V5 Ultimate
Compliance · The complete guide

ALCOA+Attributable, Legible, Contemporaneous, Original, Accurate — plus Complete, Consistent, Enduring, Available

TL;DR

ALCOA Plus is the nine-attribute benchmark regulators use to judge data integrity. It defines whether records are trustworthy across paper and electronic systems and underpins inspections by FDA, EMA, MHRA, and PIC/S in all GxP environments.

Reviewed · By V5 Ultimate compliance team· 3,180 words · ~15 min read
AI · Explain it for MY operation

How does ALCOA+ apply to your shop floor?

Pick your industry and scale — Ask V5 rewrites the definition in your context, gives a worked example, and shows what V5 does on day one.

Your scale

01What ALCOA Plus is and why it underpins every GxP record

ALCOA Plus (often written ALCOA+) is the regulator shorthand for data integrity. It expresses nine attributes that determine whether a record can be trusted to support GxP decisions. The original five—Attributable, Legible, Contemporaneous, Original, Accurate—define the core. The extension—Complete, Consistent, Enduring, Available—reflects the reality of modern, networked, and long-lived data flows.

In inspections, authorities do not ask whether a site “implements ALCOA Plus” as an optional best practice. They examine whether the records presented satisfy each attribute. If any attribute fails, the record’s fitness to support release, investigation, validation, or safety decisions is questioned, often triggering Form FDA 483 observations or EU statements of non-compliance.

ALCOA Plus spans paper, hybrid, and fully electronic systems. A handwriting-only batch record can fail if it is illegible or backdated. A validated system can fail if audit trails are not reviewed or if metadata is incomplete. The nine attributes therefore drive both procedural controls—SOPs, training, role definition—and technical controls—identity, time sources, audit trails, and immutable storage.

Because ALCOA Plus is attribute-based rather than tool-specific, it applies equally to laboratory chromatograms, MES batch steps, ERP material transactions, cold-chain sensor data, complaint logs, and post-market surveillance files. Any record used to demonstrate compliance, ensure product quality, or protect patients and consumers must meet the nine attributes to be relied upon.

02Regulatory and technical basis: where ALCOA Plus comes from

The legal and guidance foundation for ALCOA Plus is broad. In the United States, 21 CFR Part 11 sets expectations for electronic records and signatures, while predicate rules across drug, device, blood, and food GMP frame recordkeeping duties. In the European Union, EudraLex Volume 4 and Annex 11 articulate requirements for computerised systems and data integrity across the product lifecycle. These frameworks converge on the same attributes: traceable people and events, clear and permanent content, correct and verifiable values, completeness of data sets, and reliable long-term access.

Inspectorates have codified their approach. The UK MHRA’s GxP data integrity guidance, PIC/S PI 041 on data integrity systems and controls, the WHO guidance on good data and record management, and EMA communications emphasize risk-based controls proportionate to the data’s impact. They all point to human factors, governance, and culture as essential to preventing falsification and unintentional error, not just software configuration.

Technically, ALCOA Plus aligns with requirements for unique identity, controlled time sources, secure audit trails, validated workflows, metadata capture, and retention policies. Organizationally, it requires role clarity, segregation of duties, contemporaneous documentation practices, and independent review. Together, legal texts and inspector guidance convert the nine attributes into day-to-day controls that withstand inspection.

See also national and international positions, which consistently stress lifecycle control, risk management, and periodic review of data governance systems.

Related internal reading: the MHRA’s perspective and WHO’s GMP technical supplement offer pragmatic checklists for governance and shop-floor execution.

For a local blueprint, reference MHRA’s guidance and the WHO technical report cited below.

03The original five attributes: Attributable, Legible, Contemporaneous, Original, Accurate

Attributable means every entry can be tied to a specific person or system actor, with identity verified and the action time-stamped. Shared logins or generic accounts break this attribute because they blur accountability. Legible requires that the record can be read and understood throughout the retention period, including any changes made after the fact. If a value is overwritten without trace, neither legibility nor auditability holds.

Contemporaneous requires recording at the time of the event or as close as technically feasible, using a controlled time source. Backdating, pocket notes, or paper scraps transcribed later erode trust because they invite cognitive bias and loss of context. Original requires preservation of the first capture or a verified true copy that maintains content, meaning, and metadata. Printing an electronic record and filing the paper is not, by itself, a true copy unless procedures and validation show equivalence.

