Questions: Data Integrity and Regulatory Compliance
5 questions to test your understanding
Score: 0 / 5
Question 1 Multiple Choice
A laboratory analyst generates three HPLC chromatograms for a sample. Two pass acceptance criteria; one fails due to a peak integration anomaly she believes was caused by an air bubble. She records only the two passing results in the analytical report and deletes the failing run from the system. Is this a data integrity violation?
ANo — if the failing run was a genuine instrument artifact, reporting only valid results is scientifically appropriate
BNo — data integrity requires accuracy, and both reported results are accurate
CYes — all data generated must be recorded and preserved; selective deletion violates ALCOA completeness and the 'Original' principle requiring all original records to be maintained
DYes, but only if the laboratory is subject to FDA jurisdiction; deletion is acceptable practice in unregulated settings
Selective deletion is a data integrity violation regardless of whether the deleted data were technically flawed. ALCOA+ requires completeness — every injection, every run, every result must be documented. The correct response to a failed run is to record it with a documented investigation and justification (e.g., instrument anomaly confirmed by log), not delete it. A laboratory that deletes failures is indistinguishable from one that deletes inconvenient passing results — regulators cannot verify the difference. The deletion itself is the violation, independent of whether the retained data are correct.
Question 2 Multiple Choice
Why does the 'Attributable' principle in ALCOA require that every data point be linked to a specific user and timestamp?
ATo identify high-performing analysts for rewards and poor performers for remediation
BTo create a complete chain of custody so that any irregularity can be traced to a specific person and time, making data manipulation harder to conceal and enabling thorough investigation
CTo satisfy ISO 9001 requirements that all laboratory work be assigned to certified and trained personnel
DTo meet a legal requirement specific to clinical trial data that does not apply to pharmaceutical manufacturing QC
Attributability is an anti-fraud and investigation mechanism, not a performance management tool. When every action is linked to a specific user login and timestamped, unauthorized manipulation is both more difficult (role-based access controls, unique credentials) and more detectable (audit trail shows who did what and when). In a regulatory investigation, attributability lets auditors reconstruct exactly who logged in, what data were acquired or changed, whether the sequence of events is plausible, and whether any actions occurred outside business hours or by unauthorized users.
Question 3 True / False
A data integrity violation can occur even when all reported analytical results are technically accurate, if the process of generating those results involved selective deletion of failing data.
TTrue
FFalse
Answer: True
Data integrity is about the completeness and traceability of the entire data lifecycle, not only the accuracy of final reported values. If a laboratory deletes failed runs and reports only passing ones, regulators cannot determine whether the passing results represent genuine product quality or systematic cherry-picking. The harm is to trustworthiness: even if each retained result is technically correct, the selection process makes the overall dataset unreliable. This is why regulatory inspections examine audit trails for deleted records and reprocessed data, not just the reported results themselves.
Question 4 True / False
21 CFR Part 11 requires that electronic data be stored in an unalterable format; as long as secure backups exist, audit trails are optional since the original data is preserved.
TTrue
FFalse
Answer: False
Audit trails are explicitly required by 21 CFR Part 11 (§11.10(e)), not optional supplements to backups. A backup preserves the *final state* of data; an audit trail preserves the *history of all actions* — who logged in, what was acquired, when results were reprocessed, what was changed and by whom, and why. A backup cannot reveal that a record was deleted and later restored, or that a result was reprocessed multiple times before the passing value was reported. Audit trails and backups serve entirely different functions, and regulators require both.
Question 5 Short Answer
Why does deleting a failed analytical run — even one that was genuinely invalid due to confirmed instrument malfunction — constitute a data integrity violation?
Think about your answer, then reveal below.
Model answer: Because data integrity requires a complete, unbroken record of all analytical activity. If a run is invalid, the correct action is to document it and the reason for its invalidity in the audit trail. Deletion removes the evidence that allows auditors to trust the overall record — a laboratory that documents invalid runs and a laboratory that deletes inconvenient ones are indistinguishable without that documentation.
Regulators applying ALCOA+ principles cannot verify whether a deletion was justified unless the deletion and its justification are both documented. If an air bubble caused instrument noise, documenting the failure and the investigation creates an auditable explanation. Deleting it creates a gap identical in appearance to deliberate data manipulation. Beyond the epistemological problem, there is a practical one: instrument malfunctions may need to be investigated as out-of-specification equipment events requiring corrective action. Deletion can mask equipment problems affecting multiple batches and obscure trends in system performance that should trigger maintenance review.