1. Introduction: The Data Problem Nobody Wants to Talk About

Life sciences organizations are investing heavily in AI. Industry analysts estimate pharma AI spending will exceed $3 billion annually by 2027. Yet most AI projects fail to deliver expected value. A 2024 Deloitte survey found 47% of digital transformation initiatives cited data quality as the primary barrier. Gartner estimates poor data quality costs the average organization $12.9 million per year — a figure that compounds quickly when multiplied across a global enterprise.

The problem is not that organizations lack data — most are drowning in it. The problem is data that is messy, fragmented, inconsistent, and locked in systems never designed to talk to each other. Batch records at one site use different naming conventions than those at a recently acquired facility. Lab instrument data flows into a LIMS validated a decade ago with field-length limitations that truncate critical values. Clinical trial data spans multiple EDC systems from different CROs, each with its own schema, terminology, and export format.

In this environment, AI does not fail because the models are poor — it fails because the models have nothing trustworthy to learn from. Garbage in, garbage out is not a new principle, but in regulated environments it carries an additional dimension: garbage in a GxP system can trigger warning letters, consent decrees, product recalls, and patient harm.

This white paper provides a practical, operational guide to understanding what clean data means in a regulated life sciences context, how to assess your current state honestly, and how to execute a phased remediation strategy that positions your organization for AI success without compromising compliance.

2. What “Clean Data” Means in GxP Environments

2.1 ALCOA+ as a Data Quality Lens

The pharmaceutical industry has long relied on the ALCOA framework — and its expanded version, ALCOA+ — as the foundational standard for data integrity. Originally developed to govern paper-based records, ALCOA+ has been adapted by the FDA, EMA, WHO, and ISPE to encompass electronic data as well. For AI readiness, ALCOA+ provides an excellent first-pass quality lens.

Table 1: ALCOA+ Principles Mapped to Clean Data Characteristics

ALCOA+ Principle Definition What It Means for Clean Data
Attributable Traceable to the person or system that generated it Every record has a clear owner; no anonymous entries or shared logins
Legible Readable and permanent No truncated fields, garbled characters, or ambiguous abbreviations
Contemporaneous Recorded at the time of the activity Timestamps accurate; no backdated or bulk-entered records
Original First-captured data is preserved Source records maintained; true copies verifiable
Accurate Correct and reflects actual observations Values within valid ranges; no systematic errors or drift
Complete All data present, including failed tests No missing fields, orphaned records, or selectively deleted results
Consistent Standardized across systems and time Same units, formats, and nomenclature everywhere
Enduring Preserved for required retention period Data accessible and readable throughout its lifecycle
Available Accessible for review and audit Retrievable within reasonable timeframe; not locked in obsolete systems

2.2 The Six Dimensions of Data Quality

While ALCOA+ provides a compliance framework, data science and information management disciplines offer a complementary set of quality dimensions. Together they create a more complete picture of what “clean” means operationally.

Table 2: The Six Dimensions of Data Quality

Dimension Definition GxP Example Target
Accuracy Data correctly represents the real-world entity Batch yield of 98.2% matches actual output ≥95%
Completeness All required data elements are present Every deviation report field is filled ≥98%
Consistency Values uniform across systems Drug names match between LIMS, ERP, and submissions 100%
Timeliness Data recorded and available when needed Adverse events entered within 24 hours ≤90 min
Validity Data conforms to formats and business rules pH values within 0–14; dates follow ISO 8601 ≥99%
Uniqueness No duplicate records for same entity Each batch has exactly one master record 100%

2.3 Clean vs. Dirty Data: Side-by-Side Examples

Abstract definitions are useful, but the difference between clean and dirty data is most clearly understood through concrete examples. The following table illustrates what clean and dirty data look like across key pharmaceutical domains.

Table 3: Clean vs. Dirty Data — Side-by-Side Examples

Domain Dirty Data Example Clean Data Example Why It Matters
Batch Records Yield: “approx 95%”
Operator: “JD”
Date: “last Tuesday”		 Yield: 95.3%
Operator: “John Doe (JD-4821)”
Date: 2026-03-15T14:30Z		 AI needs precise values, not approximations
Lab / LIMS Result: “Pass”
pH: “normal”
Instrument: “Lab 3 one”		 Result: 5.7 mg/mL (spec: 5.0–6.5)
pH: 7.2
Instrument: HPLC-4821		 Quantitative results enable trend analysis
Adverse Events Patient: “elderly female”
Event: “felt sick”		 Patient: F, 73y, 68kg
Event: “Grade 2 nausea (MedDRA: 10028813)”		 Coded data enables signal detection
Deviations Root cause: “human error”
Action: “will retrain”		 Root cause: “Door seal failure (PM overdue by 14 days)”
Corrective: “Replace seal by 2026-04-15”		 Specific descriptions enable CAPA trend analysis
Regulatory Active: “Compound X”
Strength: “usual dose”		 Active: “Palbociclib (CAS: 571190-30-2)”
Strength: “125 mg”		 Cross-reference integrity prevents submission errors

