École des Bio-Industries

CTI
Pedagogy

Data integrity: getting engineers ready for the pharmaceutical industry’s demands

At a time when the pharmaceutical industry is going through a major transformation due to digitalization, automation, and the widespread use of computerized systems, the issue of data integrity is becoming a key concern, right at the heart of process reliability, product quality, and trust in the results. …

Aware of these issues, EBI fully integrates data integrity at the core of its engineering training program. Its approach, both progressive and professionalizing, aims to support students in understanding and then appropriating these topics, with the ability not only to exploit and analyze data but also to ensure its integrity, governance, and decision-making value.

In 2026, two major events structured this dynamic. An introductory session laid the foundations of data integrity by addressing regulations, data typology, raw data and metadata, governance, life cycle, good documentation practices, computerized systems, and archiving, with the participation of Expleo. A second phase, dedicated to practical application and conducted with A3P, Data Boost, Humanim, and Oravis, deepened these learnings through an immersive serious game that included a diagnostic phase, the development of an action plan, and a collective feedback session.

This structure leads students to move from understanding to an operational perspective, in direct contact with real-world conditions. It promotes an integrated vision of regulatory issues, computerized systems, data management, and decision-making processes within increasingly digitized industrial environments.

The floor is given to Jad Eid, Head of the Digital Skills Axis at EBI and coordinator of these days, as well as to the companies involved in this initiative, Data Boost, Expléo, Humanim, and Oravis, who share their vision and feedback on these issues.

A co-constructed article, reflecting collective expertise.

Regulatory changes at the heart of digital transformation

Why is the issue of data integrity becoming such a central concern in the pharmaceutical industry today, especially considering the tightening of regulatory requirements?

In highly regulated environments, data is no longer just a piece of information. It serves as evidence, a decision-making element, and often a critical factor for product quality and patient safety. Ensuring its integrity, traceability, and reliability thus becomes a strategic issue for everyone in the sector [1][3].

Recent developments in the pharmaceutical industry only make this reality more obvious. The increase in computerized systems, their interconnection, and the growing volume of data make managing them more complex and sensitive.

In this context, Good Manufacturing Practices (GMP), particularly through Chapter 4 (Documentation) and Annex 11 (Computerised Systems), strengthen requirements relating to the data lifecycle, data traceability, and data security [2][5]. The ongoing revisions of these guidelines illustrate their adaptation to digital transformations by incorporating new dimensions such as data governance and cybersecurity, while further reinforcing risk management approaches [1][4]. As highlighted in an excerpt from the draft revision of Annex 11, risks associated with computerised systems must be “brought down to an acceptable level” [4]. This requirement marks a significant evolution: the objective is no longer solely to document processes, but to demonstrate effective control over systems and data. Furthermore, the regulatory framework states that a computerised system must result in “no resultant decrease in product quality, process control or quality assurance” [2], emphasising that digitalisation must ensure a level of control at least equivalent to, if not higher than, that achieved through traditional practices.

Learning to think of data as a critical object

What do you expect from students beyond just acquiring theoretical knowledge?

Beyond theory, these days aim to help students develop a real engineer’s approach to data. Students are encouraged to adopt several key habits: data can only be used if it’s traceable and verifiable; documentation is a cornerstone of compliance; computerized systems need to be validated and under control; and every decision depends on the reliability of the information available.

This approach fully fits within current regulatory developments, which strengthen the need to link documentation, digital systems, and data governance in an integrated vision [1][4][6].

The goal is also to get students familiar with professional vocabulary and the references used in the industry: ALCOA+, audit trail, data governance, data lifecycle, QRM… Getting used to these concepts and the business language is essential so they can interact effectively with quality, production, validation, IT, and regulatory teams. This familiarization also relies on the MHRA and PIC/S guides, which structure the key ideas of data integrity, data lifecycle, data governance, and record management in a GxP environment [8][9].

Beyond technical skills, it’s about developing a real culture of rigor, traceability, and responsibility.

A direct dialogue with industry players

How is the connection between academic training and industries crucial on these topics?

One of the main goals of this initiative is to create a strong link between academic training and industrial reality. Professionals’ presentations give students concrete feedback and help them understand what’s expected in the field and get a better grasp of the challenges organizations face.

