Life Sciences Expertise

Data Integrity in Life Sciences


The extent to which all data are complete, consistent, and accurate throughout the data lifecycle.

Your data is the lifeblood and most valuable asset in your organization. How you access it, store it, move it, and back up and archive it, is all part of your data management and data integrity strategy.

The integrity of data generated by highly regulated life sciences companies is critical, because properly recorded information is the basis for manufacturers to assure product quality, safety and efficacy prior to product approvals and subsequently placing them onto the markets for human use. Data Integrity is also important for quality control procedures during manufacturing to ensure patient safety. As global regulatory focus on Data Integrity increases, companies that fail to comply may face penalties ranging from public warning letters to criminal charges and product removal from the marketplace.

At USDM Life Sciences, we know that data integrity and data management are critical elements of your quality system. We can assess your current data integrity system and provide a tailored improvement plan to build a data integrity program that fits with your company’s risks and priorities. This plan will address data integrity policies, training, and culture, and ensure that your quality system is fully integrated with best practice data integrity principles from supplier quality to internal audits to management review.

Compliant Data Management Solutions for Your Life Sciences Organization

Every company needs a data governance strategy to manage their many repositories and silos, but it is especially important for highly-regulated life sciences companies that face challenging regulatory requirements. From R&D and clinical trials to all the many IT systems deployed across an organization, Quality, Clinical, and IT teams must securely manage and control their data.

Specifically, 21 CFR Part 11 says that if you choose to use a computer system to maintain, create, or modify records required by the predicate rules, then you must do certain things to control those records. If you choose to use eSignatures, you must comply with the requirements in this regulation.

Digital Signature Collection and Storage

The intent of Part 11 is to maintain accountability and traceability of your electronic records, including eSignatures. In part, it asks:

  • Is system access restricted to authorized individuals?
  • Are authority checks used to ensure that only authorized individuals can access the system, electronically sign a record, alter a record, and perform an operation?
  • Do signed electronic records contain the name of the signer, date and time of the signature, and meaning of the signature (i.e., review, approval, responsibility, authorship, etc.)?
  • Does the system provide transaction safeguards to prevent unauthorized use of passwords and/or identification codes?
  • Can the system immediately and urgently detect and report attempts of unauthorized use to the system security unit and organizational management?
  • Are audit trails built into the system?

USDM Life Sciences has extensive processes, SOPs, and thorough checklists to ensure that you follow the guidelines accurately. We can also help you build a data integrity program that fits with your company’s risk tolerance and priorities. We can help you with:

  • Assessing and detecting areas of risk
  • Remediation of risks
  • Building a governance structure
  • Defining a strategy for compliance
  • Training and communication

Contact us to establish a data integrity program appropriate for your organization.

Audit Trails and FDA Compliance

An audit trail consists of records that show who has accessed a computer system, when it was accessed, and what operations were performed. Records or data entered into a Quality Management System (QMS) have specific requirements for tracking and traceability, and no one should be able edit the information without traceability or overwrite the information. Altered records have requirements to know who edited the records and for what reason. All created, modified, or deleted records must be retained and traceable to the user responsible with a timestamp and version history so that previous versions can be viewed. Event logs are not enough to satisfy the needs of 21 CFR Part 11, unless they display the required information.

Read our Complete Guide to Part 11 for more information.

GxP Compliant Cloud Data Software and Training

When choosing a software solution that will contain regulated GxP data and records, it must meet 21 CFR Part 11 requirements. Many software development vendors in the life sciences space have functionality specifically for compliance with Part 11 requirements. USDM has worked with many of these vendors (e.g., DocuSign, Adobe Sign, and others), so you can be sure your eSignature capabilities are based on business process best practices. USDM also offers GxP many training courses to help your teams learn the regulations and we can provide organizational change management training to help your teams learn to use your cloud technologies correctly and minimize risk.

Ready to discuss your data management strategy?

Related Services


USDM has experienced staff who will help you meet FDA expectations for good cybersecurity practices such as preventing unauthorized user access and maintaining data confidentiality.

Unique Device Identification (UDI)

UDI regulatory compliance solutions for the medical device industry, including EU MDR and IVDR readiness, assessments of supply chain and regulatory activities, and more.

Compliance Training

USDM has customized training programs to educate internal teams or external partners and to help you stay current with the rapidly changing regulatory landscape.

Resources that might interest you

USDM Thought Leaders