Last updated: March 18, 2026
ALCOA++ is the ten-principle data integrity framework required for GxP-regulated clinical trials. It stands for Attributable, Legible, Contemporaneous, Original, Accurate, Complete, Consistent, Enduring, Available, and Traceable.
Formalized by the EMA in its October 2023 Guideline on Computerised Systems and Electronic Data in Clinical Trials, ALCOA++ is the required standard for trials subject to EMA oversight, and the recommended compliance posture for any global trial.
Another acronym in the life sciences, who would have thought?
It’s the most current and comprehensive data integrity framework used across clinical trials, GCP, GMP, and all GxP-regulated environments. Formalized through decades of FDA and international regulatory guidance, and most recently codified by the EMA's 2023 Guideline on Computerised Systems and Electronic Data in Clinical Trials ALCOA++ defines the gold standard for how clinical trial data must be captured, managed, and retained to be considered inspection-ready.
If your TMF can’t answer these three fundamental questions during an inspection then your organization is at risk of a Form FDA 483 observation, a warning letter, or worse.
- Who created or modified this data?
- When did it happen?
- Can you prove it wasn't improperly altered?
In this guide, I cover what ALCOA++ means, what the regulatory consequences look like when these principles aren't adhered to, and how using an eTMF system helps ensure that ALCOA++ is followed, to a tee.
What is the difference between ALCOA vs. ALCOA+ vs. ALCOA++
| Principle | ALCOA | ALCOA+ | ALCOA++ |
| Attributable | ✅ | ✅ | ✅ |
| Legible | ✅ | ✅ | ✅ |
| Contemporaneous | ✅ | ✅ | ✅ |
| Original | ✅ | ✅ | ✅ |
| Accurate | ✅ | ✅ | ✅ |
| Complete | — | ✅ | ✅ |
| Consistent | — | ✅ | ✅ |
| Principle | — | ✅ | ✅ |
| Enduring | — | ✅ | ✅ |
| Available | — | ✅ | ✅ |
| Traceable | — | — | ✅ |
| Total Principles | 5 | 9 | 10 |
| Introduced | 1990s (FDA) | 2010s | 2023 (EMA formalized) |
| Primary Regulatory Reference | FDA BIMO Guidance | FDA Data Integrity Guidance (2018); MHRA GxP Data Integrity (2018) | EMA Guideline on Computerised Systems & Electronic Data in Clinical Trials (2023) |
ALCOA++: The Current Standard for Digital Clinical Trials
In 2023, the EMA published its final Guideline on Computerised Systems and Electronic Data in Clinical Trials, which formally introduced the term ALCOA++ and added a tenth principle: Traceable.
Why? Earlier ALCOA frameworks were developed during an era when more regulated data lived inside a single system: a paper record, laboratory notebooks or later a standalone electronic database. In those environments, maintaining data integrity primarily meant ensuring that individual records were attributable, accurate and contemporaneously documented.
Modern clinical trials operate differently; a single data point may originate in one system, be transferred to another, and ultimately be represented as documentation in the TMF. In this distributed environment, data integrity is no longer just about the correctness of individual records. It is about the ability to reconstruct the complete lifecycle of that data across multiple interconnected systems.
The introduction of the Traceable principle in ALCOA++ reflects this reality: regulators increasingly expect organizations to demonstrate how data moved, changed, and was preserved across the digital trial ecosystem.
ALCOA++ is the current standard. If your organization's SOPs, validation documentation, or vendor contracts still only reference ALCOA or ALCOA+, they may need to be updated to reflect current EMA expectations.
All Ten ALCOA++ principles explained
1. Attributable
Every data point must be traceable to the person, system, or device that generated or modified it, including the date and time that action occurred. In electronic systems, this means unique user IDs (no shared accounts), role-based access controls, and validated audit trails.
Loss of attribution metadata doesn't just create a compliance gap; it can render the data unattributable and potentially unusable for regulatory submission.
Common inspection finding: Shared login credentials, generic usernames, or missing electronic signatures on source documents.
2. Legible
Data must be readable, clear, and permanently recorded. For paper records, this means handwritten entries must be decipherable. For electronic systems, it means records (including audit trail entries) must be comprehensible in context, not just stored as raw strings.
Legibility also has a long-term dimension: data that was readable in 2010 must remain readable in 2030 when an inspection or regulatory decision occurs.