2.4 The “AI-Ready” Data Standard

Compliant vs. AI-Ready: Understanding the Gap

Data can be fully ALCOA+-compliant and still be entirely unsuitable for AI. Compliance ensures data integrity and auditability. AI readiness requires something more: data must be structured for machine consumption, labeled with sufficient context, available in adequate volume, free from systematic bias, and traceable through its full lineage. The following characteristics define the AI-ready standard in a GxP environment:

  • Structured: Values stored in defined fields with consistent data types — not embedded in free-text narrative.
  • Labeled: Records annotated with meaningful metadata — product, site, date, process step, operator role — that allow models to learn patterns in context.
  • Sufficient Volume: Enough records to train and validate a model reliably. Rare event datasets (e.g., critical deviations) may require augmentation strategies.
  • Bias-Free: Data collected consistently across shifts, sites, products, and time periods — not dominated by one facility, one line, or one season.
  • Traceable Lineage: Every data point traceable from its source instrument or system through any transformations to its current state, with timestamps at each step.
  • Interoperable: Consistent identifiers and ontologies that allow data from different systems (LIMS, MES, ERP, QMS) to be joined and analyzed together.

3. What Dirty Data Looks Like: A Field Guide

3.1 Common Data Quality Problems

Dirty data manifests in predictable patterns. Recognizing these patterns is the first step toward targeted remediation.

  • Inconsistent Naming Conventions: The same compound, material, process, or equipment referred to by different names across systems or sites. “API-X,” “Active Ingredient X,” “Compound X,” and “CX001” may all mean the same thing — but a database cannot know that without explicit mapping.
  • Missing and Incomplete Records: Fields left blank, records abandoned mid-entry, or data selectively omitted. In a GxP context, missing data is not just an analytical problem — it may constitute a data integrity violation. FDA investigators look specifically for “cherry-picking” of results.
  • Duplicate and Conflicting Records: The same batch, patient, deviation, or material represented more than once, often with slightly different values. This happens at high rates when organizations migrate data between systems or when staff manually re-enter records from paper.
  • Free-Text vs. Structured Data: Critical information buried in narrative comment fields rather than coded in structured fields. Root cause descriptions like “equipment issue” or “operator error” are nearly useless for AI trend analysis. Coded values like “Equipment Malfunction > Seal Failure” are actionable.
  • Temporal Anomalies: Records with impossible timestamps (batch recorded as completed before it started), backdated entries, bulk entries created hours or days after the event, or timezone mismatches that corrupt chronological ordering across global systems.

3.2 Where Dirty Data Hides

Data quality problems rarely announce themselves. They accumulate in pockets that are easy to overlook — especially in organizations where data review is compliance-focused rather than quality-focused.

Table 4: Where Dirty Data Hides and Why

Source Why Data Quality Suffers Common Problems
Legacy LIMS Outdated schemas, limited validation Missing fields, non-standard units, truncated values
Paper-to-Digital Manual transcription introduces errors Typos, misread handwriting, lost context
Multi-Site Operations Different systems, SOPs, conventions Inconsistent naming, non-comparable metrics
Vendor Data Feeds Varied formats, different standards Schema mismatches, missing mappings
Spreadsheet Workarounds Staff use Excel to bridge system gaps No audit trail, formula errors, version chaos
Manual Data Entry Human entry without validation controls Responsible for up to 25% of quality faults

3.3 The Acquisition Problem: Mergers as a Source of Data Chaos

Mergers and acquisitions are a defining feature of the pharmaceutical industry — and one of the most reliable sources of data quality degradation. When two organizations merge, they rarely merge cleanly. What actually happens is two (or more) data ecosystems — each with its own naming conventions, coding schemes, system architectures, and quality standards — are suddenly expected to work together.

The acquired company’s batch numbering schema conflicts with the acquiring company’s. Their MedDRA version is behind by two releases. Their equipment IDs follow no standard. Their LIMS uses a different unit of measure for the same assay. Their deviation categories map to only about 60% of the acquiring organization’s taxonomy.

Left unaddressed, these gaps compound. Within months, reports are running against mixed data. Within a year, trend analyses are meaningless. Within two years, the organization cannot reliably answer basic questions about product quality across all its facilities.

M&A Data Best Practices

  • Pre-Acquisition Assessment: Conduct a data quality due diligence review as part of the deal process. Understand what you are acquiring before you close.
  • Master Data Mapping: Before migrating any data, create explicit mapping tables between source and target schemas. Do not assume equivalence.
  • Harmonization Before Migration: Standardize naming conventions, units, and coding schemes at the source before transfer. Migrating dirty data creates twice the cleanup work.
  • Migration Strategy: Treat data migration as a validated activity. Define acceptance criteria, run parallel systems during transition, and document every transformation.
  • Post-Migration Validation: Run automated quality checks on migrated data. Reconcile record counts, verify field mappings, and review samples manually.

3.4 The Real Cost of Dirty Data

The costs of poor data quality in life sciences are both direct and indirect. Direct costs include rework, investigations, regulatory responses, and remediation. Indirect costs include delayed decisions, missed signals, failed AI initiatives, and reputational damage. The numbers are significant.

60%+
Of FDA warning letters issued between 2020–2025 included data integrity observations
5–10×
Higher remediation costs when data quality issues are discovered post-automation vs. pre-automation

Beyond the financial impact, dirty data erodes trust. When quality professionals cannot rely on the data in their systems, they build shadow systems — spreadsheets, personal logs, informal workarounds. These parallel data streams multiply the integrity problem and make it exponentially harder to achieve the single source of truth that AI requires.

