Data Integrity is not a new concept. It has been around since paper and ink were the only ways of doing business. The requirements for electronic data are equivalent to those for paper data. The FDA Glossary of Computer Systems Software Development Terminology defines data integrity as “The degree to which a collection of data is complete, consistent and accurate.”

To assure data integrity good documentation practices and the ALCOA+ principles apply:

(A) ATTRIBUTABLE The data is attributable to the person(s) and /or system(s) that generated it, and include who did what, why, and when.

(L) LEGIBLE – For electronic data is permanently recorded and always available for review and retrieval.

(C) CONTEMPORANEOUS The data is electronically recorded and stored at the time it is generated, with time/date stamps so that the sequence of events can be easily followed.

(O) ORIGINAL The original source data as well as copied records is preserved. Copies, including backup/archive copies, must be verified as accurate and true, preserving the content and meaning of the original, with the data traceable to its origins.

(A) ACCURATE Whether results are recorded electronically, it is essential that they are generated by validated systems.

(+) The data must be CONSISTENT, all records must be COMPLETE, including any metadata (contextual information required to understand the data) and data must be ENDURING & AVAILABLE.

Whether an organisation’s electronic data is stored on internal servers or in the cloud, the ALCOA+ data integrity principles apply.The challenges associated with preserving data integrity are many, but specifically in the world of cloud computing, data integrity is one of the biggest challenges to overcome.

When an organisation outsources their data and applications to the cloud they are handing over control. Will the data be safe and secure, protected from loss or damage and protected from unauthorised access or manipulation?

It is important to remember that the overall security of any Cloud based system is only equal to its weakest component. Can the Cloud Service Provider assure that there are controls to prevent data loss or manipulation? What will happen if there is a data breach/data hacking incident? Where will the data / application be stored? How will the security of interfaces be assured? Will the access to the data be by authorised personnel only with full audit trail availability? Will there be multitenancy in the cloud? Based on this, the vetting of potential Cloud Service Providers needs to be diligent and robust agreements should be implemented to ensure appropriate controls, checks and balances (e.g Validation, Backup, Disaster Recovery, Access Controls, Audit Trails, etc) are in place to assure data confidentiality, data integrity and data availability.

A cooperative relationship between the cloud service provider and the organisation is key to assuring that data integrity is preserved for any data and / or applications stored in the cloud. Once this relationship is established, maintained and monitored, and appropriate checks are balances are put in place the data integrity challenges associated with ‘moving to the cloud’ should not be so great after all. In fact compliance delivered at the cloud level can be hugely instrumental in future proofing the business models of highly regulated companies – those in Life Sciences, Connected Health and many other sectors.