The ALCOA++ principles guide and model a company’s policies and procedures to help ensure that regulatory compliance is maintained in line with all GxPs. ALCOA++ underpins data integrity and inspection readiness across the full data lifecycle, notably in GCP settings for clinical trials and GMP environments for investigational product and quality records, while remaining applicable to the broader GxP landscape.
Data is of the utmost importance and its management is key, especially with the ever-expanding data collection tools available to companies running clinical trials. With these advances in technology and the emergence of AI (artificial intelligence) and ML (machine learning), virtual trials and diverse eSource (eCOA/ePRO, sensors or wearables, IRT, eTMF, eConsent) ensuring the integrity of the data is even more important. While ALCOA++ is relevant, the core requirements are still as applicable as they have always been on more traditional style clinical trials.
Importance of Data Integrity
In the modern era of clinical trials, data integrity and compliance are a vital part of regulatory reviews. Regulatory agencies such as the FDA (US Food and Drug Administration) and EMA (European Medicines Agency) are always checking for any potential data integrity issues in a regulatory submission. Such issues can compromise the safety and efficacy of a new drug/device and can be a result of a number of reasons, including human errors, technical issues, or malicious acts. Data integrity issues are unlikely to be done on purpose but that does not mean that regulators will be sympathetic to any issues they detect.
A violation will result in receiving a warning letter and consent decrees. Analyses of FDA enforcement indicate that nearly 80% of data integrity related warning letters issued since 2008 occurred during 2014-2018, which is useful historical context that highlights regulators’ focus on data integrity.
What is ALCOA++ and How Does It Fit with Data Compliance and Integrity?
ALCOA was articulated in the 1990s by Stan W. Woollen (FDA) and has since evolved into a global shorthand for GxP data integrity expectations across paper and electronic data, spanning GCP, GMP, and further. ALCOA++ principles help avoid data integrity and compliance issues and provide an audit trail that records additions, deletions, and alterations without obscuring the original records. This audit trail enables the reconstruction of details related to the original electronic record.
Today, ALCOA++ comprises ten attributes: Attributable, Legible, Contemporaneous, Original, Accurate, Complete, Consistent, Enduring, Available when needed, and Traceable.
By following ALCOA++ principles, organisations can prevent common data integrity breaches such as intentional deletion or manipulation of records, accidental data loss, uncontrolled documentation, or failure to record data in real-time. Using electronic data recording systems that restrict access to authorised and authenticated individuals further ensures data completeness, consistency, and security, while also preventing unauthorised disclosure of Protected Health Information (PHI). All data entries and changes are logged, time-stamped, and (when designed appropriately) easily accessible to authorised users when needed throughout retention, supporting both GCP oversight and GMP quality assurance.
Audit Trail Review: What Regulators Expect Now
Establish procedures for risk-based, trial-specific, proactive, and ongoing audit-trail review focused on critical data. Reviews may be manual and/or technology-assisted (e.g. patterns, triggers). Document scope, frequency, responsibilities, and outcomes.
Roles, Scope, and Governance in 2025
Data integrity is a shared responsibility across investigators, sponsors, and service providers (including cloud/SaaS). Contracts and procedures must ensure investigators retain independent access to their records and sponsors should not have sole control. ALCOA++ applies to modern systems including eCOA, ePRO, wearables, IRT, eTMF, and eConsent, with proportionate validation and lifecycle metadata controls that align with GCP requirements for clinical processes and GMP expectations where manufacturing/quality systems intersect with trials (e.g. IMP production and release).
Let's explore each attribute of ALCOA++.
The Original ALCOA Attributes
Attributable
Link each datum to the person and/or system (and, where relevant, the device) that created or modified it, with this information retained in metadata, including date and time. Use unique user IDs/roles (no shared accounts), appropriate access controls, and validated audit trails.
Legible
Data must be readable and reviewable in its original context. Any encoding, compression, or encryption must be reversible, so information is not lost.