Common inspection finding: Overwritten entries without explanation, damaged or degraded paper records, or audit trail entries that cannot be decoded without system access that no longer exists.
3. Contemporaneous
Data must be recorded at the time the activity is performed, not reconstructed from memory afterward. Non-contemporaneous documentation is one of the most frequently cited ALCOA violations in FDA Warning Letters. In one 2024 inspection cited in FDA enforcement documentation, more than 140 primary efficacy assessment scores were entered days to weeks after clinical site visits — without source documentation to support the late entries.
Common inspection finding: Timestamps that don't align with actual activity dates, retrospective entries, or electronic records where entry time contradicts system metadata.
4. Original
The first capture of data is the regulatory record of truth. Photocopies, transcriptions, or secondary records may be used as reference, but the original must be preserved and clearly distinguished. When original records are destroyed (whether intentionally or not) before the required retention period, the consequences can be severe.
In one FDA inspection, handwritten source records were found to have been destroyed prior to the mandatory two-year post-approval retention window.
Common inspection finding: Inability to produce original source documents, certified copies that aren't properly authenticated, or original electronic records overwritten without maintaining a preserved version.
5. Accurate
Data must be error-free, precisely recorded, and a true representation of the underlying observation or measurement. Accuracy requires validated systems with built-in data entry checks, controlled sources, and the inability to alter data without generating a traceable record.
This principle extends to data transfers: migrating data between systems without maintaining accuracy, including all associated metadata, is an ALCOA++ violation.
Common inspection finding: Data that contradicts corresponding safety or laboratory reports, unexplained discrepancies between source and transcribed records, or failed data transfer validations.
6. Complete (+)
All data relevant to the clinical trial must be present and accounted for in the TMF, including protocol deviations, amendments, unanticipated events, and negative or inconclusive findings. Selectively omitting data, even unintentionally, is treated by regulators as equivalent to falsifying records.
A complete audit trail must demonstrate that nothing has been deleted or suppressed.
Why this matters for TMF: A TMF should reflect the full conduct of the trial, including deviations, issues, and their resolution. Inspectors do not expect a flawless record; they expect a complete and transparent one. A TMF that only contains positive or idealized documentation may raise questions about whether all relevant trial activities and events have been properly captured.
7. Consistent (+)
Records within a TMF must follow a logical, chronological sequence consistent with documented events. Timestamps must align across systems, across documents, and with the actual sequence of trial activities. Any discrepancy between recorded dates and system-generated timestamps will attract scrutiny.
Inconsistency is often the first signal inspectors use to identify deeper data integrity problems.
Common inspection finding: Timestamps on documents that predate site activation, inconsistent dating across investigator signatures and site records, or batch records where process steps appear to occur out of sequence.
8. Enduring (+)
Clinical trial data must be recorded in stable, durable formats that can be retrieved for the full regulatory retention period — typically 15 years post-trial or until regulatory decision, whichever is longer. Thermal paper, CDs, DVDs, and USB drives are not considered GxP-compliant storage formats. For eTMF systems, this means validated, access-controlled, long-term repositories with tested backup and restore procedures.
Common inspection finding: Data stored on obsolete media types, records held in systems that have been decommissioned without proper migration, or backups that cannot be successfully restored.
9. Available (+)
All TMF records must be accessible for authorized review and regulatory inspection throughout the required retention period. This includes remote accessibility for electronic records, the standard that has driven adoption of eTMF systems globally. Data that exists but cannot be produced for an inspector within a reasonable timeframe effectively doesn't exist from a compliance standpoint.
Common inspection finding: Records stored in systems to which access has been revoked, documents held by a departed CRO or vendor with no data return agreement, or eTMF systems that require on-site access to retrieve records.
10. Traceable (++)
Introduced formally through the EMA's 2023 guideline, Traceability requires that data be traceable throughout its entire lifecycle, from raw entry through every modification to final reporting. Changes to data or metadata must be documented as part of the audit trail, must not obscure the original information, and must be interpretable by an inspector without special system knowledge. Traceability goes beyond attribution (knowing who touched the data) to reconstruction (being able to prove exactly what happened and when, at every stage).
Example: Where traceability can break down
A monitoring visit report may be drafted and approved within a CRO’s operational system, where version history, reviewer comments, and approvals are captured. When the final report is exported as a PDF and filed in the sponsor’s TMF, the document itself is preserved, but some contextual metadata about how it was created remains in the originating system. During inspection, regulators may therefore need to review multiple systems to reconstruct the full lifecycle of the record.
