or get in touch with us to find the most suitable solution for your company.

Quality Compliance Page