Contemporaneous
Data should be recorded at the time of the activity with accurate, automatically captured date/time that is set by an external standard (e.g. UTC or a network time source). Audit trails and metadata must include these timestamps as manual time zone conversions alone are not sufficient for compliance.
Original
Retain the first capture or a certified copy created under controlled procedures. Where data are dynamic (e.g. device waveforms, eCOA event logs), that dynamic form should remain available.
Analyses, calculations, and reports must be traceable back to source, and systems and transfers should be validated, with audit trails preserving the history without obscuring the original.
Certified copies should be distinguishable and controlled. Where certified copies replace paper originals, procedures must ensure fidelity and ongoing accessibility.
Accurate
Records should faithfully represent what occurred, with validated coding, transfers, and interfaces. Devices used to capture information must be calibrated and fit for purpose. Any amendment must be captured so the original remains visible and reasons for change should be recorded where appropriate.
The Additional ALCOA++ Principles
Complete
All data, including metadata, audit trail and relevant contextual information, should be present to allow reconstruction of events. Deletions must not remove the ability to see what happened.
Consistent
Data should be consistent across the lifecycle. Definitions, units, and sequencing should be standardised and time and date stamps must align and contradictions should be controlled or detected.
Enduring
Data should remain intact and usable for the entire retention period, with suitable formats, backups and archiving aligned to risk. Ensure readability independent of specific hardware where feasible and maintain backups and disaster-recovery plans.
Available When Needed
Data should be readily retrievable for monitoring, audits and inspections whenever required across the retention period. Storage locations and repositories must be searchable, indexed and appropriately labelled to enable timely retrieval.
Traceable
Data must be traceable end-to-end. Any change to data or metadata must not obscure the original and should be captured (e.g. via an audit trail) so that the history can be reconstructed.
Conclusion
ALCOA++ has become the practical baseline for GxP data integrity across contemporary clinical research and adjacent quality domains (e.g. GCP and GMP). Beyond simply 'having an audit trail' or 'storing records,' today’s expectations emphasise lifecycle control, risk-based audit-trail review, time synchronisation to an external standard, and retrievability 'when needed' for monitoring, audit, and inspection. Applied well, ALCOA++ enables reliable, reconstructable, and inspection-ready data that safeguard participants and support credible evidence.
In practice, map your data flows and systems (EDC, eCOA/ePRO, wearables/sensors, IRT, eTMF, eConsent, labs, safety) to the ALCOA++ attributes and close any gaps. Ensure contemporaneity by using automatically captured timestamps set by an external standard (e.g. NTP/UTC) rather than manual clocks. Strengthen traceability by configuring audit trails that capture the who, what, when and why for data and metadata changes, and by running risk-based, trial-specific, ongoing reviews focused on critical data.
Protect originality by preserving dynamic source data (e.g. device waveforms and event logs) and using certified copies under controlled procedures. Assure accuracy and completeness via validated interfaces and transfers, calibrated devices, controlled coding and retention of all metadata needed to reconstruct events. Keep records enduring and available when needed with fit-for-purpose formats, backups, archiving, and tested retrieval pathways that avoid technology lock-in. Clarify roles and access so investigators retain independent access, and no single party has exclusive control, and adopt proportionate validation and change control with clear SOPs, training, and effectiveness checks that meet GCP/GMP expectations while generalising across the wider GxP framework.
Taken together, these measures operationalise ALCOA++ so that data are attributable, legible, contemporaneous, original, and accurate – and now complete, consistent, enduring, available when needed, and traceable. The result is a culture, system landscape, and set of procedures that make integrity the default, reduce inspection findings, and accelerate confident decision-making throughout the trial lifecycle.
Quanticate’s clinical data management, statistical programming, and QA teams are dedicated to ensuring high-quality data and deep experience in data capture, processing, and collection tools. We offer flexible, customisable solutions across unified platforms, including EDCs. If you would like more information on how we can assist your clinical trial, submit an RFI.
