scope:

This Technical Report provides guidance for collecting and using data throughout the data life cycle, in both paper and electronic format. This guidance is applicable for the implementation of data integrity processes for organizations of any type, size, or complexity. Data integrity principles apply to data related to product-based and service-based businesses (e.g., management consulting, engineering, metrology, maintenance and repair, healthcare, finance) and across functions and operational applications. This guidance is applicable across the quality discipline and in all industries.

Data integrity as a principle has universal application; therefore, the concepts, case examples, tools and techniques provided are all structured to apply in many scenarios. For example, data integrity principles apply to:

• data developed under a quality management system, such as ISO 9001 or good manufacturing practices;

• the product or service development life cycle, from research and development to commercial applications, particularly where patent applications may be made; and

• information management, ranging from personal records to professional communications.

Out of Scope

While data integrity commonly related to some of the topics listed below as out of scope, this guidance is not intended to prescribe standards in these areas. It is incumbent upon the reader to understand relevant rules and regulations for your industry, and the discreet requirements of each. Additional resources are provided for reference.

• Calibration: This topic remains relevant to the management of measuring instruments against industry-defined standards. For additional reading, see ISO/IEC 17025, General requirements for the competence of testing and calibration laboratories other calibration-related standards.

• Data ethics: This topic remains relative to organizational, cultural, and other factors and expectations may evolve over time. For additional reading, see the Data Ethics Canvas by the Open Data Institute.

• Facility security: Requirements related to general facility security, or specifically to Facility Security Officers (FSOs).

• Systems architecture: This topic evolves rapidly with the advancement of related technologies. Data integrity should be considered in the context of the organization's plans for information technology.

• Sampling plans (audit): This topic may be considered more broadly in the context of the organization's plans for risk management. For additional reading, see ISO 19011 - Auditing Management Systems.

Interpretation and Structure of this Guidance

The concept of data as an asset is one that continues to evolve and mature, with data integrity playing a significant role in the value of that asset. Data integrity may be best described by the principles defined in the acronym "ALCOA+" (see Figure 1) and implemented through the Plan-Do-Check-Act (PDCA) management cycle (see Figure 2).

One core principle is that data integrity is developed, not delivered. Data integrity is the product of a variety of conditions throughout the data life cycle, rather than the result of a single activity applied only once (e.g., implementation of a policy or response to audit results). Effective data integrity may be measured, for example, through the management cycle of Plan-Do-Check-Act (PDCA), see Figure 2. The PDCA management cycle implies the evolutionary nature of data integrity and reinforces the concept of continuous improvement that is fundamental to data integrity. Other cycles such as PDSA (Plan-Do-Study-Act) may be used.