4. Data Quality by Domain: What Clean Looks Like in Practice

Clean data looks different depending on the domain. The following tables define clean standards for each major data domain in pharmaceutical manufacturing and development, along with the most common quality problems observed in practice.

Table 5: Manufacturing / Batch Records

Data Element Clean Standard Common Problem
Batch Number Unique, structured identifier per site SOP (e.g., SITE-PRODUCT-YYYY-NNN) Free-form entries, duplicates, non-standard formats across sites
Yield Numeric value with units and specification range (e.g., 95.3% — spec 90–102%) “Approx,” “good,” “pass” — non-numeric entries that preclude trend analysis
Operator ID Unique employee ID linked to role and training record Initials only, shared login, blank entries
Timestamps ISO 8601 format, UTC or local with offset, system-generated Manual overrides, backdated entries, inconsistent timezone handling
In-Process Controls All results entered with units, instruments, and pass/fail rationale Bulk entry at end of shift, selective recording of passing results
Equipment IDs Asset tag from CMMS, linked to calibration and PM records Colloquial names (“the big mixer”), room references, blank
Materials Lot number, supplier code, CoA reference — all fields populated Missing lot numbers, unverified CoA references, abbreviated material names

Table 6: Quality Management (Deviations / CAPA)

Data Element Clean Standard Common Problem
Deviation Category Coded from controlled vocabulary (e.g., Equipment > Seal Failure > Preventive Maintenance Overdue) Free-text root cause categories like “human error,” “equipment issue”
Root Cause Specific, causal description with contributing factors identified Generic descriptions that cannot be trended or linked to systemic issues
CAPA Actions Specific action, owner, due date, and verification criteria “Will retrain,” “increased oversight” — vague actions with no measurable outcome
Effectiveness Check Documented review with pass/fail criteria and evidence Missing entirely, or completed as checkbox with no supporting data
Risk Rating Coded risk score from validated risk assessment tool Subjective ratings without documented rationale
Product Impact Explicit statement of patient risk assessment outcome Blank, or “no impact” without supporting analysis

Table 7: Laboratory / LIMS

Data Element Clean Standard Common Problem
Test Results Numeric value with units, specification, instrument ID, analyst ID “Pass,” “within spec,” or qualitative descriptions instead of measurements
Instrument Data Electronic raw data files linked to LIMS record; audit trail intact Manual transcription from instrument printout; raw data files deleted
Reference Standards Lot, expiry, and certificate of analysis linked to each test Standard lot not recorded; expired standards used without documentation
OOS / OOT Records All OOS results recorded including those later invalidated, with full investigation OOS results deleted or overwritten; invalidation without documented justification
Method Reference Specific validated method version and revision number “Standard method,” “usual procedure” — no traceability to validated method
Environmental Conditions Temperature, humidity, and other critical conditions logged at time of test Missing or manually entered after the fact

Table 8: Clinical Trials

Data Element Clean Standard Common Problem
Subject Identifiers Consistent pseudonymized ID across all EDC systems; no PII in data fields Different IDs in different systems; PII embedded in notes fields
Adverse Events MedDRA-coded, graded per CTCAE, with start date, end date, relationship, and outcome Narrative descriptions without coding; missing grade or relationship fields
Visit Dates Actual visit date vs. protocol-specified date, both recorded with variance flagged Only protocol date recorded; actual dates not captured
Protocol Deviations All deviations documented with category, impact assessment, and corrective action Undocumented deviations; inconsistent categorization across sites
Lab Values Units, reference ranges, and lab-specific normal ranges all recorded Values without units; reference ranges not captured
Randomization Treatment assignment traceable to randomization system with timestamp Manual override of assignment without documentation

Table 9: Regulatory Submissions

Data Element Clean Standard Common Problem
Substance Identifiers INN, CAS number, UNII, and preferred IUPAC name — all recorded and consistent Abbreviated names, internal codes without cross-references
Specification References Exact specification version numbers with effectivity dates References to “current specification” without version locking
Manufacturing Sites FEI number, DUNS, and exact site address consistent across all modules Inconsistent site names between sections; outdated addresses
Study References Protocol number, EudraCT/ClinicalTrials.gov ID cross-referenced Internal study codes only; no external registry cross-reference
Batch Data All batches from defined representative scale, with full results Only selected batches included; missing scale-up justification

Table 10: Pharmacovigilance

Data Element Clean Standard Common Problem
Case Identifiers Unique case ID consistent across all safety systems (E2B fields populated) Duplicate cases, inconsistent IDs across databases
Reaction Terms MedDRA LLT and PT coded; verbatim term preserved alongside code Verbatim only; inconsistent coding across reporters or regions
Seriousness Criteria All applicable seriousness flags checked with supporting clinical narrative Missing seriousness criteria; overcoding or undercoding
Reporter Information Reporter qualification, country, and source type recorded Reporter type missing; source classification inconsistent
Product Information Batch number, dose, route, indication, and start/stop dates all populated Dose missing, indication vague, batch number absent
Follow-Up Records All follow-up information linked to original case with version history Follow-up entered as new case; version history broken

5. Assessing Your Data: Where Do You Stand?

5.1 Data Quality Maturity Rubric

Before investing in remediation, it is essential to understand your current maturity level. The following rubric assesses five dimensions of data quality capability across four maturity levels.

