ALCOA+

What ALCOA+ means

ALCOA+ is the data integrity framework used by global regulators to evaluate whether a GxP record is trustworthy. It extends the original ALCOA framework with four additional principles, giving nine in total: Attributable, Legible, Contemporaneous, Original, Accurate, plus Complete, Consistent, Enduring, Available.

It's media-neutral. The same nine principles apply to paper logbooks, hybrid systems, and fully electronic records like those generated by LIMS, MES, ERP, chromatography, and eQMS platforms. They apply across the full data lifecycle, from generation through retention and eventual destruction.

ALCOA+ isn't itself a regulation. It's the diagnostic test inspectors apply to assess compliance with predicate-rule data integrity expectations: 21 CFR §211.68(b), §211.180, §211.194; 21 CFR Part 11; EU GMP Chapter 4 and Annex 11; ISO 13485 §4.2.5; the data integrity guidance from MHRA, FDA, WHO, and PIC/S.

Why ALCOA+ became the centre of regulator inspections

Data integrity findings have dominated FDA 483 observations and MHRA inspection findings for over a decade. MHRA's 2014 data integrity findings and FDA's chromatography enforcement actions from 2015 onward produced hundreds of warning letters citing data integrity failures. Inspectors began applying ALCOA+ explicitly as a diagnostic framework because it gave them a structured way to articulate what was wrong with a record.

The shift from ALCOA to ALCOA+ tracks the broader regulator concern with the full lifecycle of a record. Records that look correct at the moment of capture can still fail Complete (missing metadata or audit trail), Consistent (chronological gaps or re-ordered events), Enduring (degraded or unreadable after migration), or Available (retrievable in principle but not in inspection-relevant time).

Inspector perspective: inspectors rarely announce that they're applying ALCOA+. They ask plain questions: who recorded this, when, where's the raw data, show me the audit trail. The principles are the framework behind those questions, and a record that can't answer them cleanly will struggle regardless of how compliant the surrounding SOPs look.

Where ALCOA+ appears in current guidance

ALCOA+ is referenced explicitly in modern data integrity guidance from every major regulator. The documents that come up in findings:

• MHRA 'GxP' Data Integrity Definitions and Guidance for Industry (March 2018, updated September 2021) — uses ALCOA+ throughout; the most-cited single document on the topic
• PIC/S PI 041-1 (July 2021) — built around ALCOA+; the most detailed regulator-aligned interpretation
• WHO TRS 1033, Annex 4 (2019) — applies ALCOA+ to both paper and electronic records across the lifecycle
• WHO TRS 996, Annex 5 (2016) — earlier WHO data integrity guidance
• FDA Guidance: Data Integrity and Compliance With Drug CGMP — Q&A (December 2018) — references original ALCOA without the '+' explicitly; underlying expectations align
• 21 CFR §211.68(b) — predicate behind Attributable, Original, Accurate
• 21 CFR §211.180 and §211.194 — predicate behind Enduring and Available
• 21 CFR Part 11 — §11.10(e) audit trail underpins Attributable and Contemporaneous
• EU GMP Chapter 4 — EU predicate for all nine principles
• EU GMP Annex 11 — EU electronic-record predicate
• ISO 13485 §4.2.5 — control of records for medical device QMS

All nine ALCOA+ principles, explained

Each principle is a discrete test. A record satisfies ALCOA+ only when it satisfies all nine. The first five are the original ALCOA; the next four are the extensions.

