traqxGxP Compliance Software
Data integrity

ALCOA+: the nine principles of data integrity — and what they demand in practice

Reading time ~9 min · Daniel Herrmann

CSV · TEST EVERYTHING FDA · CSA RISK-BASED High risk · fully validate PATIENT SAFETY · GxP-CRITICAL Direct GxP · risk-based TARGETED EVIDENCE · NO OVERKILL Low risk · documented

ALCOA+ is the standard for data integrity in GxP-regulated work. It bundles nine properties every GxP-relevant record must have: the five classical ALCOA criteria — attributable, legible, contemporaneous, original, accurate — plus four extensions — complete, consistent, enduring, available. The goal: every recorded event stays fully and trustworthily reconstructable across the entire data lifecycle — whether on paper, in a system, or AI-assisted.

What ALCOA+ is — and why it matters

In an audit, the inspector rarely asks “do you have a protocol?”. They ask: “show me who entered this value, and when — and what was there before.” And that is the moment data integrity is decided — the question of whether a record truly holds up to what it claims.

ALCOA+ is the acronym regulators use to bundle that expectation — the properties a record must carry so that a release, a test result or a batch decision stays trustworthy.

The core ALCOA — attributable, legible, contemporaneous, original, accurate — originates in the FDA context and was later extended by four properties to form the “+”: complete, consistent, enduring, available. Today FDA, MHRA, PIC/S, WHO and EMA carry the same core expectation — wording and structure differ in the detail, but the substance largely lines up across the rulebooks.

Important for context: ALCOA+ is not a law of its own. It is a mnemonic for what GMP, EU Annex 11 and 21 CFR Part 11 already require. And it applies across the entire data lifecycle — from creation through processing and analysis to archiving and controlled destruction.

The five classical ALCOA principles

  • Attributable: it is unambiguously determinable who or which system performed a data activity — creation, change, deletion — at which point in time.
  • Legible: the record is permanently readable and understandable — years later too, for third parties in an audit too. Illegible or overwritten is not evidence.
  • Contemporaneous: the data is recorded at the time of the activity — not reconstructed later from memory.
  • Original: what counts is the original record (or a certified true copy) — the first raw data, not a transcribed summary.
  • Accurate: the data is error-free, truthful and reflects the actual result — without unauthorised change.
ALCOA does not ask “do you have a document?”, it asks “can you reconstruct what actually happened?”.

The plus: four extensions

The four extensions close the gaps ALCOA alone left open — above all in the digital, system-supported world:

  • Complete: all data belongs — including repeats, failed attempts, metadata and the audit trail. Selective omission contradicts integrity.
  • Consistent: the records are internally contradiction-free and chronological — timestamps and sequence line up.
  • Enduring: the data stays durable and unchanged across the full retention period — not on the sticky note that fades.
  • Available: the data is retrievable across its lifecycle — for review, inspection and reuse, not lost in an inaccessible archive.

Beyond the nine principles: what carries data integrity

The guidances stress that the nine principles do not stand in isolation. Four overarching expectations carry them:

  • Audit trail: a tamper-evident, gap-free change record (who, what, when, why) is the technical basis for attributable and complete — and explicitly required in 21 CFR Part 11 / Annex 11.
  • Data lifecycle: integrity is thought through across all phases — creation, processing, review, reporting, archiving, destruction — not only at the moment of capture.
  • Risk-based: the effort is aligned with the risk to product quality and patient safety — critical data needs stronger controls than non-critical data.
  • Quality culture: technical controls alone are not enough. Regulators expect a culture in which errors and deviations are reported transparently, promptly and without fear.

The pattern behind it

All nine properties aim at the same thing: a record must show what really happened — traceable, unchanged, over time. It is the same evidence discipline GxP validation demands of software — applied to data.

ALCOA+ in AI-assisted work

As soon as AI contributes to a GxP-relevant record — a draft, an analysis, a summary — its output, once it feeds into a GxP record, becomes data that must satisfy ALCOA+. And this is where it gets uncomfortable: a freely generating assistant with no source binding tears open three principles at once — attributable (who or what was the basis?), original (what does the statement rest on?) and accurate (is it even true?).

Such AI work becomes dependable only with a control architecture that supports these principles right in the work process. That is how the traqx approach to AI in GxP is set up: drafts arise from released sources (feeds original and accurate), every statement ends on a clickable citation, unsupported content is marked unverified, every release is an attributed human decision (attributable), and a gap-free audit trail records who decided what on which basis (complete, consistent, enduring). Not a data-integrity certificate — a way of working that supports ALCOA+ instead of undermining it.

How AI systems themselves are validated — under GAMP 5 and the draft Annex 22 on artificial intelligence — is covered in two dedicated articles: validating AI systems under GAMP 5 and Annex 22 vs Annex 11.

The honest limits

Three limits that belong with it:

  • ALCOA+ is an acronym, not a rulebook. It summarises what the binding requirements demand — it does not replace them.
  • Terminology varies slightly. Some guidances list the “+” properties partly under ALCOA itself; the substance is the same across FDA, MHRA, PIC/S, WHO and EMA.
  • No tool makes you compliant by itself. Technology can support integrity; it is owned by your process and your quality organisation.

Orientation, not compliance advice

ALCOA+ is a mnemonic, not a law. The binding requirements are GMP, EU Annex 11 and 21 CFR Part 11. No tool is inherently “data-integrity compliant” — integrity is always established by your validated process in your context.

Key takeaways

  • ALCOA+ is the data-integrity standard in GxP: five classical ALCOA criteria (attributable, legible, contemporaneous, original, accurate) plus four extensions (complete, consistent, enduring, available).
  • It is not a law of its own but a mnemonic for what GMP, EU Annex 11 and 21 CFR Part 11 already require — and it applies across the entire data lifecycle.
  • The principles are carried by the audit trail, lifecycle thinking, risk-based effort and an open quality culture.
  • AI output is GxP data too: it must satisfy ALCOA+ — freely generated content without source binding endangers attributable, original and accurate.
  • An architecture of source binding, attributed human release and a gap-free audit trail supports ALCOA+ structurally — without any conformity promise.

Sources

Author

Daniel Herrmann

Daniel Herrmann is the founder of traqx and has worked for years at the intersection of GxP validation, data integrity and AI-supported tools for regulated teams. This article summarises publicly accessible regulation (MHRA/FDA/PIC/S data-integrity guidances, EU Annex 11, 21 CFR Part 11) in his own contextualisation. It is orientation, not legal or compliance advice and does not replace an assessment for your specific scope. Where traqx is mentioned, the text describes the provable way of working — sources first, AI as a suggestion, the human decides, the audit trail remains — and no effect promise beyond that.

On your work case

Start a Workspace trial on your GxP process.

One team, one source space, one real work case: you use Workspace directly, check sources first, let AI work as a suggestion and keep human release.