Table 11: Data Quality Maturity Rubric

Dimension Level 1: Ad Hoc Level 2: Defined Level 3: Managed Level 4: Optimized
Data Standards No naming conventions; each system uses its own logic Standards documented for some systems; inconsistently applied Enterprise-wide standards defined and enforced by system controls Standards continuously reviewed, versioned, and aligned to industry ontologies
Data Governance No defined data owners; IT manages data informally Data owners assigned for critical systems; roles informal Formal governance board; stewards active across domains; policies enforced Governance embedded in all project lifecycles; metrics drive continuous improvement
Data Quality Monitoring No routine quality checks; issues discovered reactively Manual spot checks run periodically; results not systematically tracked Automated quality checks on critical datasets; dashboards reviewed regularly Real-time quality monitoring with predictive alerts; KPIs linked to business outcomes
System Integration Systems siloed; no shared identifiers; manual handoffs Some integrations via point-to-point; incomplete coverage Master data management in place; most critical systems integrated Full integration fabric; semantic interoperability across all GxP systems
Data Literacy Staff unaware of data quality standards; no training Basic data entry training exists; quality not linked to compliance Data quality training mandatory; staff understand impact of poor quality Data literacy embedded in culture; staff proactively identify and escalate issues

Scoring: Score each dimension 1–4 based on your honest assessment. Total score interpretation:

  • 5–10: Fundamental data quality gaps that must be addressed before any AI initiative.
  • 11–16: Ready for targeted pilots in well-governed domains, but enterprise AI requires further investment.
  • 17–20: Strong foundations; ready to build AI capabilities with appropriate governance.

Data Quality Maturity Model — Visual Overview

Level 1 — Ad Hoc
Reactive, unstructured, no defined ownership
Level 2 — Defined
Standards documented, inconsistently applied
Level 3 — Managed
Automated monitoring, formal governance in place
Level 4 — Optimized
Continuous improvement, AI-ready, fully integrated

5.2 Data Readiness Scorecard

The following scorecard provides a more granular assessment across the dimensions most relevant to AI readiness. Score each item: 2 = Fully in place, 1 = Partially in place, 0 = Not in place.

Table 12: Data Readiness Scorecard (20 Questions)

# Category Assessment Question Score (0/1/2)
1 Standards Do you have enterprise-wide data naming conventions that are actively enforced?
2 Standards Are controlled vocabularies used for coded fields (root cause, AE, material classification)?
3 Technology Are your critical GxP systems capable of exporting structured, machine-readable data?
4 Technology Are validation rules enforced at point of data entry across your primary systems?
5 Governance Has a data owner been formally assigned for each critical data domain?
6 Governance Does a data governance policy exist that is reviewed, approved, and actively enforced?
7 People Do staff receive formal training on data quality standards and their compliance implications?
8 People Is there a defined escalation path for staff who identify data quality issues?
9 Integration Do your LIMS, MES, QMS, and ERP share common identifiers for materials and equipment?
10 Integration Can you join data from at least three systems without manual intervention?
11 Lineage Can you trace any production data point from raw capture to final report?
12 Lineage Are audit trails enabled, reviewed, and protected from modification in all GxP systems?
13 AI Readiness Have you profiled any of your critical datasets for completeness and accuracy?
14 AI Readiness Do you have sufficient historical data volume (3+ years) in key domains to train AI models?
15 AI Readiness Have you assessed your data for systematic biases (site, shift, season, operator)?
16 Completeness Is your completeness rate ≥98% for all mandatory fields in critical systems?
17 Completeness Are OOS and failed test results consistently captured without selective deletion?
18 Standards Are units of measure standardized across all systems for the same data elements?
19 Governance Is data quality performance reported to leadership on a regular cadence?
20 Technology Do you have a data catalog or data dictionary that is current and accessible?

Table 13: Scorecard Interpretation

Total Score Readiness Level Recommended Action
32–40 Data Ready Strong foundation. Begin AI piloting with appropriate governance in place.
24–31 Data Adequate Targeted pilots feasible in well-governed domains. Address gaps in parallel.
16–23 Data at Risk Data remediation should precede AI investment. Focus on governance and standards.
0–15 Data Critical Significant data quality program required. AI should be deferred pending remediation.

5.3 Quick-Win Identification Matrix

Not all remediation is equal. The following matrix helps prioritize efforts by balancing implementation effort against potential quality and AI readiness impact.

Table 14: Quick-Win Identification Matrix

Effort Level High Impact Medium Impact Low Impact
Low Effort Add validation rules to mandatory fields in existing systems; standardize date formats enterprise-wide Add dropdown controlled vocabularies for root cause and deviation categories Rename equipment in existing records to match asset tag system
Medium Effort Deduplicate material master records; map site-specific naming conventions to enterprise standard Enable electronic audit trails in systems where currently disabled; backfill missing operator IDs Consolidate duplicate spreadsheet trackers into single shared repository
High Effort Migrate legacy LIMS data to current system with full validation; implement MDM platform Build real-time data quality dashboards across critical GxP systems Full data dictionary development for all enterprise systems

6. The Data Remediation Playbook

6.1 Five-Phase Data Remediation Cycle

Data remediation is not a one-time project. It is a repeating cycle that, once established, becomes the operating rhythm of a mature data governance program. The following five phases represent a complete cycle from discovery through sustained quality management.

