All medicinal manufacturers that distribute within the European Union (EU) must comply with the Good Manufacturing Practice (GMP). Coordinated by the European Medicines Agency (EMA) in partnership with the European Commission, GMP inspections assess whether medicines are of high quality, suitable for their intended use, and meet marketing and/or clinical trial authorization requirements.

GMP inspections may be routine (regularly scheduled) or “for-cause” (on suspicion of non-compliance). Either way, if you don’t have immaculate data sets ready now, it’s already too late.

Evitar penalizações do SLA do centro de dados com um CMMS

In this article, we’ll explore what data integrity means in relation to EU GMP compliance, how inspectors assess data integrity, and nine compliance gaps many plants miss. Then, we’ll explore the best strategies and tools for improving compliance.

What is data integrity and why does it matter for EU GMP compliance?

In the context of GMP compliance, data integrity is the accuracy and consistency of all data and documentation created while testing, manufacturing, packaging, distributing, and/or monitoring medicines in the EU.

Regulatory authorities use data records to assess medicines for effectiveness, safety, and quality. That’s why data integrity is so important; to facilitate evidence-based decision-making, all data must be sufficiently clear and organized.

EudraLex, the official compilation of EU regulations and guidelines for medicinal products, states that data integrity requires plants to use a Quality Management System (QMS) — a formalized system of processes, documents, and responsibilities related to quality control. With so many types of data, most manufacturers rely on software tools to manage collection, storage, and organization.

ALCOA+ and data integrity basics

Most maintenance and quality teams are familiar with the Attributable, Legible, Contemporaneous, Original, Accurate (ALCOA) principles of data integrity:

  • Attributable (A): Each task and its associated data are clearly linked to the individual who performed the task.
  • Legible (L): Either humans, computers, or both can read and interpret the data, which is permanently retained.
  • Contemporaneous (C): Real-time data is created when the task is performed.
  • Original (O): Data stays in its original format, except for verified copies that preserve content and meaning.
  • Accurate (A): Data is a truthful record of the task performed (which includes ensuring all tools and equipment produce accurate records).

The U.S. Food and Drug Administration (FDA) first developed ALCOA in the 1990s. But in the 2010s, the FDA added additional principles:

  • Complete: Data is presented in its entirety with no omissions.
  • Consistent: Documentation is orderly and organized chronologically.
  • Enduring: Organizations retain data for the required duration of time in a sufficiently durable medium (which may vary among regional regulatory authorities).
  • Available: Documentation is always readily accessible.

The updated version encompassing these new principles is called ALCOA-CCEA, or ALCOA+.

And since 2023, according to the International Society for Pharmaceutical Engineering (ISPE), experts have discussed adding another + to expand upon completeness and availability:

  • Traceability: Data storage conditions, reviews, and revisions are clearly tracked.

Traceability is already a requirement outlined in Chapters 1, 5, and 8 of Part I of EU GMP. While it hasn’t been part of ALCOA+ to date, a recent revision of EU GMP Chapter 4 formally introduces Traceability in a forthcoming update known as ALCOA++.

How GMP inspectors assess data integrity compliance: assumptions vs. reality

To stay compliant, it’s not enough to simply keep the right documentation and follow ALCOA+ principles. To earn your GMP certificate, you must meet all applicable regulations and directives for your products’ use cases: human use, veterinary use, and/or investigational medicinal products.

But many plants make assumptions about what regulatory compliance inspectors look for — assumptions that differ from inspectors’ true goals.

Completing and documenting maintenance tasks

  • Assumption: Completing and documenting all scheduled tasks is sufficient.
  • Reality: Inspectors want to know why you conduct specific PM tasks, how often (and why you chose that frequency), how you assess criticality, what process you use to evaluate the relevance and importance of your PM procedures, and how often you audit your procedures — in other words, it’s not just the “what” and “when,” but the “why” and “how” that matter.

Adapting processes

  • Assumption: If techs complete and document all tasks, it’s ok to modify checklists and processes across teams or locations.
  • Reality: Consistency is key; even minor deviations can affect quality, safety, and integrity, compromising control and compliance.

Establishing audit trails

  • Assumption: Audit trails equal data integrity.
  • Reality: Data integrity requires secure storage, access control, and regular review — meaning even accurate and complete audit trails can lack integrity.

Using a CMMS/ EAM for quality management

  • Assumption: Using CMMS/ EAM software guarantees compliance.
  • Reality: Your CMMS/ EAM can help store and organize data, but it’s only as compliant as your data management processes. You must follow, review, revise, and document changes to those processes to stay compliant.

Inspectors will audit your data and recordkeeping systems, but integrity doesn’t end there. Inspections also evaluate user behaviors, decisions, and proof of process control.

