# Data integrity plays out at the workstation, not in the servers.

You secure the systems, you validate the software — and yet data integrity goes off the rails in everyday gestures: a reworked Excel extract, a "pen" correction, an approved but incomplete protocol. Here's how a simple rule, **ISI**, makes the **ALCOA** principles applicable on the floor.

ALCOA

Attributable, Legible, Contemporaneous, Original, Accurate: the five attributes of sound data, expected by inspectors in regulated industry.

ALCOA / ALCOA+ principles (MHRA, FDA, PIC/S).

**Data integrity** is the guarantee that every piece of data generated is reliable, complete and traceable throughout its lifecycle. In practice, compliance is almost never lost inside the validated IT system: it's lost **at its boundaries** — where a person extracts, re-copies, corrects or archives.

Integrity deviations are born in the gestures, not in the software.

On the floor, observing complete processes — planning, change control, batch release — surfaces deviations that are invisible from a control room: spreadsheets extracted from an ERP then handled by hand, test requests corrected without quality sign-off, protocols approved before they're finalized, or paper documents that can't be found during a check. Nothing unusual: these are the natural leak points of data.

## Five common leak points.

The situations that most expose data integrity at the workstation.

| Situation | ALCOA attribute at risk |
| --- | --- |
| ERP extract reworked in Excel | Original, Accurate |
| Handwritten correction without quality sign-off | Attributable, Accurate |
| Data entered after the fact, from memory | Contemporaneous |
| Protocol approved before finalization | Accurate, Attributable |
| Archived paper document that can't be found | Legible, Original |

## The ISI rule: ALCOA made applicable at the workstation.

Rather than requiring mastery of the standards, you give a simple reflex: before using a resource, I check that it's ISI.

I

### Identified

The organization authorizes me to use it: right status, right version, right scope.

S

### Safe

It guarantees me a reliable result: calibrated, validated, unaltered.

I

### Sound (integrity)

Its data is ALCOA: attributable, legible, contemporaneous, original, accurate.

And if the resource isn't ISI? The reflex comes in three steps: **I raise the alert**, **I bring things back into compliance**, **I notify**. It's this short loop that keeps a data deviation from becoming a costly one.

## Catch the deviation before the inspector does.

At a pharmaceutical site in northern France, the ISI reading was deployed in situ across dozens of processes and workstations, over four business scopes.

By analyzing processes at the workstation — and not on paper — the teams learned to spot the leak points themselves: spreadsheet handling, bypassed documentary locks, uncertain statuses. Most deviations are then corrected **from one observation to the next**, before they reach a quality review or an inspection.

## From reliable data to controlled deviations.

[Quality culture

### The GMP Gemba walk

How the ISI reading embeds itself at the workstation through floor visits.

Read the article →](/en/blog/gemba-walk-quality-culture-gmp/) [Sinfony × AQE

### Deviations & field quality

When the deviation occurs: investigations, CAPA and batch release.

Discover →](/en/consulting/deviations-aqe/) [Doc & training

### Document & capture

Clear procedures and a single source of truth mean fewer opportunities for deviation.

Learn more →](/en/consulting/documentation-training/)

## Data integrity: the essentials.

What is data integrity in the pharmaceutical industry? +

It's the guarantee that the data generated — results, records, batch records — is reliable, complete and traceable across its entire lifecycle. It is assessed through the ALCOA / ALCOA+ principles and is a major focus of GMP inspections.

What does ALCOA (and ALCOA+) mean? +

ALCOA: Attributable, Legible, Contemporaneous, Original, Accurate. ALCOA+ adds: complete, consistent, enduring and available. These attributes define what sound data is, from the point of view of the authorities (MHRA, FDA, PIC/S).

What is the ISI rule? +

ISI is a floor-level reflex that makes ALCOA applicable without regulatory expertise: before using a resource (equipment, material, document, data), you check that it's Identified (authorized), Safe (reliable) and Sound (ALCOA data). Otherwise: I raise the alert, I bring things back into compliance, I notify.

Why do integrity deviations escape validated systems? +

Because they occur at the boundaries of the system: when you extract data into a spreadsheet, re-copy it, correct a document by hand or archive a paper record. The software stays compliant, but the data leaves its secured environment. That's why vigilance has to be cultivated at the workstation, in situ.

## Secure your data integrity where it actually plays out.

Let's talk about rolling out the ISI rule and data-integrity vigilance at the workstation.