This scenario does not necessarily indicate a system failure. Rather, it illustrates the complexity of maintaining traceability across multiple systems that each capture different aspects of the record lifecycle.
Demonstrating ALCOA++ compliance in these environments requires clear governance around how records move between systems, how their provenance is documented, and how inspectors can reconstruct the full history of the data when needed.
Why this is the defining principle of ALCOA++: In complex digital trial environments, where data flows through eCOA (electronic Clinical Outcome Assessment) platforms, centralized monitoring tools, EDC systems, and eTMFs, traceability is the principle that ties everything together. Without it, each system may individually satisfy ALCOA+ while collectively creating an untraceable, inspection-indefensible data chain.
What happens when ALCOA++ isn’t followed?
This is the question most clinical operations professionals are actually asking when they look up "ALCOA." The definitional content matters, but the regulatory consequences are what drives action.
Form FDA 483 Observations
A Form FDA 483 is issued at the conclusion of an FDA inspection when investigators observe conditions that may constitute violations of applicable law. Data integrity findings, particularly related to Contemporaneous, Attributable, and Consistent principles, are among the most frequently cited 483 observations. Receipt of a 483 isn't a final regulatory action, but it triggers a mandatory written response and follow-up, and unresolved 483 observations escalate to Warning Letters.
FDA Warning Letters
Warning Letters are the FDA's formal statement that a company's practices are seriously violating regulatory requirements. Data integrity was cited in approximately 61% of FDA Warning Letters issued in 2021, making it one of the most common bases for enforcement action.
A study of 1,766 FDA Warning Letters by Yoseok Park and Kyenghee Kwon issued between 2016 and 2023 found that data integrity-related violations could be classified across ALCOA and ALCOA+ frameworks — suggesting these aren't edge-case failures, but systemic compliance gaps across the industry.
Warning Letters can result in import alerts, product holds, rejection of New Drug Applications or Biologics License Applications, and consent decrees that impose external oversight on a company's operations for years.
Consent Decrees
A consent decree is a negotiated legal agreement between a company and the FDA (or DOJ), typically resulting from repeated or severe GxP violations. Under a consent decree, a company may be required to halt manufacturing or trial operations, engage independent auditors, and demonstrate compliance over a multi-year period before resuming normal activity. Consent decrees have lasting commercial and reputational consequences.
Rejection or Invalidation of Trial Data
Perhaps the most immediate operational consequence: if an FDA or EMA inspection finds that data supporting a marketing application cannot be verified as ALCOA++-compliant, the agency can reject the application or require the trial to be repeated. This risk applies not just to the inspected site, but potentially to the entire study if systemic data integrity failures are identified.
ALCOA++ and the TMF: Why it's not optional
The Trial Master File is the documentary record of a clinical trial, and it’s evaluated during inspections precisely through the lens of ALCOA++ principles. Every document in the TMF, and every absence of a document, is a data point that regulators will assess for attributability, completeness, consistency, and traceability.
ALCOA++ compliance in a TMF context means:
Metadata integrity. Timestamps, user IDs, version histories, and system logs must be preserved and reviewable, not just for individual documents, but across the integrated systems that contribute to the TMF.
Audit trail governance. Audit trails must be enabled and actively reviewed on a risk-based schedule. Enabled-but-unreviewed audit trails do not satisfy ALCOA++ expectations.
Reconstructability. Regulators must be able to trace any data point in the TMF from raw entry through every modification to its final form. In a hybrid trial environment, this means being able to follow a data chain across eCOA platforms, EDC systems, monitoring tools, and the eTMF itself.
System validation. The systems used to collect, store, and manage TMF data must be validated in accordance with computer systems validation (CSV) or computer software assurance (CSA) standards. An unvalidated eTMF system is itself an ALCOA++ violation.
Vendor and investigator controls. ALCOA++ is a shared responsibility. Sponsors must ensure that CROs, site management organizations, and technology vendors maintain ALCOA++-compliant practices, and contracts must reflect data access, retention, and return obligations accordingly.