Accurate means the data matches reality within defined tolerances and units, and that calculation steps are correct and reproducible. Accuracy depends on calibrated instruments, validated software, correct master data, and effective verification by qualified personnel. Correction does not mean erasure; it means a documented amendment that preserves the prior state and explains the change.

In practice, firms satisfy these five by enforcing named accounts, training on good documentation practice, using validated systems with secure audit trails, linking instruments to controlled time sources, and documenting corrections through recorded reasons and reviewer approval. These controls are verified during inspection through sampling, cross-referencing signatures, reviewing audit trails, and testing whether printed copies can be traced back to the authoritative source system.

A frequent failure pattern is when contemporaneity collapses under operational pressure. In those cases, inspectors will compare shift logs, equipment usage, and instrument timestamps to reveal late or recreated entries that cannot meet the standard.

For teams modernizing documentation practices, begin by eliminating shared credentials and mandating contemporaneous entries in the system of record, then verify with periodic audit trail reviews and spot interviews against current operations.

Focused reading: the mechanics of documenting at the time of work are addressed in our entry on contemporaneous recording.

Reference: detailed, role-specific training, reinforced by supervisors, is necessary to anchor these behaviors in daily practice and not just in SOP binders.

See: Contemporaneous Recording.

04The extension: Complete, Consistent, Enduring, Available

Complete requires that all data necessary to reconstruct an event are present, including raw data, derived results, metadata, audit trails, and any repeat or invalidated runs with reasons. Omitting failed runs or trimming outliers without scientific justification destroys completeness and invites enforcement. Consistent requires chronological order, aligned identifiers, and traceable versioning. Time anomalies, reused batch numbers, and unlinked instruments degrade consistency.

Enduring requires that records remain intact and tamper-evident for the full retention period, in a durable format with controlled change processes. Transient storage on local drives, unsecured spreadsheets, or portable media fail this test. Available requires timely retrieval for review, trending, and inspection. Archiving is not hiding; it is organized preservation with prompt, role-based access and a clear declaration of the authoritative source.

Operationally, the extension attributes are realized through secure, validated systems that capture metadata, preserve audit trails, assure backups and disaster recovery, and manage change with version control. For hybrid environments, the authoritative source must be unambiguous, and true copies must be validated for readability and completeness. Reviewers must be able to navigate from summary results to raw data without gaps.

From the plant floor to QC labs, the extension often fails where manual cut-and-paste consolidation occurs or where temporary spreadsheets never enter the official record. A controlled electronic batch record, strong document control discipline, and lifecycle traceability close those gaps by design.

See: EBMR/eDHR and Document Control for lifecycle capture and change management, and Traceability for end-to-end linking of materials, processes, and results. For manual capture contexts, shop-floor data collection guidance can help structure metadata and review practices.

Because enduring and available involve IT service levels, quality and IT must agree on retention, recovery time, and acceptable evidence of system health, then verify those agreements during self-inspections and mock audits.

05How ALCOA Plus works in practice across paper, hybrid, and electronic systems

In paper environments, controls hinge on bound formats, pre-numbered pages, permanent ink, corrections with single-line strike-through, and legible reasons for change signed and dated by the doer and reviewer. The original document is the authoritative record, and reproduction must follow true-copy procedures. Supervisors verify contemporaneity by observing work and comparing timefields against external references.

In hybrid environments, which are common, delimit the authoritative source per record type, then validate the true-copy process when information crosses media. For example, a chromatogram’s raw data and meta-information remain in the CDS, while the batch record references the unique file identity. The linkage is part of completeness and availability. Reconciliation checks ensure no files are missing between instruments, LIMS, and batch records.

In fully electronic systems, identity, time, and authorization controls matter most. Named accounts, multi-factor authentication proportionate to risk, synchronized time sources, and immutable, reviewable audit trails are non-negotiable. Reviewers must have the skill and authority to examine audit trails and metadata, not just summaries, to confirm the nine attributes are present end to end.

To operationalize the attributes, many sites codify a baseline control set that ties procedures, training, and technology together. The set below illustrates a pragmatic minimum that inspectors commonly test during routine and for-cause inspections.