1

Profile & Discover (Weeks 1–4)

Inventory all data sources across the enterprise. Run automated data profiling tools to assess completeness, uniqueness, consistency, and format adherence. Document baseline quality metrics for each system and dataset. Identify and formally assign data owners. Create a data source register with system name, data type, volume, format, and current quality score.

2

Define & Standardize (Weeks 3–8)

Develop data dictionaries for all critical GxP data domains. Define business rules and validation logic for each field. Establish enterprise naming conventions for materials, equipment, products, and processes. Build controlled vocabularies for coded fields (root cause, deviation category, adverse event classification). Publish standards through a formal data governance policy and circulate for stakeholder review.

3

Cleanse & Enrich (Weeks 6–14)

Execute targeted remediation against the highest-priority quality gaps identified in Phase 1. Deduplicate records using probabilistic and deterministic matching algorithms. Fill gaps from authoritative source systems. Normalize formats, units, and identifiers across integrated systems. Resolve cross-system conflicts by applying master data management rules. Document all transformations with full audit trail for regulatory defensibility.

4

Validate & Verify (Weeks 12–16)

Run automated quality checks against defined acceptance criteria for each remediated dataset. Conduct peer review of critical datasets with subject matter experts. Verify alignment with regulatory requirements — ALCOA+, 21 CFR Part 11, Annex 11. Test against AI readiness criteria defined in Section 7. Generate a remediation completion report with before/after quality metrics for each dataset.

5

Monitor & Sustain (Ongoing)

Deploy automated data quality dashboards with real-time monitoring of key quality metrics. Configure alerts for threshold breaches and anomaly detection. Establish a regular review cadence — weekly for critical systems, monthly for enterprise-level reporting. Embed data quality metrics into management review agendas and QMS KPI reporting. Build continuous improvement loops: each quality issue feeds back into updated standards and training.

Five-Phase Remediation Cycle — At a Glance

Phase 1

Profile & Discover

Weeks 1–4

Phase 2

Define & Standardize

Weeks 3–8

Phase 3

Cleanse & Enrich

Weeks 6–14

Phase 4

Validate & Verify

Weeks 12–16

Phase 5

Monitor & Sustain

Ongoing

6.2 Data Governance Essentials

Remediation without governance is a temporary fix. Data will degrade again within months without the organizational structures to sustain quality. The following roles are the minimum viable governance model for a GxP-regulated organization.

Table 15: Data Governance Roles and Responsibilities

Role Definition Key Responsibilities Typical Profile
Data Owner Business accountable for a data domain’s quality and fitness for purpose Approve standards and policies; prioritize remediation; accept data quality risk Senior director or VP in the business function that generates/consumes the data
Data Steward Operational lead responsible for day-to-day quality of a specific dataset or system Monitor quality metrics; investigate issues; enforce standards; coordinate training Subject matter expert — quality manager, lab manager, clinical data manager
Data Custodian Technical accountable for storage, security, and system integrity of data Maintain infrastructure; manage access controls; ensure backup and recovery; manage integrations IT application owner, system administrator, database administrator
Data Governance Board Cross-functional body that sets strategy, resolves conflicts, and tracks enterprise progress Approve enterprise standards; prioritize investment; review KPIs; escalation point for cross-domain issues Cross-functional: QA, IT, regulatory affairs, manufacturing, clinical, data science

6.3 RACI Matrix

Table 16: RACI — Data Governance Activities

Activity Data Owner Data Steward IT / Custodian QA Executive Sponsor
Define data quality standards A R C C I
Approve governance policies C C I R A
Monitor data quality KPIs I R C C I
Investigate data quality issues A R C C I
Execute data remediation A R R C I
Manage system access controls I C R A I
Deliver data quality training A R I C I
Report to leadership on data quality C R I C A

R = Responsible, A = Accountable, C = Consulted, I = Informed

6.4 Technology Enablers

Technology is an accelerator, not a substitute, for governance. The right tools — deployed on a foundation of clear standards and defined ownership — dramatically improve an organization’s ability to detect, remediate, and prevent data quality issues at scale.

Table 17: Technology Enablers for Data Quality

Tool Category Purpose Examples GxP Consideration
Data Profiling Automated analysis of datasets to identify quality issues — nulls, duplicates, format violations, outliers Talend Data Quality, Informatica IDMC, Great Expectations, dbt Profiling activity should be documented; outputs subject to review and approval
Data Cataloging Centralized inventory of datasets, schemas, lineage, and business definitions; searchable by all users Collibra, Alation, Microsoft Purview, Atlan Catalog must include GxP classification tags (critical, non-critical, validated system)
Data Quality Monitoring Ongoing automated checks against defined rules with alerting and trending Monte Carlo, Bigeye, Soda, MonteCarlo, Anomalo Alert thresholds should be defined in SOP; responses documented
Master Data Management Central repository and governance of shared reference data (materials, equipment, sites, personnel) SAP MDG, Informatica MDM, Reltio, Syndigo MDM system itself requires validation if used to control GxP-impacting reference data
Data Lineage Tracks data from source to destination through all transformations — essential for AI model traceability Apache Atlas, Marquez, OpenLineage, Collibra Lineage Lineage documentation may be required for AI system validation packages
eQMS Platforms Electronic quality management with structured data capture for deviations, CAPA, change control, audits Veeva Vault QMS, MasterControl, TrackWise, ETQ Reliance Must be validated per GAMP 5 and 21 CFR Part 11 where applicable; data export capability critical

