Data Integrity and Computerized Systems in EAEU GMP — ALCOA+ Requirements Under Recommendation No. 25
In recent GMP inspections, questions about data have shifted. An inspector no longer simply checks whether a batch release log exists and is signed. Now they ask: who had access to the system, whether the audit trail can be disabled, and who has the right to change system time. Many manufacturers were unprepared for this, because prior to the adoption of specific guidelines, data management requirements in the EAEU (Eurasian Economic Union) were fragmented across multiple documents.
Recommendation of the Board of the Eurasian Economic Commission No. 25 dated September 19, 2023 «On the Guideline on Data Integrity Assurance and Validation of Computerized Systems» (hereinafter: Recommendation No. 25) changed this situation. For the first time in the EAEU, manufacturers received a consolidated answer to the question of what exactly «data integrity» means in the context of Good Manufacturing Practice (GMP).
This article breaks down how the Guideline works, what it requires from manufacturers in practice, and where non-conformances most frequently arise.
Why a Separate Guideline Was Needed
Prior to the adoption of Recommendation No. 25, the primary document on computerized systems in the EAEU was Annex No. 11 to the Rules of Good Manufacturing Practice (Decision of the EEC Council No. 77 dated November 3, 2016, hereinafter: the EAEU GMP Rules). The Annex covered validation, audit trails, access management, and archiving, but focused specifically on electronic systems, leaving paper records to the general provisions of GMP.
In practice, each manufacturer developed their own approach: what constitutes an «original record,» how to correct paper documents, and how detailed an audit trail must be. During supranational inspections, this created discrepancies — inspectors from different member states assessed the same systems differently.
Recommendation No. 25 consolidated the practices of PIC/S (Pharmaceutical Inspection Co-operation Scheme), WHO, the British regulator MHRA, and industry organizations ISPE and PDA, adapting them to the legal framework of the EAEU. Formally, the document remains a recommendation. In practice, inspectors across the member states use it as a direct benchmark for GMP compliance assessments, which is stated in the Guideline itself: its principles are aimed at enabling «inspectors to determine and fully rely on the accuracy and completeness of the evidence presented to them.»
ALCOA+: Nine Requirements for Any Data
The Guideline defines «data integrity» as the degree to which data are complete, consistent, and accurate throughout their entire lifecycle. The assessment framework is built on the ALCOA+ principle.
The ALCOA acronym stands for: Attributable, Legible, Contemporaneous, Original, and Accurate. The «+» adds four further requirements: Complete, Consistent, Enduring, and Available. The principle applies equally to paper and electronic records: «The principles apply to both media.»
Below are the elements that most frequently raise questions during inspections.
Attributable (Traceability). Any record must identify the specific person who performed the action and the exact time. Generic login credentials are explicitly prohibited: «Generic passwords… must be prohibited.» This applies to all systems, including Laboratory Information Management Systems (LIMS), Chromatographic Data Systems (CDS), and instruments with user settings such as Karl Fischer titrators, UV spectrophotometers, and refractometers.
Contemporaneous (Timeliness). Data must be recorded at the time the action is performed. Reconstructing records «from memory» at the end of a shift, or making retrospective entries, constitutes a non-conformance. The greatest challenge lies with equipment that does not technically record timestamps in real time. In such cases, the Guideline permits a paper logbook with manual time recording, but only where there is documented justification.
Original (Authenticity). For electronic data, the original record is the electronic file with its metadata, not a paper printout. If the data were first generated in a dynamic format (for example, a chromatogram that allows reprocessing), they must be stored in that exact format. Converting to PDF for «archival storage» without retaining the original electronic file does not comply with the requirements.
Enduring (Sustainability). Data must be preserved throughout the full retention period in a reliable format. The Guideline specifically addresses legacy systems: if a manufacturer plans to decommission a system, they must decide in advance how to ensure the availability of archives. The two typical approaches are virtual environments and migration to current formats.
| Criterion | What the inspector checks | Typical non-conformances |
|---|---|---|
| Attributable | Unique logins, signatures, timestamps | Generic passwords, working under another user’s account |
| Legible | Readability over the retention period | Thermal paper, faded ink |
| Contemporaneous | Match between recording time and action time | Records made from memory, retrospective corrections |
| Original | First record preserved and accessible | Deleting the electronic original after printing |
| Accurate | Data reflect actual results | Trial injections in chromatography without recording |
| Complete (+) | All data preserved, including deviations | Deleting out-of-specification results |
| Consistent (+) | Continuity of the documentation process | Gaps in the chronological record |
| Enduring (+) | Reliable medium for the entire retention period | Degrading storage media without monitoring |
| Available (+) | Accessible for inspection at any time | Archives that cannot be opened |
Paper, Electronic, and Hybrid Records
The Guideline provides detailed regulation of paper records, which sets it apart from its predecessor. Paper documentation remains widespread across EAEU manufacturing sites, while previously, the requirements covering it were far less specific than those for electronic systems.
For paper systems, several mandatory rules apply. All blank forms receive a unique identification number and are issued under controlled conditions. Empty fields must be crossed out, dated, and signed to prevent data entry after the fact. Corrections are made with a single strikethrough (so the original entry remains legible), accompanied by the reason for the change, a signature, and a date.