  • Named, role-based user accounts with segregation of duties and periodic access review
  • Controlled time sources for all GxP systems and instruments, with documented synchronization
  • Validated workflows that enforce contemporaneous entry and prohibit data overwriting
  • Secure, immutable audit trails reviewed at defined intervals with documented outcomes
  • True-copy procedures for records that cross media, with periodic effectiveness checks
  • Backups, restore testing, and retention controls that keep records enduring and quickly available

Before inspection, test the chain from raw data to reported value using a recent batch or sample set. Verify each hop satisfies attribution, legibility, timing, originality, and accuracy, then confirm completeness, consistency, durability, and retrievability. Close any gaps with CAPA tied to risk and patient impact.

Technology choices must be matched with training. A system can capture audit trails, but if reviewers cannot interpret them, the attribute is not truly assured.

06Common pitfalls and misinterpretations that trigger 483s and EU non-compliance

Data integrity failures are often procedural at their root, even when they surface in systems. Shared credentials, unverified time settings, and undocumented reprocessing are classic examples. Another pattern is overreliance on printouts that lose metadata and audit trail context. A third is the belief that validated software alone guarantees compliance, which neglects governance, training, and review.

Misinterpretations include treating “original” as the first paper printout of an electronic record, assuming that scheduled backup equals enduring evidence, and believing that a signature stamp equates to verified identity without access control. Inspectors will probe those assumptions by requesting raw data, audit trails, and system configuration records to see whether the attributes still hold when examined at the source.

To preempt findings, quality leadership should run targeted self-inspections against the nine attributes, sampling different units and shifts. Observed work, interviews, and reconciliation of system logs to physical operations are essential. Where controls are weak, corrective actions must address behavior, procedures, and technology together, with effectiveness checks that are independent and time-bound.

  • Generic or shared logins that defeat Attributable and obscure accountability
  • Backdating entries or transcribing from scratch notes, undermining Contemporaneous
  • Discarding failed runs without scientific justification, breaking Complete and Consistent
  • Printing electronic records without metadata, violating Original and Available
  • Unreviewed or disabled audit trails, weakening Accurate, Complete, and Enduring
  • Uncontrolled spreadsheets and local file storage that fail Enduring and Available
  • Weak authentication that conflicts with regulator expectations for identity assurance

Addressing authentication gaps may include stronger authentication configured in proportion to risk and periodic recertification of access. Laboratory environments should focus on raw data retention, audit trail review, and scientific justification for any exclusion of data from calculations or reports.

Link your incident and deviation handling to data integrity risks so that trending reveals systemic issues rather than isolated events. When analysts or operators feel time pressure, contemporaneous documentation must remain non-negotiable.

See: multi-factor identity considerations and QC analytics readiness in the related entries below.

Related internal links: Password and Token, Lab QC, and Out-of-Spec Handling.

07How ALCOA Plus relates to Annex 11, 21 CFR Part 11, ICH Q9/Q10, ISO 13485, and GDP

ALCOA Plus attributes are the common denominator that different frameworks operationalize. EU GMP Annex 11 and 21 CFR Part 11 describe controls for electronic records and signatures, but inspectors still evaluate whether the data achieved all nine attributes. In other words, conformance to system requirements is necessary but not sufficient; data must be demonstrably trustworthy in use.

ICH Q9 on quality risk management and Q10 on pharmaceutical quality systems shape how firms prioritize controls based on data criticality and process risk. High-impact data warrant stronger identity, time, audit trail, and review rigor. Lower-impact data may use proportionate controls, yet they still need to be attributable, legible, contemporaneous, original, accurate, complete, consistent, enduring, and available.

For medical devices, ISO 13485 and U.S. Quality System Regulation require document and record control, traceability where required, and validation of software used in the quality system. Those expectations interlock with ALCOA Plus, ensuring that design history files, device history records, and complaint investigations reflect the same nine attributes that underpin decision-making.

In distribution, Good Distribution Practice requires records that protect product identity and conditions during storage and transport. Temperature logs, chain-of-custody records, and returns processing require enduring and available data with unbroken attribution and timing. Across these domains, ALCOA Plus is the single interpretive lens regulators use to decide whether records can be trusted.

Quality management systems convert these principles into governance, training, and monitoring. The platform you use should embed attribute checks into workflows and provide evidence that links controls to risk.

See platform-level quality controls in our QMS overview.

Reference materials from EMA, FDA, ICH, and ISO provide aligned expectations that map directly to the nine attributes when you design or remediate controls.

See: QMS.