9 compliance gaps many teams miss

To prepare for pharmaceutical GMP compliance inspections, you need to look beyond the production line. Many organizations focus on supplies, production, safety, and quality assurance testing, but overestimate their maturity in other areas.

  1. Non-compliant organizational charts or team qualifications: Inspectors review organizational charts (org charts) to evaluate team size, experience, and qualifications. They also require documentation of the roles and responsibilities of each team member. Without this, the integrity of your operations, procedures, and data all becomes questionable.
  2. Inadequate training: Plants must train new team members on their QMS as well as role-specific duties, while existing personnel should receive regular on-the-job training. Teams must document all training, and department heads must routinely assess training programs for efficacy. Insufficient training programs demonstrate a potential inability to preserve data integrity.
  3. Subpar facility maintenance: With considerable care taken during manufacturing and quality control processes, many plants overlook proper maintenance. Schedule safety equipment inspections and replacements, maintain HVACs to regulate humidity and temperature, and keep facilities clean for safe, reliable operations. Ineffective facility maintenance compromises your production environment, affecting quality control.
  4. Poor equipment maintenance: Improperly maintained equipment can produce inconsistent, low-quality, or even unsafe products. Additionally, equipment failure and breakdowns impact uptime and can even compromise team safety. So be sure to clean, calibrate, and maintain all equipment — and document every task. Without proper maintenance, equipment may malfunction, rendering even automatically generated data unreliable.
  5. Absent documentation of maintenance processes: GMP inspectors evaluate much more than just the quality and safety of manufactured drugs. Process documentation is a core element of GMP, and that includes maintenance strategies and procedures. Keep clear, updated documentation of all maintenance processes to stay compliant. Without it, you can’t prove your adherence to — or rationale behind — standard processes.
  6. Insufficient calibration and maintenance records: Strict calibration standards protect end users from inconsistent and unsafe products. Not all teams store calibration records alongside maintenance records, posing availability challenges that compromise data integrity. Centralize calibration and maintenance records within your CMMS/ EAM software to improve consistency, availability, and overall compliance.
  7. Failure to conduct internal audits: Formal GMP inspections aren’t the only audits required. Manufacturers must conduct, track, and establish documented procedures for internal inspections and audits, too. This includes inspection of all facilities, assets, tools, processes, documentation, and employee certifications. Most plants must conduct these audits annually, at minimum.
  8. Non-compliant electronic recordkeeping: EU GMP Annex 11 regulates computerized documentation systems and software to deliver accurate, secure, and traceable records that assist with quality control. To stay compliant, plants must conduct internal risk-based audits of these systems and their most critical data sets.
  9. Lack of software validation or revalidation: Plants using an unvalidated CMMS as their Quality Management System (QMS) may be non-compliant due to security and documentation issues, including electronic signature controls. Each time your CMMS updates, you must revalidate. Even with otherwise perfect documentation, if inspection reveals unvalidated software, you may have trouble passing audits.

How to strengthen compliance before your next inspection

Are you prepared for your next audit? Along with any deviations or deficiencies identified in your last inspection, follow these practical steps to improve your plant’s compliance.

Measure processes and workflows against compliance requirements

It’s not enough for your processes to work well. If they don’t meet GMP requirements, you won’t pass inspection. GMP requires regular process reviews and updates, so take this opportunity to make any outstanding improvements based on best practices, team feedback, and current GMP guidelines.

Standardize documentation and audit trails

An entire chapter of EudraLex is devoted to documentation, and for good reason. Effective documentation proves data integrity. Capture, store, organize, and update all work orders, inspections, and other records in a centralized system. Any systems or tools used must meet standards for data security, provide traceable audit trails, and link electronic signatures with date and time stamps. Augment your QMS with simple yet robust software tools that reduce manual work and improve compliance.

Prioritize asset performance

Reliable, efficient equipment doesn’t just help you pass inspections — it increases productivity and profitability. Implement proactive maintenance strategies, including predictive maintenance, to minimize downtime through potential failure detection. Use integrated sensors, tools, and software to track asset health in real time, improving reliability and integrity.

Adopt software that simplifies compliance

A computerized maintenance management system (CMMS) or enterprise asset management system (EAM) can collect data from on-site equipment sensors and field tools, match it to active work orders and historical data, and prioritize maintenance work. Some tools even generate real-time alerts and automated work orders in response to potential failure detection.

How eMaint supports EU GMP compliance

EU GMP compliance is complex, and software-specific regulations such as Annex 11 can add to the confusion. But with built-in dashboards, comprehensive audit trails (including compliant e-signatures), and customizable access controls, eMaint keeps your data clear, complete, and compliant.

Think a CMMS/ EAM is too complex for your team? eMaint offers training programs for smooth, efficient onboarding — and even provides validation support.

Chat with an eMaint specialist to schedule a demo and get started today.