7. Making Data AI-Ready: Beyond Clean

7.1 The Gap Between Compliant and AI-Ready

Achieving ALCOA+ compliance and passing a data integrity audit are necessary but insufficient conditions for AI readiness. Regulatory compliance establishes a floor for data quality — it ensures records are attributable, legible, and complete. AI readiness requires building on that floor to meet the additional demands of machine learning systems.

The following gaps are commonly observed in organizations that have strong compliance programs but have not yet prepared their data for AI:

  • Format Gap: Data captured in ways readable by humans but not machines — PDFs, scanned images, narrative text fields, formatted Excel cells. Machine learning models require structured, typed data in accessible formats (CSV, JSON, Parquet, database tables).
  • Volume Gap: Sufficient historical data exists, but it is fragmented across systems, partially archived, or not accessible via API. A model may need 10,000+ labeled examples to perform reliably — a volume that is often unavailable from any single system.
  • Representation Gap: Data was collected primarily under normal operating conditions. Rare events — critical deviations, OOS results, equipment failures — are underrepresented. Models trained on this data will be poor at predicting the very anomalies you most need to detect.
  • Accessibility Gap: Data exists in validated systems that were not designed for bulk export or API access. Extracting data for AI requires changes to validated systems — triggering qualification and validation activities that add time and cost.
  • Lineage for AI: For a regulated AI system, you must be able to demonstrate exactly what data was used to train the model, how it was preprocessed, what transformations were applied, and whether any bias-correcting adjustments were made. Without documented lineage, this demonstration is impossible.

7.2 Feature Engineering for Regulated Data

Feature engineering — the process of transforming raw data into the input variables (features) used to train an AI model — has specific requirements in a regulated context. Each transformation must be documented, justified, and traceable to the source data. Key requirements include:

  • Documented Transformation Logic: Every calculation, normalization step, encoding decision, and feature derivation must be captured in a controlled document and version-tracked.
  • Validation of Preprocessing Steps: Preprocessing pipelines should be tested against known inputs and outputs. Results should be reviewed and approved before use in model training.
  • Preservation of Source Records: Transformed features are derived from — but do not replace — source records. Original data must remain accessible and unaltered.
  • Bias Assessment: Before training, assess the feature distribution for systematic imbalances. Overrepresentation of one site, shift, or product family can produce models that generalize poorly.
  • Reproducibility: Given the same source data and the same preprocessing code, the same features must always be produced. Non-deterministic preprocessing (e.g., random sampling without fixed seeds) must be controlled.
  • Change Control: Any change to a preprocessing pipeline used in a validated AI application must go through formal change control, with impact assessment and re-validation as required.

7.3 AI Readiness Checklist

The following checklist provides a rapid self-assessment of AI readiness across the 15 criteria most critical to successful model development in a regulated environment. Score each criterion: 1 = Yes, 0 = No.

Table 18: AI Readiness Checklist (15 Criteria)

# Category Criterion Score (0/1)
1 Format Data is available in structured, machine-readable format (not PDF or scanned image)
2 Standardization All categorical fields use controlled vocabularies with consistent coding
3 Completeness Completeness rate ≥95% for all model input variables
4 Quality Data has been profiled and quality baseline documented
5 Volume Sufficient historical records available to train and validate model (domain-specific, typically 3+ years)
6 Bias Data distribution assessed for systematic bias across sites, shifts, products, and time periods
7 Traceability Every data point traceable to its source system and original capture event
8 Compliance Data governance policy explicitly covers AI use of GxP data
9 Security Access controls and data use agreements in place for AI development environment
10 Readiness Preprocessing pipeline defined, documented, and under version control
11 Currency Data is current and reflects current processes (not legacy or superseded workflows)
12 Completeness Negative outcomes (OOS, failed batches, reported AEs) are captured at same quality as positive outcomes
13 Lineage Full lineage documentation exists for all data sources included in training set
14 Compliance Legal and regulatory review completed for use of this data in AI model development
15 Sustainability Ongoing data pipeline exists to refresh model training data as new records accumulate

Scoring Interpretation: 13–15 = AI Ready; 9–12 = Address identified gaps before full deployment; Below 9 = Significant data preparation required before model development begins.

8. Special Considerations for GxP Compliance

Data quality in life sciences is not purely a technical question — it is a regulatory one. The following frameworks directly govern how data must be created, managed, and used in GxP-regulated activities. Any AI program touching these domains must demonstrate alignment.

U.S. Regulation

21 CFR Part 11

The FDA’s foundational regulation for electronic records and electronic signatures. Requires audit trails, access controls, system validation, and equivalent trustworthiness to paper records. AI systems that generate, modify, or maintain electronic records in a regulated context are subject to Part 11.

