Lugan Consulting


The pharmaceutical industry has to ensure a constant quest for quality in an ever-changing regulatory environment. To achieve this, the generation of electronic data has become an inevitable solution, and one that has been implemented in many organisations. Data servers, clouds… the practicality and time-saving benefits of digital technology are major advantages that promote functional quality systems. But like all developments, there is a corollary that must not be overlooked: data integrity. This has become a major security issue for pharmaceutical organisations. Find out below about the different phases you need to consider in order to achieve compliance and take the first steps in your data management policy.


Data integrity in the pharmaceutical industry is closely linked to Good Manufacturing Practice (GMP) and the GxP environment, encompassing Good Manufacturing Practice (GMP), Good Laboratory Practice (GLP) and Good Distribution Practice (GDP). These standards govern the processes and systems used in the production and distribution of medicines, guaranteeing their quality and safety. In France, compliance with these standards is mandatory under the Public Health Code, in particular articles L. 5111-1 and R. 5121-114, on pain of severe penalties and repercussions for the company’s reputation.

As a reminder, you will find below a summary of the regulatory texts on data integrity in the pharmaceutical industry:


What are the implications of non-compliance in terms of data integrity?

Failure to comply with the regulatory texts on data integrity in the pharmaceutical industry obviously entails its share of sanctions: warnings, injunctions, withdrawal of marketing authorisations and criminal proceedings. It also has collateral consequences that I leave to you to assess:

  • risks to public health ;
  • economic repercussions
  • damage to the company’s reputation.


Compliance requires a collaborative approach, involving various stakeholders such as quality, IT and possibly legal teams. A project manager with data-integrity expertise is essential to structure the efforts and guarantee the effectiveness of the actions undertaken. A typical team dedicated to data integrity could be made up as follows:

  • Quality manager: This professional is responsible for overseeing the entire compliance process and ensuring that standards and regulations are respected. He or she is the guarantor of data quality and works closely with other team members to coordinate actions and initiatives.
  • IT Manager: responsible for selecting, implementing and maintaining the IT systems needed to manage and protect data. They must ensure that these systems comply with security and confidentiality standards.
  • Regulatory expert: This professional has in-depth knowledge of the legislation in force in the pharmaceutical industry. They advise the team on regulatory requirements and ensure that all actions taken comply with these standards.
  • Training Manager: Staff awareness and training are essential for the successful implementation of new processes and systems. The Training Manager is responsible for designing and delivering programmes tailored to each level of the organisation.
  • Operational team members: In addition to the key players mentioned above, the project team may also include staff from different departments within the company, such as production, clinical procedures, research and development, etc. Their sector expertise and knowledge of the new processes and systems is essential for the success of the project. Their sector expertise and knowledge of specific business processes are invaluable in identifying the data integrity needs and challenges in their respective areas of activity.


An in-depth understanding of the flow of data is needed to identify points of vulnerability and implement appropriate controls. The dematerialisation of documents can facilitate this understanding by making data more accessible and more easily traceable, but it is important to know how it is organised and classified. The first steps to be taken are therefore to :

  • Mapping data flows throughout the organisation to understand how data is generated, stored, transferred and used.
  • Identifying critical points in the data flow where additional control measures may be required to ensure data integrity.
data integrity : steps to compliance
Steps to compliance of data integrity


La sécurité des données est un aspect critique de la gestion de l’intégrité des données. Cela comprend à la fois la sécurité physique des infrastructures et des supports de stockage, ainsi que la sécurité logique pour contrôler l’accès aux systèmes et aux données. Les mesures de sécurité doivent être robustes pour prévenir toute altération ou accès non autorisé aux données, et des plans de continuité d’activité doivent être établis pour garantir la disponibilité des données en cas d’incidents ou de sinistres. Votre plan doit ainsi prévoir d’effectuer un inventaire des systèmes informatiques et des processus associés. Il conviendra de s’assurer qu’ils sont conformes aux normes de qualité et de sécurité. Ensuite, il faudra identifier les lacunes potentielles dans les systèmes et proposer des solutions pour les corriger et améliorer l’intégrité des données.


LUGAN CONSULTING has established expertise in the field of Data Integrity. By delegating this task to us, you can ensure that your data is compliant with regulatory requirements.


Some data is more critical than others and deserves special attention in terms of protection. An in-depth analysis of the criticality of data enables you to prioritise actions and concentrate efforts where they are most needed. For example, you could start by assessing the criticality of data in terms of its impact on the quality of pharmaceutical products and on patient safety. Then prioritise data governance efforts by focusing on the data that is most critical to the business.


A systems audit is based on a number of principles, including the ALCOA + principle. ALCOA + is an extension of the ALCOA principle, which stands for Attributable, Readable, Complete, Original and Accurate. It addresses the complementary concepts of Integrity and Traceability. This framework provides essential guidelines for ensuring the quality and reliability of data throughout its lifecycle, from creation to archiving.

Identifying deviations from the ALCOA+ principle involves an in-depth analysis of the processes and practices in place, highlighting any potential shortcomings in terms of attribution of data to its source, legibility, completeness, originality, accuracy, integrity and traceability. Gaps can be identified through audits, documentary reviews and assessments of the IT systems used to collect, store and manipulate data.

Once the gaps have been identified, a remediation plan needs to be implemented. This remediation plan aims to correct the shortcomings detected and to reinforce the integrity of the data. It may include actions such as updating procedures and protocols, training staff in good data management practices, and improvements to IT systems to ensure that data is collected, analysed and stored in accordance with ALCOA+ requirements.


Drawing up a detailed action plan is essential for implementing the measures needed to guarantee data integrity. In particular, it will be used to assign specific responsibilities and deadlines for each action in order to monitor progress and ensure that objectives are met.

Another important aspect is the behaviour of employees and managers with regard to data integrity management. It is vital that the company’s management actively supports data integrity initiatives and encourages an open culture where employees can report problems without fear of reprisal. Employee training and awareness of the importance of data integrity and the best practices to follow are also essential to ensure compliance and vigilance.


By following this plan, a pharmaceutical company can develop an effective strategy for managing data integrity and ensuring regulatory compliance throughout its lifecycle. In the long term, it will be sufficient to :

  • Putting in place monitoring and follow-up processes to ensure that practices and systems remain compliant with regulatory requirements.
  • Conduct regular internal audits to identify potential deviations and take appropriate corrective action to maintain compliance.

Implementing a data integrity management system as part of a pharmaceutical company’s quality system requires a holistic and integrated approach. By combining clear policies, thorough risk analyses, robust security measures and a corporate culture focused on transparency and accountability, companies can ensure regulatory compliance and maintain the quality and integrity of their data throughout its lifecycle. LUGAN CONSULTING has the expertise and tools to help you implement your data integrity policy, save you time and ensure that your strategy is compliant.