Skip to content
Sinfony

Data integrity · GMP

Data integrity plays out at the workstation, not in the servers.

You secure the systems, you validate the software — and yet data integrity goes off the rails in everyday gestures: a reworked Excel extract, a "pen" correction, an approved but incomplete protocol. Here's how a simple rule, ISI, makes the ALCOA principles applicable on the floor.

ALCOA

Attributable, Legible, Contemporaneous, Original, Accurate: the five attributes of sound data, expected by inspectors in regulated industry.

ALCOA / ALCOA+ principles (MHRA, FDA, PIC/S).

Data integrity is the guarantee that every piece of data generated is reliable, complete and traceable throughout its lifecycle. In practice, compliance is almost never lost inside the validated IT system: it's lost at its boundaries — where a person extracts, re-copies, corrects or archives.

The real problem

Integrity deviations are born in the gestures, not in the software.

On the floor, observing complete processes — planning, change control, batch release — surfaces deviations that are invisible from a control room: spreadsheets extracted from an ERP then handled by hand, test requests corrected without quality sign-off, protocols approved before they're finalized, or paper documents that can't be found during a check. Nothing unusual: these are the natural leak points of data.

Where it goes wrong

Five common leak points.

The situations that most expose data integrity at the workstation.

Situation ALCOA attribute at risk
ERP extract reworked in ExcelOriginal, Accurate
Handwritten correction without quality sign-offAttributable, Accurate
Data entered after the fact, from memoryContemporaneous
Protocol approved before finalizationAccurate, Attributable
Archived paper document that can't be foundLegible, Original

The solution

The ISI rule: ALCOA made applicable at the workstation.

Rather than requiring mastery of the standards, you give a simple reflex: before using a resource, I check that it's ISI.

I

Identified

The organization authorizes me to use it: right status, right version, right scope.

S

Safe

It guarantees me a reliable result: calibrated, validated, unaltered.

I

Sound (integrity)

Its data is ALCOA: attributable, legible, contemporaneous, original, accurate.

And if the resource isn't ISI? The reflex comes in three steps: I raise the alert, I bring things back into compliance, I notify. It's this short loop that keeps a data deviation from becoming a costly one.

On the floor

Catch the deviation before the inspector does.

At a pharmaceutical site in northern France, the ISI reading was deployed in situ across dozens of processes and workstations, over four business scopes.

By analyzing processes at the workstation — and not on paper — the teams learned to spot the leak points themselves: spreadsheet handling, bypassed documentary locks, uncertain statuses. Most deviations are then corrected from one observation to the next, before they reach a quality review or an inspection.

Frequently asked questions

Data integrity: the essentials.

Secure your data integrity where it actually plays out.

Let's talk about rolling out the ISI rule and data-integrity vigilance at the workstation.