EU GMP

Annex 11 & Annex 22

Annex 11 governs computerized systems in EU GMP — data backup, audit trails, validation, and change management. Draft Annex 22 (published 2025) specifically addresses the use of AI in GMP operations, covering model validation, explainability, risk assessment, and ongoing monitoring requirements for AI-based systems.

Quality Risk Management

ICH Q9(R1)

The revised ICH Q9 guidance introduced formal requirements for data governance within quality risk management activities. Data quality failures must be assessed for their impact on product quality risk. Risk assessments that rely on poor-quality data may not be defensible in regulatory review.

ISPE Framework

GAMP 5 (2nd Edition)

The industry standard for computer systems validation. GAMP 5’s second edition (2022) explicitly addresses modern software development approaches, including AI/ML systems, data integrity requirements, and the validation of cloud-based and hybrid systems. AI models trained on GxP data are within scope.

U.S. FDA

FDA AI Guidance (2025)

The FDA’s evolving guidance on AI and machine learning in drug development and manufacturing includes expectations for data quality, model documentation, explainability, and post-deployment monitoring. The agency has signaled that data provenance and training data quality will be key elements of AI system submissions.

Across these frameworks, several compliance principles apply consistently to data used in AI systems:

  • Data integrity must be maintained throughout the AI lifecycle — from data collection through model training, deployment, and re-training. Any transformation of GxP data must be documented and traceable.
  • AI models that influence regulated decisions must be validated — not just technically tested, but validated in the sense of demonstrating fitness for intended use in the regulated context.
  • Audit readiness is non-negotiable. Regulators will ask: what data was used, where did it come from, how was it prepared, who approved it, and how is the model monitored? Organizations must be able to answer all of these questions clearly.
  • Change control applies to AI models — including changes to training data, preprocessing logic, model architecture, hyperparameters, and performance thresholds. Each change must be assessed for its impact on compliance status.
  • Human oversight must be preserved. Even high-performing AI systems in regulated environments require defined human review checkpoints. The level of oversight should be commensurate with the risk of the application.

9. Leadership and Organizational Readiness

Data quality problems are rarely purely technical. In most organizations, they are symptoms of organizational choices: under-investment in data infrastructure, unclear accountability, cultures that tolerate workarounds, and leadership that has not connected data quality to strategic outcomes.

Fixing data quality requires fixing the organizational conditions that created it. Leaders have a specific and non-delegable role in that process.

  • Frame Data Quality as a Strategic Asset: When leadership treats data quality as an IT problem or a compliance checkbox, the organization responds accordingly. When leaders articulate data quality as the foundation of AI capability, regulatory resilience, and competitive advantage — and back that framing with resources — it changes what gets prioritized.
  • Assign Clear Ownership: Data without an owner degrades. Every critical data domain needs a business leader who is accountable for its quality — not as a secondary responsibility, but as a visible, measured part of their role. Name names. Set expectations. Review progress.
  • Make Data Quality Visible: What gets measured gets managed. Establish data quality KPIs. Include them in management review. Surface them in QBRs. When quality problems are invisible to leadership until they cause an audit finding, the remediation cycle is too slow and too expensive.
  • Build Psychological Safety: Staff who observe data quality problems often do not report them because they fear blame or disruption. Creating channels for anonymous reporting, celebrating catches, and treating quality issues as systemic rather than personal failures dramatically increases the speed of issue identification.
  • Fund It Properly: Data remediation and governance programs require sustained investment. Organizations that fund a six-month cleanup project and then expect quality to maintain itself discover — typically when preparing for an AI initiative or a regulatory inspection — that it does not. Budget for ongoing governance, tooling, and training.
  • Start with a Quick Win: Choose one high-visibility, high-impact dataset. Profile it. Fix it. Show the results. Nothing builds organizational momentum for data quality work like demonstrating that it is possible and that it produces tangible outcomes.
Further Reading on Data Culture

For a deeper exploration of the cultural and organizational dimensions of data quality in pharmaceutical AI, see the companion article: “The Critical Role of Data Quality and Data Culture in Successful AI Solutions for Pharma” by Harpe and Laurent, published at IntuitionLabs.ai. The article explores how data culture — not just data technology — determines AI outcomes in regulated environments.

10. Key Takeaways and Pitfalls to Avoid

10 Key Takeaways

  • Clean Data Has a Precise Definition. It is not “data that passed QC.” It is data that is accurate, complete, consistent, timely, valid, and unique — and documented as such.
  • Compliance Is Necessary but Not Sufficient. ALCOA+ compliance ensures data integrity. AI readiness requires more: structure, volume, labeling, lineage, and interoperability.
  • Acquisitions Create Data Chaos. Every M&A event is a data quality event. Due diligence must include data quality assessment, and integration planning must include data harmonization.
  • Assess Before You Invest. Running an AI pilot on unassessed data is a waste of time and money. Profile your data, score your readiness, and know what you are working with before building models.
  • Remediation Is a Cycle, Not a Project. Data quality requires ongoing monitoring, governance, and improvement. One-time cleanup without sustained governance is a temporary fix.
  • Governance Makes It Stick. Assign data owners, define steward roles, establish a governance board, and link data quality KPIs to accountability. Governance is the only mechanism that sustains quality over time.
  • Prioritize by Risk and Impact. Not all data is equal. Focus remediation resources on the datasets most critical to patient safety, regulatory compliance, and AI use cases with the highest organizational value.
  • Leadership Must Lead. Data quality culture starts at the top. If leadership does not treat data quality as a strategic priority — with visible metrics, assigned ownership, and real investment — it will not be treated as one at the operational level.
  • The ROI Is Real. The cost of poor data quality — $12.9M per year on average — dwarfs the investment required for a well-designed governance and remediation program. The business case writes itself.
  • Start Now. The best time to build data quality foundations was before you started your AI program. The second-best time is today. Every week of delay compounds the remediation debt.
6 Pitfalls to Avoid

