Data integrity is often talked about in terms of systems, controls, and regulations. In reality, it’s about people, culture, and how day-to-day processes are carried out. Across GLP, GCP, GMP, and PV in clinical trials, the same patterns keep showing up – different domains, same underlying issues.
Below are 25 common data integrity findings that have led to regulatory inspections or review issues.
GLP (Good Laboratory Practice)
1. Incomplete or missing raw data – Original lab notebooks, electronic files, or chromatograms not available. (FDA, MHRA)
2. Data backdating or forward dating – Entry dates do not match actual experiment dates. (FDA)
3. Altered records without justification – Use of white-out, manual corrections, or electronic edits not logged. (FDA, EMA)
4. Non-compliance with SOPs for data capture – Deviations in method or instrument calibration not documented. (MHRA)
5. Electronic data system deficiencies – No audit trails, uncontrolled spreadsheets, or lack of user access controls. (EMA)
6. Missing study documentation – Protocol amendments, raw results, and study plans incomplete. (FDA, EMA)
7. Sample mislabelling or misidentification – Leads to unreliable study results. (MHRA)
GCP (Good Clinical Practice)
8. Source data discrepancies – Data in eCRFs does not match source documents. (FDA, EMA)
9. Unsigned or undated informed consent forms – Patients’ consent not properly documented. (MHRA)10.
10. Improper handling of adverse event reporting – Events missing or misclassified in trial records. (FDA)
11. Protocol deviations not documented – Leads to questions about trial validity. (EMA)
12. Unreliable electronic clinical trial systems – Lack of audit trails, user authentication, or data validation. (FDA, MHRA)
13. Inconsistent patient randomisation records – Randomisation logs incomplete or altered. (EMA)
14. Missing source documents for lab results – Only summary tables available, no raw data. (FDA)
15. Data entry errors and overwrites without trace – Manual corrections without audit trail. (MHRA)
16. Unverified electronic signatures – Signatures not properly controlled or authenticated. (FDA, EMA)
GMP (Good Manufacturing Practice)
17. Batch record discrepancies – Manufacturing or QC records incomplete or altered. (FDA, EMA)
18. Failure to maintain equipment calibration records – Leads to invalid product test data. (MHRA)
19. Data deletion in QC/analytical systems – Electronic systems allow removal of test results without trace. (FDA)
20. Incorrect raw material or product labelling – Data inconsistencies between logs and actual product. (EMA)
21. Deviation reports missing or inadequately documented – Root cause analysis incomplete or data falsified. (MHRA)
Pharmacovigilance (PV) / Safety Data
22. Incomplete or missing individual case safety reports (ICSRs) – Safety data not fully reported. (FDA, EMA)
23. Incorrect coding of adverse events – MedDRA coding errors or misclassification. (MHRA, FDA)
24. Uncontrolled electronic PV systems – Audit trails missing or not reviewed. (EMA, FDA)
25. Delayed or missing expedited reporting to regulators – Serious unexpected adverse events (SUSARs) not reported timely. (FDA, MHRA)
Key cross-cutting trends noted by FDA, EMA, MHRA
- Heavy reliance on electronic systems without proper 21 CFR Part 11 / EU Annex 11 / OECD Document 22 compliance.
- Backdated or altered records are a recurrent observation across all domains.
- Lack of staff training in data integrity principles contributes to missing or inaccurate records.
- Incomplete documentation is often found during inspection follow-up or dossier review.
- Audit trails not reviewed or ignored by quality systems, leading to unrecognised data manipulation.
After 25 examples, the lesson is clear: data integrity isn’t just about systems or documents. It’s about culture, oversight, and daily execution. Processes fail, people make errors, and shortcuts happen, but strong culture, clear ownership, and attention to detail keep the data true.
Ultimately, regulators aren’t just looking at numbers and spreadsheets, they’re looking at whether your processes, people, and systems can be trusted. Data integrity is created by people, not systems, and it shows in every record, report, and decision.