The Guideline divides electronic systems into several types. For simple devices without internal memory, such as balances or pH meters with a printer, their printouts constitute the original records. Systems with limited, overwriting memory require periodic data extraction before the buffer is overwritten. Complex systems with dynamic data — LIMS and CDS — store information electronically with a full audit trail.
Hybrid systems, where both paper and electronic records are maintained simultaneously, require a clear answer to one question: which record is considered primary in case of discrepancy? The answer must be defined in Standard Operating Procedures (SOPs).
Inventory, Categorization, and Validation of Systems
The central section of the Guideline covers the validation of computerized systems. Its structure is based on the categorization from the GAMP «Good Automated Manufacturing Practice» guide developed by the International Society for Pharmaceutical Engineering (ISPE). Unlike the classical four-tier scale, the Guideline uses categories 1, 3, 4, and 5; category 2 is not present.
| Category | System Type | Examples |
|---|---|---|
| 1 | Infrastructure software | Operating systems, DBMS, antivirus software |
| 3 | Non-configurable | Instrument firmware, off-the-shelf tools |
| 4 | Configurable | LIMS, ERP, CDS, SCADA, Excel with formulas |
| 5 | Custom | Bespoke software, macros, in-house developments |
The volume of validation documentation increases with the category. Category 5 systems require a full lifecycle: User Requirements Specification (URS), functional and configuration specifications, Installation Qualification (IQ), Operational Qualification (OQ), Performance Qualification (PQ), and a traceability matrix. For category 4 systems (LIMS, CDS), the approach is similar, with a focus on configuration testing.
There is a point here that is regularly overlooked: supplier documentation does not replace the manufacturer’s own validation. The Guideline explicitly states that «the use of validation data from the system supplier in isolation from its specific configuration and intended use is unacceptable.» Supplier documents are treated as supporting material that may reduce the scope of the manufacturer’s own testing, but cannot substitute for it.
Audit trail. The system must automatically record the creation, modification, and deletion of records, specifying who performed the action, what was changed, when, and why. The audit trail must remain permanently enabled and must not be accessible for disabling by general users. Operators must not have the right to change system time.
The frequency of audit trail review is determined by risk. For data that directly inform the batch release decision, a review must be performed every time those data are used.
Segregation of duties. System administrator rights must not be granted to employees who create, review, or approve data within the same system. In smaller organizations, where a single IT specialist covers multiple roles, this structural requirement is often the most difficult to satisfy.
Outsourcing and Cloud Services
The regulated company remains responsible for the integrity of all data, including data processed by contractors or stored in cloud services. The Guideline states this directly: «In the event of outsourcing of one of the processes, the organization… remains responsible for the integrity of all reported results, including results presented by any outsourced organization.»
For contract laboratories and manufacturing sites, a quality agreement is required, with specific data integrity provisions — including an obligation to immediately notify the client of any failures. Audits of the contractor must cover the assessment of their data management systems, not only their technical processes.
Cloud systems in SaaS (Software as a Service), PaaS (Platform as a Service), or IaaS (Infrastructure as a Service) models are classified as categories 4 or 5. The regulated company must conduct a vendor assessment before the system goes live, enter into a Service Level Agreement (SLA), and confirm that data (including audit trails and metadata) will be available to the regulator upon request. The contract must also address the fate of data following termination of the arrangement with the provider.
What to Do
Compile an inventory of all computerized systems. For each system, record: its name and version, its GAMP category (1/3/4/5), its current validation status, and its GMP impact assessment. Without this list, a realistic risk picture is not possible.
Conduct a data integrity risk assessment by process. The Guideline recommends the DIRA (Data Integrity Risk Assessment) approach: assessments are organized by process — production, laboratory control, distribution — rather than by system. For each process, the extent to which data influence product quality and their vulnerability to manipulation are evaluated. The output is a prioritized list for resource allocation.
Verify audit trails in category 4 and 5 systems. Confirm they are enabled, protected from disabling by personnel, and capture who performed the action, what was changed, when, and why. If a system does not support a full audit trail, develop a documented interim alternative using a paper logbook.
Eliminate generic user accounts. Every employee must log in under their own unique credentials. Verify this across all GMP systems: chromatographic software, pH meters with user profiles, and spreadsheets containing calculation formulas.
Review contracts with contractors and cloud providers. Include specific data integrity provisions in quality agreements. Confirm that IT provider contracts ensure access to data and audit trails upon regulator request, including after the termination of the relationship.
Manufacturers who treat Recommendation No. 25 as just another framework document risk receiving observations at their next GMP inspection. The Guideline lays out specific inspector expectations in concrete terms: from the format of corrections in a paper logbook to the structure of access rights in a LIMS. Those who align their systems accordingly also reduce internal risks of data manipulation.
Regulatory Framework:
1. Recommendation of the Board of the Eurasian Economic Commission No. 25 dated September 19, 2023 «On the Guideline on Data Integrity Assurance and Validation of Computerized Systems»
2. Decision of the Council of the Eurasian Economic Commission No. 77 dated November 3, 2016 «On the Rules of Good Manufacturing Practice of the Eurasian Economic Union» (Annex No. 11 «Computerized Systems»)