The ALCOA+ Checklist for Growth-Stage Teams
Data integrity findings are rarely about fraud. They're almost always about a paper or hybrid system that made the right behavior harder than the wrong one. Here's what ALCOA+ actually requires.
The ALCOA+ Principles
Attributable
Every record shows who created or changed it, and when — not a shared login covering five people.
Legible
Records are readable and understandable for the life of the record, not just at the moment of entry.
Contemporaneous
Data is recorded at the time the work is performed, not reconstructed from memory at end of shift.
Original
The first recording of data (or a verified true copy) is preserved — not a summary that discards the source.
Accurate
Records reflect what actually happened, with errors corrected transparently rather than overwritten.
Complete, Consistent, Enduring, Available
The full record survives its retention period and can be retrieved when a regulator or auditor asks for it.
Where Growth-Stage Teams Actually Lose ALCOA+
Not in a dramatic falsification event. In small, repeated gaps: a shared login because provisioning a new account takes a week, a batch record corrected with correction fluid because the electronic system was down, a spreadsheet macro that recalculates a result without an audit trail.
None of these are malicious. All of them are 483-worthy, because none of them are attributable, contemporaneous, or original in the way an inspector needs to see.
Check Your Own Data Integrity Posture
The free Inspection Readiness Assessment includes a dedicated data integrity domain, scored against ALCOA+ in 5 minutes.