Data Integrity

The ALCOA+ Checklist for Growth-Stage Teams

Data integrity findings are rarely about fraud. They're almost always about a paper or hybrid system that made the right behavior harder than the wrong one. Here's what ALCOA+ actually requires.

The ALCOA+ Principles

A

Attributable

Every record shows who created or changed it, and when — not a shared login covering five people.

L

Legible

Records are readable and understandable for the life of the record, not just at the moment of entry.

C

Contemporaneous

Data is recorded at the time the work is performed, not reconstructed from memory at end of shift.

O

Original

The first recording of data (or a verified true copy) is preserved — not a summary that discards the source.

A

Accurate

Records reflect what actually happened, with errors corrected transparently rather than overwritten.

+

Complete, Consistent, Enduring, Available

The full record survives its retention period and can be retrieved when a regulator or auditor asks for it.

Where Growth-Stage Teams Actually Lose ALCOA+

Not in a dramatic falsification event. In small, repeated gaps: a shared login because provisioning a new account takes a week, a batch record corrected with correction fluid because the electronic system was down, a spreadsheet macro that recalculates a result without an audit trail.

None of these are malicious. All of them are 483-worthy, because none of them are attributable, contemporaneous, or original in the way an inspector needs to see.

Check Your Own Data Integrity Posture

The free Inspection Readiness Assessment includes a dedicated data integrity domain, scored against ALCOA+ in 5 minutes.