Standard Operating Procedure for Data Integrity Investigation in Regulatory Documentation

Department	Regulatory Affairs
SOP No.	RA/2026/780
Supersedes	NA
Page No.	1 of X
Issue Date	17/04/2026
Effective Date	17/04/2026
Review Date	17/04/2028

Purpose

This SOP defines the systematic approach and control measures to be implemented for the investigation of suspected or confirmed data integrity issues within regulatory documentation. It aims to ensure complete transparency, accuracy, reliability, and traceability of regulatory records, supporting compliance with applicable regulatory requirements and maintaining the integrity of submissions to health authorities.

Scope

This procedure applies to all regulatory documentation, including but not limited to submissions, correspondence, dossiers, archives, electronic and paper records generated, maintained, or archived within the Regulatory Affairs department. It covers data integrity investigations related to handwritten, computerized, and scanned documents. The SOP excludes investigations related solely to laboratory or manufacturing records unless directly linked to regulatory submissions.

Responsibilities

• Regulatory Affairs Personnel: Execute initial identification and reporting of data integrity concerns.
• Quality Assurance (QA): Review and oversee investigations, ensure compliance and approval of outcomes.
• Investigation Team: Conduct detailed root cause analysis, corrective and preventive actions (CAPA).
• Document Control Coordinator: Ensure affected documents are identified, controlled, and archived properly.
• Management Representative: Provide oversight, resource allocation, and final approval of investigation reports.

Accountability

The Head of Regulatory Affairs holds accountability for ensuring full implementation, observance, and periodic review of this SOP. They are responsible for escalating unresolved or critical data integrity events to senior management and ensuring the effectiveness of corrective actions arising from investigations.

Procedure

The data integrity investigation procedure shall be conducted as per the following stages:

1. Detection and Initial Reporting: Any suspected data integrity concern within regulatory documentation shall be immediately reported to the Regulatory Affairs Quality Assurance representative, who records this in the Data Integrity Investigation Log.

2. Preliminary Assessment: The QA representative shall perform a preliminary review to confirm the validity of the concern and determine the potential impact on regulatory submissions or compliance.

3. Investigation Team Formation: Upon validation, a cross-functional investigation team shall be constituted including Regulatory Affairs, QA, and Document Control representatives, with others as required.

4. Collection of Evidence: Secure and review all related documentation, electronic audit trails, metadata, and any other pertinent records. Establish timelines, personnel involved, and identify the affected data or documents.

5. Root Cause Analysis: Analyze the findings to identify the cause of the data integrity breach using appropriate tools such as 5 Whys or Fishbone analysis. Determine if the issue arose from human error, system failure, procedural non-compliance, or deliberate misconduct.

6. Impact Assessment: Evaluate potential or actual impacts on regulatory submissions, patient safety, or compliance status.

7. CAPA Development: Define corrective and preventive actions to remediate the issue and mitigate recurrence, including training, process revision, system upgrades, or disciplinary actions if necessary.

8. Approval and Communication: Submit the investigation report and CAPA plan for review and approval by QA and management. Communicate findings and corrective measures to relevant stakeholders.

9. Documentation and Record Keeping: Archive all investigation-related documents securely in line with document retention policies, ensuring traceability and audit-readiness.

10. Closure and Review: Upon completion of CAPA implementation, perform effectiveness checks. Document results and formally close the investigation.

Notes and Compliance: Throughout all steps, ensure adherence to Good Documentation Practices (GDP), data integrity principles (ALCOA+), and regulatory guidance. Any significant findings shall be escalated promptly.

Abbreviations

• ALCOA+ – Attributable, Legible, Contemporaneous, Original, Accurate, plus Complete, Consistent, Enduring, and Available
• CAPA – Corrective and Preventive Actions
• GDP – Good Documentation Practices
• QA – Quality Assurance
• SOP – Standard Operating Procedure

Documents

The following documents are essential for performing data integrity investigations in regulatory documentation:

1. Data Integrity Investigation Report Template (Annexure-1)
2. Data Integrity Investigation Log (Annexure-2)
3. Corrective and Preventive Action (CAPA) Form (Annexure-3)

References

• FDA Guidance for Industry: Data Integrity and Compliance With Drug CGMP (2018)
• EMA Good Practice Guide on Data Integrity (2018)
• ICH Q7 Good Manufacturing Practice Guide
• ICH Q9 Quality Risk Management
• ICH Q10 Pharmaceutical Quality System
• EU GMP Annex 11 – Computerized Systems
• Internal Quality Management System Documentation

Version

1.0

Approval

Prepared By
Checked By
Approved By

Annexures

Annexure-1: Data Integrity Investigation Report Template

Purpose: To document detailed findings, root cause analysis, impact assessment, and corrective actions of a data integrity investigation related to regulatory documentation.

Investigation ID	DI-RA-2026-001
Date Opened	15/04/2026
Reported By	Regulatory Affairs Staff
Description of Issue	Inconsistency detected in submission document versioning and metadata timestamps
Investigation Team Members	Regulatory Affairs, QA, Document Control
Root Cause Analysis	Lack of adherence to version control SOP and incomplete metadata audit trail
Impact Assessment	Potential risk to submission integrity; no patient safety impact identified
Corrective Actions	Retraining on document control procedures; audit trail system update; enhanced review steps
Preventive Actions	Periodic data integrity audits; strict enforcement of SOP compliance; automated alerts for metadata discrepancies
Investigation Closure Date	30/04/2026
Prepared By	Regulatory Affairs Staff
Reviewed By	Quality Assurance
Approved By	Head of Regulatory Affairs

Annexure-2: Data Integrity Investigation Log

Purpose: To maintain a centralized record of all data integrity investigation events reported within regulatory documentation processes.

Investigation ID	Opening Date	Reported By	Issue Summary	Status	Closure Date
DI-RA-2026-001	15/04/2026	Regulatory Affairs Staff	Document version control inconsistency	Closed	30/04/2026
DI-RA-2026-002	10/05/2026	Regulatory Affairs Staff	Discrepancy in scanned submission metadata	Open	–

Annexure-3: Corrective and Preventive Action (CAPA) Form

Purpose: To document detailed corrective and preventive measures taken to rectify and prevent recurrence of data integrity breaches in regulatory documentation.

CAPA ID	CAPA-RA-2026-001
Related Investigation ID	DI-RA-2026-001
Description of Non-Conformance	Failure to properly control document versioning leading to questionable submission data integrity
Corrective Action(s)	Conducted training on version control SOP; implemented audit trail reviews
Preventive Action(s)	Automation of metadata monitoring; quarterly data integrity audits established
Target Completion Date	30/05/2026
Actual Completion Date	28/05/2026
Effectiveness Check Date	15/06/2026
Effectiveness Review Comments	No recurrence detected; improved compliance with version control SOP
Prepared By	Regulatory Affairs Staff
Reviewed By	Quality Assurance
Approved By	Head of Regulatory Affairs

Revision History

Revision Date	Revision No.	Revision Details	Reason for Revision	Approved By
17/04/2026	1.0	Initial issue	New SOP creation