ALCOA++ in modern clinical trial environments
Although ALCOA++ is often discussed as a documentation or procedural framework, many of its principles are enforced in practice through system design. Features such as immutable audit trails, version control, controlled user authentication, and metadata preservation are technical capabilities that must be built into the systems that generate and manage clinical trial data.
In digital trial environments, maintaining ALCOA++ compliance depends on how systems capture events, store metadata, and preserve relationships between records over time. If these capabilities are not implemented at the system level, organizations may find themselves relying on manual processes to compensate for structural limitations in their technology stack.
As clinical trials become increasingly digital, data integrity is shifting from being primarily a procedural requirement to becoming a system architecture requirement.
eCOA and ePRO (electronic Patient-Reported Outcome) platforms must capture subject-reported data with full metadata preservation. Wearables and sensors must be validated and attribute data to the correct subject, device, and timestamp. IRT (Interactive Response Technology) systems must maintain an auditable record of randomization and IP management.
Demonstrating traceability therefore requires more than validating individual systems. Sponsors must be able to reconstruct the data lineage across systems, showing how information moved from its original source through intermediate processing steps and ultimately into the records that support regulatory submissions and the TMF.
As AI-assisted TMF capabilities emerge, it’s important to treat these as solely decision-support tools. AI can help identify potential gaps or inconsistencies, even make suggestions, but it cannot make underlying adhere to ALCOA++ principles or make a TMF inspection-ready on its own. The responsibility for verifying that records are complete, accurate, and appropriately documented remains with the qualified individuals overseeing the trials and systems used to manage its data.
How an eTMF system supports ALCOA++ compliance
An eTMF system purpose-built for GCP compliance operationalizes ALCOA++ requirements at the system level:
Attributable and Traceable are enforced through unique user authentication, role-based access controls, and comprehensive audit trails that log every document action, upload, view, edit, approval, rejection, with user ID, timestamp, and action type.
Contemporaneous and Consistent are supported by system-enforced timestamps that cannot be retroactively altered, and workflow controls that flag out-of-sequence documentation before it becomes an inspection finding.
Enduring and Available are addressed through validated, access-controlled cloud repositories with tested backup and restore procedures, remote accessibility, and data retention support for the full regulatory lifecycle.
Complete is monitored through TMF reference model alignment, real-time completeness dashboards, and automated gap identification, so missing documents are identified and remediated before an inspector finds them.
Montrium's eTMF Connect is built on a validated platform designed to support ALCOA++ compliance across every principle, helping clinical operations teams maintain inspection-ready TMFs throughout the trial lifecycle.
Frequently asked questions
What is the difference between ALCOA+ and ALCOA++?
ALCOA+ consists of nine principles (the original five ALCOA attributes plus Complete, Consistent, Enduring, and Available). ALCOA++ adds a tenth principle: Traceable. This was formally codified by the EMA in its October 2023 guideline. ALCOA++ reflects the traceability requirements specific to complex digital and multisystem clinical trial environments.
Is ALCOA++ an FDA or EMA requirement?
ALCOA++ was formally defined by the EMA in 2023. The FDA's primary data integrity reference remains the 2018 Data Integrity and Compliance With Drug CGMP Guidance, which aligns with ALCOA+ principles. However, for clinical trials subject to EMA oversight, including any trial intended to support a European marketing application, ALCOA++ requirements now apply. For global trials, ALCOA++ represents the safest and most comprehensive compliance posture.
What does "Traceable" mean in ALCOA++?
Traceability requires that any data point can be followed through its complete lifecycle, from creation, through every modification, to its final form. Changes must be documented in audit trails that don't obscure original data, and the sequence of modifications must be reconstructable without specialized system knowledge.
In practice, this means audit trails that are human-readable, metadata that travels with data across system migrations, and version control that captures not just what changed, but who changed it, when, and why.
Do ALCOA++ principles apply to paper-based TMF processes?
Yes. ALCOA++ principles apply to all GxP data, regardless of whether the system is paper or electronic. For paper-based processes, Traceable and Available become particularly challenging to demonstrate, which is one reason why eTMF systems built on validated, auditable platforms have become the standard of care.
What is the most common ALCOA++ violation in FDA inspections?
Based on FDA enforcement patterns, Contemporaneous violations, data recorded after the fact without supporting documentation, are among the most frequently cited issues. Backdated entries, retrospective data entry, and altered timestamps are red flags that consistently appear in FDA Warning Letters and 483 observations.
.png)
.png)
.jpg)
