China: NMPA publishes Draft Guidance on Inspection of Data Integrity in QC Laboratories

In May 2026, the Chinese National Medical Products Administration (NMPA) – through the Centre for Drug Evaluation and Inspection (CDEI) – released a draft guidance for public comment on the inspection of data integrity in pharmaceutical quality control laboratories.

The guidance builds on ALCOA++ principles and describes what inspectors should look for across the entire data lifecycle, from generation and processing to reporting, review, archiving, and destruction. A key theme is risk-based data integrity management: organisations are expected to understand their sample and data flows, assess data risk and criticality, and implement proportionate organisational and technical controls.

Practical inspection focus areas include robust data governance (senior management commitment, adequate resources, training, and ongoing self-assessment), effective control of paper records (templates, version control, contemporaneous recording, corrections, and independent checks), and strong controls for computerised systems (security, least privilege, audit trails, validation, backups, migration, and archiving). The draft also addresses expectations for contract testing laboratories and highlights common deficiencies observed during inspections.

Table of contents

The document is structured as follows:

• 1 Purpose / Objective
• 2 Scope
• 3 Data Management and Data Governance Systems
  - 3.1 Data Management
  - 3.2 Data Governance Framework
• 4 Basic Principles of Data Reliability (ALCOA++)
• 5 Key Points for Data Reliability Checks on Paper Records
• 6 Key Points for Reliability Checks on Computerised and Hybrid Systems
  - 6.1 Computerised Systems
  - 6.2 Key Points for Reliability Checks on Computerised Systems
  - 6.3 Reliability Management and Inspection Points for Hybrid Systems
• 7 Key Points for Data Reliability Checks at Contract Testing Laboratories
  - 7.1 Data Management Between the Commissioning Party and the Contracted Party
  - 7.2 Third-Party Data Management
• 8 Common Data Reliability Deficiencies
• 9 Key Points and Examples of Data Reliability Checks
  - 9.1 Inspection Methods and Procedures
  - 9.2 Inspection Examples
• Terminology
• References

Download and Comments

The original document was published in Chinese only and is available for download from the authority’s website.

A feedback form was also provided; however, the comment period appears to have been very short and may already have closed.