5 Top Tips for Strengthening Data Integrity

Article By Michelle Yeomans, EPiC Operations Manager

Ensuring robust Data Integrity (DI) remains one of the most critical, and stubbornly challenging aspects of GMP compliance. Despite more than a decade of regulatory guidance, industry alerts, and global alignment on ALCOA+, organisations are still seeing recurring DI findings, from poor record keeping to critical deficiencies for falsification.

Below are EPiC’s Top Five Tips to help ensure your organisation is not only compliant today, but ready for what’s ahead.

The tips are drawn from the wealth of experiences shared during EPiC’s 2025 GMDP virtual symposium by David Thompson, DI and CSV Expert and EPiC Consultant.

Best Practices to Strengthen Data Integrity

1. Build Data Integrity into the Fabric of Your PQS

• Map DI requirements directly into SOPs, URS documents, validation plans and project lifecycles.
• Add DI as a standing agenda item in Senior Leadership Team, Quality Council and departmental meetings.
• Ensure dashboards track metrics such as documentation errors, audit trail review performance and backup/restore outcomes.

2. Prioritise Senior Management Ownership and Accountability

One of the most persistent weaknesses across the industry is limited senior management involvement. Effective DI cannot be delegated without authority, resources or decision making power.

• Define DI leadership roles: DI Owner → SME → Site Leads → Department Leads.
• Use Gemba walks and real-time observation to reinforce quality culture.
• Ensure leaders openly support DI reporting without blame or pressure to “hit numbers”.

3. Strengthen Competency

Many DI SMEs are appointed but not developed. With evolving guidance, cloud solutions, virtualisation, and now AI, expertise must also evolve, requiring ongoing investment in training and development.

• Develop a structured training plan for DI SMEs, including risk management, CSV, AI considerations and regulatory updates.
• Encourage participation in GAMP CoP events and cross industry learning forums.
• Evaluate SME competency during audits — “How do you stay current?” should be a standard question.

4. Implement DI by Design – Not DI by Chance

Whether deploying a new system or enhancing existing tools, the goal must be full compliance on Day 1. Too often, organisations implement systems with known gaps and rely on workarounds that later become entrenched.

• Reverse engineer DI questionnaires into system documentation.
• Use DI as a core workstream in project implementation lifecycles.
• Apply ALCOA+ across both paper and electronic processes consistently.

5. Prepare Now for Regulatory Change – Especially AI and Risk-Based Governance

EU GMP Chapter 4, Annex 11 and the new Annex 22 (Artificial Intelligence) mark the most significant shift in DI expectations for over a decade.

• Much stronger emphasis on risk-based approaches
• Explicit requirements for Data Governance Systems
• More prescriptive detail for validation, cybersecurity, Identity and Access Management (IAM), backup & archiving
• New guidance for static AI/ML systems and organisational AI governance structures

• Conduct a gap assessment against consultation drafts to demonstrate intent.
• Establish organisational AI roles (AI Owner, AI SME) and policies.
• Update your DI and CSV strategy to incorporate AI, cloud resilience and emerging technology.

Conclusion & Key Takeaway