Why Excel Creates Data Integrity Risks in GMP Environments

Written By Christian Schmidt

Introduction

Excel is widely used in regulated environments.
It is familiar, flexible, and readily available.

The problem is not Excel itself.
The problem is how Excel is used within GMP processes.

In many organizations, spreadsheets are treated as a pragmatic extension of the quality system.
In practice, this often creates data integrity risks that only become visible during audits or inspections.

Excel Is Not a GMP System

Excel was never designed to function as a GMP-compliant system.

It does not inherently provide:

  • controlled user access

  • complete and secure audit trails

  • enforced version control

  • traceable data ownership

  • protection against unintended modification

These controls can sometimes be added manually, but they are rarely implemented consistently across an organization.

Fragmentation Creates Risk

In many GMP environments, Excel files exist alongside:

  • electronic QMS platforms

  • paper-based documentation

  • local databases

  • shared network drives

This leads to fragmented data landscapes.

Data is:

  • transferred manually

  • copied between systems

  • maintained in parallel

  • updated without clear ownership

Each manual interface increases the probability of error, loss of traceability, and undocumented changes.

Data Integrity Is Not Additive

A common misconception is that data integrity can be achieved by adding controls around individual tools.

In reality, data integrity is systemic.

If data flows across disconnected tools without consistent controls, the integrity of the overall process cannot be guaranteed — even if each individual component appears compliant.

What is not connected is not controllable.

Typical Audit Observations

During audits and inspections, Excel-related issues frequently appear as:

  • missing or incomplete audit trails

  • unclear responsibility for data entry and approval

  • undocumented data changes

  • inconsistent versions used for decision-making

  • lack of linkage between source data and reported outcomes

These findings are rarely caused by misconduct.
They are structural in nature.

Regulatory Expectations

Regulators do not prohibit the use of spreadsheets.
However, they expect organizations to demonstrate:

  • data integrity across the full data lifecycle

  • traceability from source to decision

  • controlled access and accountability

  • consistency between systems

When Excel is used outside a controlled system context, meeting these expectations becomes increasingly difficult.

A Pragmatic Perspective

Excel can still play a role in regulated environments.

However, its use must be:

  • clearly defined

  • limited in scope

  • supported by documented controls

  • integrated into the overall quality system

Where Excel becomes a substitute for structured systems, data integrity risks are introduced — often unintentionally.

Conclusion

Excel is not the problem.
Uncontrolled and fragmented use is.

In GMP environments, data integrity is not achieved through individual tools, but through connected systems, clear ownership, and consistent controls.

What appears practical in daily operations can become a significant explanation challenge during audits.

For further information on audit support and data integrity assessments, please refer to the Services section of this website.

Christian Schmidt
Previous

GMP-Grundlagen für herstellende Apotheken
Next

Your Start in the GMP World: The 5 Essential Steps for New Companies