In a context where regulatory authorities have highlighted recurring failures related to data integrity during inspections [3][7], these interactions take on a particularly strategic dimension. They help prepare future engineers for the real-world requirements of the field and the responsibilities that await them. The MHRA and PIC/S guides complement this approach by emphasizing the importance of risk-based data management throughout the data lifecycle [8][9].

What are the most common mistakes or risks seen today in the healthcare industries when it comes to data management?

In the pharmaceutical industry, data management is still a common source of risk today, often due to a lack of overall structure. Many sites still operate with paper data or hybrid setups combining physical materials and digital tools, which increases points of vulnerability.

A common misconception is thinking that digital is automatically safer than paper. In reality, each medium has specific risks that need to be identified and managed. Plus, a lot of data is collected without being fully used, especially from automated equipment. Keeping it without a clear reason raises concerns, because authorities don’t accept the argument that a loss is ‘no big deal’ just because the data is considered non-essential.

On the flip side, not analyzing criticality often means you don’t have some truly strategic data, while unnecessarily keeping data that is little or not critical. On top of that, there are room-for-improvement practices in terms of archiving and retention periods: data not archived, readability not checked over time, or even not destroying outdated data.

Finally, not taking into account the obsolescence of industrial information systems (automation, software, supervision, monitoring) puts sites at a high risk of data loss in case of a failure or crash, with potential impacts on compliance, quality, and business continuity.

And tomorrow?

How do you see the issues related to data integrity evolving in the coming years?

In the years ahead, the challenges related to data integrity in the bio-industries are going to intensify as we continue moving toward increasingly paperless environments. While this shift is necessary, it shouldn’t lead to increased risks: risk analysis and system validation will therefore become key tools for identifying, understanding, and managing the new vulnerabilities introduced by digital technology.

At the same time, the growing reliance on computerized systems will increase cybersecurity challenges, especially when organizations don’t have proper business continuity plans (BCPs); if there’s a network outage, technical issue, or cyber attack, not having backup solutions can seriously affect the availability and integrity of data.

Finally, data use is going to change a lot with the rise of artificial intelligence: with the huge volumes of data generated in real time by pharmaceutical factories, AI seems like a key tool for analyzing, detecting, and anticipating issues, as long as it relies on reliable, well-managed data and the right questions are asked. There’s even an annex to the GMP currently being created on the use of AI (annex 22).

So, data integrity will no longer just be a compliance issue, but a real strategic and operational challenge.

What advice would you give to an engineer just starting out in the industry to develop a strong data and traceability culture?

It’s essential to adopt good data integrity habits from the very first days on the job, relying on the ALCOA+ principles. When applied daily, these principles quickly become natural routines rather than constraints.

It’s also crucial to understand the real importance of each piece of data: not all data is equal, and storing large amounts of paper or digital data without prior analysis creates significant challenges, especially when it comes to traceability, storage, and keeping the data readable throughout its entire lifecycle.

It’s also worth remembering not to see ‘all-digital’ as the default ideal solution; while digital brings many benefits, it also comes with specific risks.

Finally, when it comes to the development of artificial intelligence, an engineer has to keep a critical mind: AI isn’t always the best solution for using data and can create biases, caused by the quality of the data used or the way questions are framed.

In short, a strong data culture is mainly built on being thorough, understanding the stakes, and knowing how to question both the tools and the data itself.

***

Through these teachings, EBI expresses its desire to train engineers who are in tune with the expectations of the pharmaceutical industry, able to work in complex, regulated, and digital environments, and actively contribute to quality and safety.

References

[1] Commission européenne, Stakeholders’ Consultation on EudraLex Volume 4 GMP (Chapter 4, Annex 11, Annex 22), 2025.

[2] Commission européenne, EudraLex Volume 4 – Annex 11: Computerised Systems.

[3] FDA, Data Integrity and Compliance With Drug CGMP – Questions and Answers.

[4] Commission européenne, Draft revision Annex 11, 2025.

[5] Commission européenne, EudraLex Volume 4 – Chapter 4: Documentation.

[6] Commission européenne, Draft revision Chapter 4, 2025.

[7] FDA / Federal Register, Data Integrity guidance and inspection findings.

[8] MHRA, GxP Data Integrity Guidance and Definitions, 2018.

[9] PIC/S, Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments, PI 041-1.