  • Treating Data Quality as a One-Time Project. Data quality is an operational discipline, not a project. Organizations that fund a cleanup effort and declare victory consistently find themselves back in the same position within 18–24 months.
  • Buying Tools Before Building Foundations. No data quality tool can compensate for the absence of standards, governance, and ownership. Tools are multipliers — they multiply whatever you have in place. If you have weak foundations, they multiply weak foundations.
  • Boiling the Ocean. Attempting to fix all data quality issues across all systems simultaneously produces paralysis, not progress. Start with the highest-risk, highest-value datasets and build momentum through demonstrated success.
  • Ignoring Acquisition-Related Data Debt. Organizations that absorb acquired data without harmonization accumulate quality debt that grows compounding interest. The longer it is left unaddressed, the more expensive and disruptive the eventual remediation.
  • Skipping Data Assessment Before AI. Beginning AI model development without a formal data readiness assessment is the single most common cause of AI project failure in regulated environments. It produces models that cannot be validated and programs that cannot scale.
  • Underestimating Change Management. Data quality improvement requires people to change how they work — how they enter data, what standards they follow, what they escalate. Without deliberate change management — training, communication, reinforcement, and incentives — the organizational adoption of new standards is incomplete and unsustained.

The following resources provide deeper coverage of the topics addressed in this white paper. All are recommended for quality professionals, data governance practitioners, and AI program leads in life sciences.

  1. FDA Guidance on Data Integrity and Compliance With CGMP — U.S. Food and Drug Administration. The primary regulatory reference for data integrity requirements in pharmaceutical manufacturing.
  2. 21 CFR Part 11: Electronic Records; Electronic Signatures — U.S. Code of Federal Regulations. The foundational U.S. regulation governing electronic records in regulated environments.
  3. EU GMP Annex 11: Computerised Systems — European Commission, EudraLex Volume 4. The EU equivalent of Part 11, governing computerized systems in pharmaceutical manufacturing.
  4. Draft Annex 22: Use of AI in GMP — European Commission, EudraLex Volume 4. Draft guidance (2025) on the use of artificial intelligence in GMP operations — a landmark document for the industry.
  5. GAMP 5 Guide, 2nd Edition — International Society for Pharmaceutical Engineering (ISPE). The definitive industry guide for computer systems validation, updated to cover modern software and AI/ML systems.
  6. ISPE GAMP Guide: Records and Data Integrity — International Society for Pharmaceutical Engineering. Practical guidance on data integrity program design and implementation.
  7. “The Critical Role of Data Quality and Data Culture in Successful AI Solutions for Pharma” — Harpe and Laurent, IntuitionLabs.ai. Companion article exploring the cultural dimensions of data quality in pharmaceutical AI programs.
  8. DAMA-DMBOK, 2nd Edition — DAMA International. The comprehensive body of knowledge for data management professionals, covering all dimensions of data governance, quality, and architecture.
  9. WHO Technical Report Series, No. 996 — World Health Organization. WHO guidance on good data and records management practices for pharmaceutical manufacturing.
  10. The New Economics — W. Edwards Deming. Deming’s foundational work on quality management and systems thinking — the intellectual origin of many principles underpinning modern data quality practice.

12. Conclusion

Clean data is not an aspiration — it is an operational discipline. And in life sciences, it is not optional: it is the precondition for regulatory trust, AI capability, and patient safety.

The organizations that will succeed with AI in the next decade are not necessarily those with the most sophisticated models. They are the ones that did the unglamorous work of building data foundations — defining standards, assigning ownership, monitoring quality, and governing rigorously — before the AI initiatives launched.

The path forward is clear, even if the work is hard:

  • Assess honestly. Use the maturity rubric and scorecard in this paper. Know where you stand before you commit resources.
  • Remediate systematically. Follow the five-phase cycle. Prioritize by risk and impact. Build momentum with quick wins.
  • Govern rigorously. Assign owners. Define stewards. Establish a board. Link quality to accountability. Measure and report.
  • Build a culture. Train your people. Create psychological safety. Make data quality a shared value, not a compliance burden.

Start with a single dataset. Measure its quality. Fix what you find. Then expand. The path to AI readiness in life sciences is paved with clean records, clear ownership, and the organizational discipline to sustain both.

Clean data. Clear path.

About Sakara Digital

Sakara Digital is a boutique consultancy specializing in digital transformation and quality solutions for life sciences. We bring a human-centered, high-touch approach to every engagement — helping regulated organizations build the data foundations, governance structures, and AI capabilities they need to compete in a digital world. Learn more at sakaradigital.com.