ALCOA+: the nine principles of data integrity — and what they demand in practice
ALCOA+ is the standard for data integrity in GxP-regulated work. It bundles nine properties every GxP-relevant record must have: the five classical ALCOA criteria — attributable, legible, contemporaneous, original, accurate — plus four extensions — complete, consistent, enduring, available. The goal: every recorded event stays fully and trustworthily reconstructable across the entire data lifecycle — whether on paper, in a system, or AI-assisted.
What ALCOA+ is — and why it matters
In an audit, the inspector rarely asks “do you have a protocol?”. They ask: “show me who entered this value, and when — and what was there before.” And that is the moment data integrity is decided — the question of whether a record truly holds up to what it claims.
ALCOA+ is the acronym regulators use to bundle that expectation — the properties a record must carry so that a release, a test result or a batch decision stays trustworthy.
The core ALCOA — attributable, legible, contemporaneous, original, accurate — originates in the FDA context and was later extended by four properties to form the “+”: complete, consistent, enduring, available. Today FDA, MHRA, PIC/S, WHO and EMA carry the same core expectation — wording and structure differ in the detail, but the substance largely lines up across the rulebooks.
Important for context: ALCOA+ is not a law of its own. It is a mnemonic for what GMP, EU Annex 11 and 21 CFR Part 11 already require. And it applies across the entire data lifecycle — from creation through processing and analysis to archiving and controlled destruction.
The five classical ALCOA principles
- Attributable: it is unambiguously determinable who or which system performed a data activity — creation, change, deletion — at which point in time.
- Legible: the record is permanently readable and understandable — years later too, for third parties in an audit too. Illegible or overwritten is not evidence.
- Contemporaneous: the data is recorded at the time of the activity — not reconstructed later from memory.
- Original: what counts is the original record (or a certified true copy) — the first raw data, not a transcribed summary.
- Accurate: the data is error-free, truthful and reflects the actual result — without unauthorised change.
ALCOA does not ask “do you have a document?”, it asks “can you reconstruct what actually happened?”.
The plus: four extensions
The four extensions close the gaps ALCOA alone left open — above all in the digital, system-supported world:
- Complete: all data belongs — including repeats, failed attempts, metadata and the audit trail. Selective omission contradicts integrity.
- Consistent: the records are internally contradiction-free and chronological — timestamps and sequence line up.
- Enduring: the data stays durable and unchanged across the full retention period — not on the sticky note that fades.
- Available: the data is retrievable across its lifecycle — for review, inspection and reuse, not lost in an inaccessible archive.
Beyond the nine principles: what carries data integrity
The guidances stress that the nine principles do not stand in isolation. Four overarching expectations carry them:
- Audit trail: a tamper-evident, gap-free change record (who, what, when, why) is the technical basis for attributable and complete — and explicitly required in 21 CFR Part 11 / Annex 11.
- Data lifecycle: integrity is thought through across all phases — creation, processing, review, reporting, archiving, destruction — not only at the moment of capture.
- Risk-based: the effort is aligned with the risk to product quality and patient safety — critical data needs stronger controls than non-critical data.
- Quality culture: technical controls alone are not enough. Regulators expect a culture in which errors and deviations are reported transparently, promptly and without fear.
The pattern behind it
All nine properties aim at the same thing: a record must show what really happened — traceable, unchanged, over time. It is the same evidence discipline GxP validation demands of software — applied to data.
ALCOA+ in AI-assisted work
As soon as AI contributes to a GxP-relevant record — a draft, an analysis, a summary — its output, once it feeds into a GxP record, becomes data that must satisfy ALCOA+. And this is where it gets uncomfortable: a freely generating assistant with no source binding tears open three principles at once — attributable (who or what was the basis?), original (what does the statement rest on?) and accurate (is it even true?).
Such AI work becomes dependable only with a control architecture that supports these principles right in the work process. That is how the traqx approach to AI in GxP is set up: drafts arise from released sources (feeds original and accurate), every statement ends on a clickable citation, unsupported content is marked unverified, every release is an attributed human decision (attributable), and a gap-free audit trail records who decided what on which basis (complete, consistent, enduring). Not a data-integrity certificate — a way of working that supports ALCOA+ instead of undermining it.
How AI systems themselves are validated — under GAMP 5 and the draft Annex 22 on artificial intelligence — is covered in two dedicated articles: validating AI systems under GAMP 5 and Annex 22 vs Annex 11.
The honest limits
Three limits that belong with it:
- ALCOA+ is an acronym, not a rulebook. It summarises what the binding requirements demand — it does not replace them.
- Terminology varies slightly. Some guidances list the “+” properties partly under ALCOA itself; the substance is the same across FDA, MHRA, PIC/S, WHO and EMA.
- No tool makes you compliant by itself. Technology can support integrity; it is owned by your process and your quality organisation.
Orientation, not compliance advice
ALCOA+ is a mnemonic, not a law. The binding requirements are GMP, EU Annex 11 and 21 CFR Part 11. No tool is inherently “data-integrity compliant” — integrity is always established by your validated process in your context.
Key takeaways
- ALCOA+ is the data-integrity standard in GxP: five classical ALCOA criteria (attributable, legible, contemporaneous, original, accurate) plus four extensions (complete, consistent, enduring, available).
- It is not a law of its own but a mnemonic for what GMP, EU Annex 11 and 21 CFR Part 11 already require — and it applies across the entire data lifecycle.
- The principles are carried by the audit trail, lifecycle thinking, risk-based effort and an open quality culture.
- AI output is GxP data too: it must satisfy ALCOA+ — freely generated content without source binding endangers attributable, original and accurate.
- An architecture of source binding, attributed human release and a gap-free audit trail supports ALCOA+ structurally — without any conformity promise.
Sources
- MHRA — ‘GXP’ Data Integrity Guidance and Definitions (March 2018) — defines ALCOA + the extensions and the data-lifecycle approach for GxP.
- FDA — Data Integrity and Compliance With Drug CGMP: Questions and Answers (Guidance, Dec 2018) — the FDA expectation on data integrity (ALCOA, audit trail, original / true copy).
- PIC/S PI 041 — Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments — the detailed international guide to data integrity across the lifecycle.
- EU GMP Annex 11 (Computerised Systems) — the European, binding basis for audit trail, data control and retention.
- 21 CFR Part 11 (Electronic Records / Signatures) — electronic records, signatures and tamper-evident audit trails — the US basis of ALCOA+ in practice.