Identifying and Preventing Common Data Integrity Issues

In June 2020, the U.S. Food and Drug Administration (FDA) issued a warning letter to a drug manufacturing facility, citing a number of infractions, including these common data integrity issues: 1

  • Missing raw data files associated with recovered solvent testing were observed in folders on the local hard drive of the operating system connected to the gas chromatography (GC) instrument. Your firm indicated that the files appear to have been deleted.

Current good manufacturing practices (CGMPs) are minimum requirements that companies must meet in developing health care-related products. Data integrity plays a key role in all areas of CGMP compliance, and the FDA expects all data to be reliable and accurate. According to the FDA guidance “Data Integrity and Compliance With Drug CGMP,” pharmaceutical manufacturing companies should implement meaningful and effective strategies for managing their data integrity risks based on their process understanding and knowledge management of technologies and business models. 2

Regulatory guidelines regarding data integrity have been in place for many years. Still, during fiscal year 2018, the FDA issued 85 CGMP warning letters to drug manufacturers — 42 of which had data integrity components. 3

Data Integrity Compliance

Data integrity is established by ensuring data is stored and managed properly in its original form. This is challenging due to evolving data management technologies, best practices, and regulatory guidelines. Nevertheless, taking steps to resolve data integrity issues is far more advantageous and cost effective than recovering from them. A good approach to achieving and maintaining data integrity compliance is to develop a practical data management strategy that involves employees, IT data management processes, and company policies.

Employee Participation

Employees can be your front line of defense against data integrity violations. To ensure the integrity of the data generated and used in the organization, employees should be trained and have the appropriate knowledge and skills to function in a CGMP environment, including knowledge of:

  • 21 CFR Part 11 requirements and expectations.

IT Data Management Processes

Continuously changing technologies for gathering, storing, and migrating data have made maintaining data integrity a bit unwieldy. For example, as data storage infrastructures evolve, data stored for 10 years or longer may not be readable on newer versions of operating systems or applications. Still, data integrity guidelines require that all original data remain intact throughout its retention period. Data archiving practices should maintain and protect data from corruption and loss. Below are some of the guidelines for proper data management:

  • Complete frequent backups of electronic data per CGMP requirements.

Company Policies

Regulatory guidelines for data integrity advise companies to be proactive with detecting and mitigating potential data integrity issues. One way to develop and uphold the cultural elements supporting data integrity in the organization is to establish and document organizational policies for activities involving data. Follow up with the policies by mandating routine training for all personnel. It’s also important to perform internal data integrity audits to catch potential issues or questionable practices. Use these audits to:

  • Identify anything questionable in data and records, including where they are generated and stored, i.e., paper records in banker’s boxes, notebooks or binders, around equipment in the lab, etc.

If your data is lost, corrupted, or breached, you will fall out of compliance with data integrity requirements. Creating a well-structured, fully documented data management plan can be invaluable in your efforts to preserve the integrity of your data. The ability to automate data collection, storage, and analysis can prevent opportunities for data integrity issues to occur in the first place. By digitizing your quality management system (QMS), all your quality and data processes share a common infrastructure and data architecture, which helps ensure compliance.


  1. “Vega Life Sciences Private Limited,” Warning Letter, U.S. Food and Drug Administration (FDA), July 7, 2020.

David Jensen is a content marketing specialist at MasterControl, where he is responsible for researching and writing content for web pages, white papers, brochures, emails, blog posts, presentation materials and social media. He has over 25 years of experience producing instructional, marketing and public relations content for various technology-related industries and audiences. Jensen writes extensively about cybersecurity, data integrity, cloud computing and medical device manufacturing. He has published articles in various industry publications such as Medical Product Outsourcing (MPO) and Bio Utah. Jensen holds a bachelor’s degree in communications from Weber State University and a master’s degree in professional communication from Westminster College.

Originally published at



Our cloud-based solutions make quality and compliance processes faster and help bring life-changing innovations to more people sooner.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store

Our cloud-based solutions make quality and compliance processes faster and help bring life-changing innovations to more people sooner.