08Implementing ALCOA Plus by design: governance, controls, and maturity path

A sustainable ALCOA Plus program begins with governance. Define data ownership, criticality classification, and decision rights. Map data flows, from raw capture to reporting, including who does what, where identity is asserted, which time source governs, and where the authoritative record resides. Those maps reveal disproportionate risks, such as uncontrolled spreadsheets or orphan instruments, and guide investment in controls.

Next, translate the nine attributes into control objectives per data class. For each objective, specify technical measures—access control, audit trails, validated interfaces—and procedural measures—SOPs, training, and independent review. Pair each measure with verifiable evidence: an access review report, an audit trail review log, or a successful restore test. Build effectiveness checks into management review and internal audits.

Finally, stage the rollout using a maturity roadmap. Early phases stabilize identity, time, and original data capture. Middle phases integrate systems so that completeness and consistency are automatic rather than manual. Advanced phases harden durability and retrieval, monitor for drift, and use analytics to detect anomalies in data behavior. The table below outlines a practical path that aligns with inspector expectations.

PhaseFocusTypical controlsEvidence expected by inspectors
FoundationIdentity, time, raw data captureNamed accounts, time sync, SOPs on documentation, bound paper controlsAccess roster with periodic review, time sync logs, training records, sample corrected entries
ControlledAudit trails and true copiesValidated audit trails, change control, true-copy procedures, backup and restore testingAudit trail review logs, change logs, true-copy validations, restore test reports
IntegratedSystem links and metadata completenessLIMS/MES interfaces, instrument integration, master data governanceTraceable links from summary to raw, interface validation, master data change records
ProactivePeriodic review and anomaly detectionScheduled self-inspections, audit trail trending, segregation-of-duties checksInternal audit reports, CAPA effectiveness checks, access recertification outcomes
OptimizedDurability and retrieval at scaleArchiving strategy, disaster recovery, performance SLAs for retrievalRetention plan, recovery time tests, retrieval metrics and demonstrations during inspection

Treat maturity as a living roadmap. Changes in product mix, technologies, or regulatory emphasis should trigger reassessment of data criticality and controls. Management review should track leading indicators such as late entries, missing metadata, or audit trail exceptions, and tie them to improvement plans.

For inspection preparation, run a dry-run trace from a recent batch or study to verify evidence exists for every attribute, then document any gaps with corrective timelines and accountable owners.

09What inspectors do during an ALCOA Plus assessment and how to prepare

Inspectors begin by asking for your data governance narrative, then they test it. They select a recent batch, lot, or study and walk it back to raw data, comparing people, times, and values across systems. They request audit trails, access logs, and change records to see whether the nine attributes are present and whether reviews are effective and timely. They will interview operators and analysts to observe how documentation is performed in real time.

Expect triangulation. A shop-floor timestamp is compared with instrument logs and network time. A printout is checked against the electronic source to confirm metadata and audit trail context. If hybrid, the true-copy process is tested by tracing an electronic record into its paper reference and back. If fully electronic, inspectors may request demonstration of retrieval under role-based access from archived records within stated service levels.

Preparation is evidence-driven. Appoint a record owner to act as a navigator, stage evidence binders with live pointers to source systems, and rehearse audit trail review questions with real examples. Avoid static screenshots when possible; live demonstrations show integrity in context and build confidence. If a gap is discovered, be candid, assess impact, and state corrective and preventive actions with timelines.

A common strength signal is a closed loop between deviations, CAPA, and data integrity risks. When a late entry or missing metadata incident occurs, inspectors expect to see root cause, proportionate action, and an effectiveness check that verifies behaviors and controls have changed for the better.

Finalize your readiness by sampling across shifts, sites, and systems, ensuring that the narrative holds under variation. Prepare to show real-time records, not just polished exemplars.

See also our structured approach to deviations and CAPA, which helps demonstrate governance maturity during inspection.

Related feature: Structured Deviations.

10Worked examples and control patterns regulators cite

Laboratory chromatography: An analyst runs a sequence with a failed system suitability. The failed run cannot be deleted. The record must include the raw data, reason for invalidation, and the re-run, with audit trail showing who performed the action and when. Review must confirm that the decision to exclude the failed run is scientifically justified and that calculations reflect the validated run. Printing the peak table alone is insufficient without metadata and audit context.

Manufacturing batch step: An operator records a manual weight. The scale must be calibrated, the entry must be contemporaneous, and any correction requires a reason. If integrated, the weight should flow automatically into the batch record with instrument identity and timestamp. If transcribed, dual verification and reconciliation reduce risk. Reviewers sample audit trails to ensure no overwriting occurred and that time alignment with equipment usage logs makes sense.

