FDA doesn't ask if the batch record was accurate. It asks if you can prove it was created when it claims.
ALCOA+ requires contemporaneous records. 21 CFR Part 11 requires tamper-evident audit trails. MHRA requires data integrity across the product lifecycle. Every standard applies the same test: can the record prove when it was created?
Eight criteria. One is the hardest to satisfy.
Attributable, Legible, Contemporaneous, Original, Accurate, Complete, Consistent, Enduring, Available. The ‘C’ is the one your current system cannot prove.
What each standard requires for data integrity.
Eight instruments across FDA, MHRA, EMA, and ICH. Every one of them requires contemporaneous, independently verifiable records that your current electronic systems cannot provide.
Computer-generated, time-stamped audit trails must independently record the date and time of operator entries and actions that create, modify, or delete electronic records. The word 'independently' carries the entire evidential weight: a timestamp generated and stored by the same system that stores the record is not independent. It is self-attesting. FDA investigators treat self-attesting audit trails as insufficient during data integrity inspections.
Controls must be in place to detect invalid or altered records. An electronic record whose timestamp can be altered without detection does not satisfy Part 11. This control is routinely cited in Warning Letters: FDA has found that computer systems lacked controls to prevent or detect unauthorised deletion or modification of electronic records. The inadequacy is systemic, not incidental.
Audit trails must use secure, computer-generated time stamps to independently record the date and time of operator entries. The sequence must be chronologically unbroken. Gaps in an audit trail — periods of time during which no entries appear but activity was occurring — are a standard warning letter trigger. FDA's position: if the trail cannot be shown to be complete, it is presumptively incomplete.
The 'C' in ALCOA+ is Contemporaneous: records must be created at the time the activity occurs. MHRA guidance is explicit: 'contemporaneous' means at the time of performance, not reconstructed later from memory, laboratory notebooks, or instrument printouts. A batch record completed at the end of a shift rather than at the point of each step may fail the contemporaneity standard even if the underlying manufacturing was compliant.
Annex 11 requires audit trails to record the creation, modification, and deletion of GMP-relevant data. Annex 11.9 specifies that audit trail records shall include the old and new values, plus the reason for the change. EMA inspectors apply an equivalent standard to the audit trail itself: the integrity of the trail must be independently demonstrable, not merely asserted by the regulated entity.
MHRA defines original data as the first-captured data or information at the time of observation. The guidance is explicit that data transferred from one format to another, or recreated after system failure, must be demonstrably equivalent to the original. Where equivalence cannot be demonstrated through an independent, tamper-evident record, the data's integrity is in doubt regardless of the subjective accuracy of the recreated record.
FDA distinguishes between dynamic records (accessible, modifiable, queryable) and static records (fixed in form). Static record formats such as PDFs must include an audit trail showing original data, changes, and the identity of who made changes. A static record with no such trail, or one whose trail is stored within the same system that can be modified, does not satisfy the guidance.
ICH Q10 requires management of knowledge throughout the product lifecycle, with particular attention to the creation and retention of process knowledge. Process knowledge includes experimental data from development studies, the evolution of process understanding over time, and the decisions made at each stage. The temporal sequence of knowledge creation is part of the regulated record.
The pattern in FDA enforcement is consistent.
In every case below, the products may or may not have been unsafe. The records could not be independently verified. The consequence followed the documentation gap.
FDA inspections found broken documentation trails: incomplete batch records, inaccurate cleaning records, inadequate failure investigations. The agency could not verify whether manufacturing had been conducted to Good Manufacturing Practice. The consent decree covered all 30+ of Ranbaxy's manufacturing facilities. The core finding was not that products were unsafe — it was that records could not independently verify that GMP had been followed.
FDA found that audit trails had been disabled on manufacturing systems. Data had been deleted and re-entered. The agency's finding: 'Your firm failed to exercise appropriate controls over computerised systems to assure that only authorised personnel institute changes.' The inability to demonstrate audit trail integrity resulted in an import alert on all affected products.
Repeated warning letters cited the same core problem: electronic data was being manipulated after initial entry. Analysts were retesting samples and deleting failing results, recording only passing results in the official batch record. The problem was not that the tests failed — it was that the records could not be trusted to reflect reality at the time of testing.
Computer system audit trails were disabled. Batch records reflected results that could not be corroborated against raw instrument data, because raw data had been altered. The agency's observation: 'You have not demonstrated that your data management practices ensure complete, consistent, and accurate data.' The ALCOA+ standard was cited explicitly.
ALCOA+ compliant. No file leaves your infrastructure.
immut generates a SHA-256 hash of your GxP records in your browser and anchors it to the public XRP Ledger. The original document stays where it is. The proof is public and independently verifiable.
The SHA-256 hash of your batch record, lab notebook, or audit log is computed locally. No data leaves your infrastructure.
The hash is recorded on the public XRP Ledger with a cryptographic timestamp. The ledger is immutable: no party, including immut, can alter or delete the entry.
immut issues a certificate with the hash, XRPL transaction ID, ledger sequence number, and UTC timestamp. The certificate satisfies the 'C' in ALCOA+.
An FDA inspector, MHRA auditor, or EMA assessor can verify the record independently, without trusting immut, your systems, or your representations.
If an FDA inspector asked you to demonstrate that a batch record was created at the time of manufacture, not reconstructed afterward, could you?
Prove your first file in minutes.
Takes seconds. Works on any file type. No installation required.