• Attributable — every entry traceable to the individual responsible for it. Implication: unique accounts only, no shared logins, system-generated entries identified to the system. Failure pattern: shared 'lab' account used by an entire shift.
• Legible — the record is readable and understandable for its entire retention period. Implication: indelible media on paper, persistent display and export formats electronically, no obsolete file formats locked behind retired software. Failure pattern: scanned PDFs with faded ink or proprietary instrument files unreadable after software upgrade.
• Contemporaneous — the record is created when the activity happens, not back-filled. Implication: signature and timestamp captured at the action; reason-for-change required at the moment of edit. Failure pattern: lab results recorded on scratch paper and transcribed later.
• Original — the record is the first capture (raw data or certified true copy), not a transcribed derivative. Implication: instrument output is the original; manual re-keying breaks the chain. Failure pattern: chromatography results manually typed into a spreadsheet from a printout, printout discarded.
• Accurate — the record reflects the actual observation without alteration. Implication: calibrated instruments, validated calculations, reviewed before approval. Failure pattern: a value altered after the fact without audit trail or reason-for-change.
• Complete — the record includes all data and metadata for the activity, including repeat tests, reprocessing, audit trail entries. Implication: regulated record isn't just the result — it's the result with metadata, audit trail, supporting raw data. Failure pattern: only the final passing chromatogram retained.
• Consistent — internally and chronologically coherent. Implication: server-side timestamps, single time source, no out-of-sequence events. Failure pattern: audit trail showing approval signed before the record was created.
• Enduring — the record survives intact for the full predicate-rule retention period. Implication: storage media monitored and refreshed; format-migration tested; backups verified. Failure pattern: archived tapes unreadable when retrieved years later.
• Available — retrievable and producible for review or inspection on demand throughout retention. Implication: indexable storage, search, exportable format. Failure pattern: 'we'll need three weeks to retrieve that.'

What strong ALCOA+ implementations share

Programs that pass ALCOA+ at inspection don't rely on heroic effort at audit time — they have engineering and procedural controls that produce ALCOA+ records by default:

• Unique user accounts enforced — provisioning, deprovisioning, sharing prohibition embedded in IT plus HR offboarding
• Server-side UTC timestamps — single time source, NTP-synchronized; client clock can't be substituted
• Reason-for-change captured at the edit — typed reason before save; not optional, not back-fillable
• Audit trail non-disable and reviewed on cadence — engineering controls prevent bypass; SOP-defined periodic review
• Raw data preserved alongside results — instrument raw files retained, not just the final report
• No transcription of instrument output — automated transfer or documented secondary review for manual transcription
• Validated migration paths — system/media changes validated end-to-end
• Indexed retrieval — search by user, date, action, batch, product; minutes for inspection production
• Format-stable export — durable open formats (PDF/A, CSV, XML)
• Backup verification — periodic restore tests documented as controlled records

How Complere supports ALCOA+

ALCOA+ isn't a feature you bolt on. It's the test every record on your platform has to pass, every day, for the life of the record. Complere is built so the records your team creates and manages start out satisfying the nine principles, and stay satisfying them as the record moves through review, approval, change, and retention.

Every action on a regulated record — drafting, editing, approving, signing, closing — is captured at the moment it happens, tied to the individual who did it, stamped with a single server-side time source your auditor can rely on. When something is changed, the original value and the new value both stay in the history with the reason for the change written in at the edit, not back-filled later. Your records keep a complete, chronologically coherent story your team can reconstruct on demand.

Signatures carry the meaning the signer applied to the record — review, approval, responsibility, authorship — captured alongside identity and time. Roles decide who can apply which meaning, so the signature you see on a release record reflects the authority the person actually holds. Logins are individual to each user; the shared-account pattern that destroys Attributable simply isn't a way the platform can be set up.

When an inspector or internal reviewer asks for evidence, your team produces it in a human-readable form filterable by record, user, action, or date range. The audit trail, the signature history, the reason-for-change entries, the timestamps — all exportable, all readable, all on the same record they describe rather than scattered across separate log files. Records stay in your own dedicated space and never mix with another customer's.

The validation evidence Complere provides — VMP, URS, IQ/OQ/PQ documentation, and traceability matrix — is itself structured to satisfy ALCOA+, so your team starts with a documentation baseline that has already been reviewed against the nine principles rather than having to build that evidence from scratch.

What stays with your team is the discipline around the records: defining your review cadence, training your users on what an electronic signature commits them to, scoping retention to the predicate rules that apply to your business, and verifying the controls behave as expected at periodic review. Complere supports the nine principles in the platform; your quality program makes sure they hold up at the inspection.

Terms related to ALCOA+

ALCOA+ connects to many other quality concepts. Explore related terms to build a complete picture.

• Data Integrity — the broader concept; ALCOA+ is its operational test
• Audit Trail — the §11.10(e) and Annex 11 §9 control
• 21 CFR Part 11 — the predicate codifying e-record trustworthiness
• Document Control — controlled documents subject to ALCOA+
• Out of Specification — OOS investigations evaluated against ALCOA+
• Validation — validation evidence is itself subject to ALCOA+