Distribution temperature monitoring: Sensor data must be attributable to a device with a controlled clock, legible without specialized tools beyond validated viewers, and complete for the journey. Alarms, interventions, and acknowledgments must be captured and reviewed. Archiving must preserve raw data and allow prompt retrieval at future inspections.

Complaint investigation: The timeline from receipt to closure must be consistent, with decisions supported by original evidence. Email chains copied into a CMS later, without preserving headers and timestamps, can fail originality and completeness. Investigators should record actions in the system of record at the time performed, with attachments kept as true copies and integrity-checked on upload.

Across these examples, repeatable control patterns emerge: strong identity and time sources, metadata-rich capture at the source, immutable audit trails with periodic review, validated interfaces for automatic data flow, and governed true-copy processes where media changes. These patterns are technology-agnostic and are the ones inspectors most often test in depth.

When in doubt, walk the record against each attribute. If any attribute cannot be demonstrated with live evidence, the control environment needs hardening before inspection.

11How V5 Ultimate embeds ALCOA Plus by design

V5 Ultimate implements ALCOA Plus as a native property of record lifecycle, not as an afterthought. Identity is enforced with named, role-based accounts and configurable authentication, while time is anchored to controlled sources across devices and services. Each record carries metadata for actor, context, and origin, with immutable, reviewable audit trails across modules. True-copy generation is validated, and retention policies ensure records remain intact and retrievable for the full lifecycle.

On the floor and in the lab, V5 captures raw data and metadata at the source, links instruments and transactions automatically, and preserves chronology across workflows. Reviewers can navigate from summarized results to raw data and audit trails in a few clicks, accelerating batch release and investigations. Evidence packages for inspection are generated with live pointers to authoritative sources, avoiding stale screenshots and preserving traceability to the system of record.

For hybrid environments, V5 declares the authoritative record per object type and validates the true-copy process when information crosses media. Backup, restore testing, and archiving are monitored with dashboards, while access and audit trail review schedules are enforced by reminders and escalation. Management review can trend late entries, missing metadata, and audit exceptions to drive continuous improvement.

V5’s modules provide out-of-the-box alignment with ALCOA Plus evidence expectations, and integrations connect laboratory instruments, MES steps, and ERP transactions so completeness and consistency are maintained automatically rather than manually stitched together.

Frequently asked questions

Q.Is ALCOA Plus a regulation or a guideline?+

ALCOA Plus is not a standalone regulation. It is a set of attributes derived from binding requirements in Part 11, Annex 11, and predicate rules, and from inspectorate guidance that translate those requirements into practical expectations.

Q.Do paper records need to meet ALCOA Plus?+

Yes. The nine attributes apply to paper, hybrid, and electronic systems. Bound formats, contemporaneous entries, controlled corrections, and true-copy procedures are essential to meet the attributes on paper.

Q.How do inspectors test for ALCOA Plus compliance?+

They start with a recent record and trace it back to raw data, checking identities, times, and changes. They review audit trails, access logs, and change control evidence, and interview personnel to confirm contemporaneous practices.

Q.What is the biggest cause of ALCOA Plus failures?+

Late or recreated entries and weak identity controls are common root causes. Unreviewed audit trails and incomplete raw data retention also frequently lead to findings because they break completeness and accountability.

Q.Are printed copies of electronic records acceptable originals?+

A printout is not automatically an original or a true copy. You need validated true-copy procedures that preserve content, meaning, and metadata, or you must retrieve the authoritative electronic record directly.

Q.How should we prioritize controls for ALCOA Plus?+

Use risk-based classification. High-impact data require stronger identity, time, audit trail, and review controls. Document the rationale, implement proportionate measures, and verify effectiveness through periodic review and internal audits.

Q.What evidence do inspectors expect for audit trail review?+

A defined procedure, trained reviewers, documented periodic reviews with findings and follow-up, and the ability to demonstrate live navigation from summary to raw data and audit trail entries for sampled records.

Primary sources

Further reading

Explore this topic

ALCOA+ sits inside 2 overlapping topic clusters in our glossary. Every neighbour is one click away.

See ALCOA+ working on a real shop floor

V5 Ultimate ships with the ALCOA+ controls already wired in — audit trail, e-signatures, validation evidence. Free trial, no credit card, onboard in days, not months.