The regulatory guidelines for GxP Data Integrity have been analysed in this report and mapped to Long Term Digital Preservation (LTDP) self-assessment frameworks and maturity models from the Digital Preservation community.

This helps an organisation to identify what is needed when trying to achieve long-term Data Integrity in practice, for example when GXP data is archived and the ALCOA+ principles need to be met over decade timescales or longer.

The use of maturity models such as the NDSA Levels of Preservation and the DPC Rapid Assessment Model (RAM) allow an organisation to identify how digital preservation can be done in a risk-based way. This aligns the digital preservation approach and systems chosen with the specifics of exactly what GXP data they are archiving and preserving, why, for how long, and how it needs to be accessed and used in the future. The comparison with the CoreTrustSeal requirements for a Trusted Digital Repository extends this by identifying further good practice and guidelines to be followed when an organisation needs to provide an archiving function and set of services to the rest of the business.

It is clear from the detailed analysis and mapping work in Sections 5, 6, 7 and 8, that almost all aspects of digital preservation covered by the NDSA Levels of Preservation, DPC RAM and CoreTrustSeal are relevant to long-term Data Integrity and meeting the ALCOA principles for the full data lifecycle. This should come as no surprise. Digital Preservation is a discipline that addresses everything needed to ensure sustainable long-term accessibility and usability of digital content. The requirements of long-term GXP Data Integrity align directly with the objectives and good practice of digital preservation as shown in this report. Therefore, if an organisation follows the requirements and guidelines of the NDSA levels, DPC RAM and CoreTrustSeal, especially at the higher levels of maturity, then the organisation can have some confidence that regulatory compliance will be met and the risks of not achieving long-term Data Integrity will be minimised or reduced to an acceptable and proportionate level.

Mapping GXP long-term Data Integrity to well established frameworks and models from digital preservation community provides a direct link to what is generally considered good practice. This can be used to advocate for further investment into digital preservation within an organisation, it can be used to show the business that appropriate measures are in place, and it can be used during inspections and audits to justify that the requirements of long-term Data Integrity have been properly assessed, best endeavours based on best practice have been made, and appropriate solutions are in place or are in the process of being implemented.

The mappings in this report have a strong focus on what digital preservation requirements need to be met by systems and what good practice these systems need to follow. This allows an organisation to evaluate whether data can be left in the systems where the data was originally created, i.e. ‘live systems’, and for how long, or whether data needs to be transferred or migrated to dedicated archiving and preservation systems which are better suited to the specifics of achieving long-term Data Integrity. These could be in-house systems or those provided by service providers.