GxP Security & Data Integrity | ISO 27001 & ALCOA+ | GoVal

GoVal (Adventsys Technologies Pvt Ltd)

Dual ISO Certified · GDPR Compliant

Security & Integrity
Built for Pharma

GoVal combines ISO 27001 information security with ISO 9001 quality assurance and ALCOA+-enforced data integrity — a single platform Life Sciences organisations can validate, audit, and trust.

Book a Demo Explore Data Integrity →

ISO 27001:2022 · ISO 9001:2015

The only GxP validation platform independently certified to both Information Security and Quality Management standards.

GDPR Compliant

EU data residency. Full data subject rights. DPA available.

21 CFR Part 11

FDA-aligned audit trails and electronic signatures.

ALCOA+ by Design

Data integrity enforced at the database layer, not the UI.

EU

EU GMP Annex 11

Computerised system validation and lifecycle controls.

Quick Answer

What is GxP Data Integrity and Security?

In the pharmaceutical and life sciences industries, GxP data integrity refers to the assurance that all regulated data remains Attributable, Legible, Contemporaneous, Original, and Accurate (ALCOA+). Security ensures this data is protected against unauthorized access, alteration, or loss. GoVal achieves this by integrating ISO 27001-certified infrastructure with architectural controls that enforce 21 CFR Part 11 and EU Annex 11 requirements, ensuring every record is backed by an immutable, computer-generated audit trail.

Enterprise Security

Defence in Depth, Validated by Design

GoVal's security architecture is independently certified to ISO 27001:2022 — covering every layer from infrastructure to access control to incident response.

01

Encryption Without Compromise

AES-256 at rest and TLS 1.3 in transit — no exceptions, no legacy protocols, and no unencrypted pathways within the platform.

AES-256 encryption at rest
TLS 1.3 enforced for data in transit
Encrypted database backups

02

Accountability & Access Control

RBAC with MFA and SSO integration ensures only authorised individuals can access or approve records.

Role-Based Access Control (RBAC)
Multi-Factor Authentication (MFA)
SSO via SAML 2.0 / OIDC

03

Complete Organisational Isolation

Row-level security at the database layer guarantees no data ever crosses tenant boundaries.

Row-level security (RLS) per tenant
Isolated processing environments
No data used for AI/LLM training

04

Resilience & Business Continuity

Point-in-time recovery with a 4-Hour RPO and a documented, tested disaster recovery plan.

Automated daily verified backups
Annual disaster recovery testing
Geographic data residency options

ALCOA+ Framework

Trust Your Data. Prove It to Regulators.

GoVal enforces ALCOA+ at the database layer — every record leaves an unalterable trail from input to signature.

Attributable Legible Contemporaneous Original Accurate + Complete + Consistent + Enduring + Available

Aligned with FDA Data Integrity Guidance, PIC/S PI 041-1, and ISPE GAMP Data Integrity by Design.

1. Immutable Audit Trail by Architecture

Every action is captured in a computer-generated, time-stamped audit trail that cannot be altered or deleted — previous record versions are preserved in full.

21 CFR Part 11.10(e) Annex 11 §9

2. Version Control & Document Lifecycle

Documents move through a controlled lifecycle with unique version identifiers and workflow-enforced approvals — only the current approved version is available for execution.

Annex 11 §7.1 GAMP 5

3. Electronic Signatures & Non-repudiation

Signatures are cryptographically bound to their records and capture identity, role, date, time, and meaning — fully aligned with FDA expectations.

21 CFR Part 11 Subpart C

4. Validated Data Capture & Deviations

Structured capture enforces input validation and mandatory fields at entry — deviations are logged with root cause and corrective action for a traceable record.

FDA Data Integrity 2018

FAQ

Answers for Regulated Teams

Questions commonly asked by Quality Managers, Validation Engineers, and IT Security leads evaluating GxP platforms.

What is GxP data integrity and why does it matter for pharma?

GxP data integrity in pharma refers to the assurance that all regulated data remains complete, consistent, and accurate throughout its lifecycle — from creation to archival. Regulatory bodies including the FDA, MHRA, and EMA require data integrity demonstrated through ALCOA+ principles. Failures in data integrity are among the top causes of FDA Warning Letters, 483 observations, and import alerts. GoVal enforces data integrity architecturally — at the database layer — rather than relying on user compliance.

What is ALCOA+ and how does GoVal enforce it?

ALCOA+ is the regulatory standard for GxP data integrity: Attributable, Legible, Contemporaneous, Original, and Accurate — plus Complete, Consistent, Enduring, and Available. GoVal enforces these architecturally: attribution through role-based identity binding, contemporaneous capture via real-time database triggers, accuracy through validated input controls, and enduring availability through immutable archival. ALCOA+ is enforced at the database layer, not just the UI.

Is GoVal ISO 27001 certified?

Yes. GoVal holds ISO 27001:2022 certification for Information Security Management Systems (ISMS). The certification is independently audited and renewed annually, covering access control, encryption, incident response, and business continuity — satisfying supplier security assessment requirements under EU GMP Annex 11 §3.

Is GoVal also ISO 9001 certified?

Yes. ISO 9001:2015 certifies GoVal's internal Quality Management System covering software development, testing, release, and support. This satisfies key computerised system supplier audit requirements under EU GMP Annex 11 §3 and demonstrates quality-by-design in the platform's development lifecycle.

What does 21 CFR Part 11 require for audit trails, and how does GoVal comply?

Under 21 CFR Part 11.10(e), systems must use computer-generated, time-stamped audit trails that capture all record changes with sufficient detail to reconstruct each event. GoVal meets this through database-level triggers that log every write operation with an immutable timestamp and user identity — independent of the application layer, making the audit trail tamper-proof by architecture.

What encryption does GoVal use to protect pharma validation data?

GoVal encrypts all data at rest using AES-256 and all data in transit using TLS 1.3. Each organisation's data is stored with row-level security, ensuring complete logical separation between tenants. No plaintext regulated data is stored anywhere in the platform — satisfying both ISO 27001 and 21 CFR Part 11 security requirements.

How does GoVal support GDPR compliance for European pharma organisations?

GoVal processes personal data lawfully under GDPR Article 6 and offers Data Processing Agreements (DPAs) as standard. Data can be stored within EU/EEA jurisdictions on request, and data subjects may fully exercise their rights to access, rectification, and erasure. No data is transferred outside the agreed jurisdiction without explicit written consent.

How does GoVal handle data residency for non-US and non-EU customers?

GoVal offers EU/EEA and other regional hosting options based on customer data residency requirements. Data residency is agreed upon at onboarding and documented in your Data Processing Agreement (DPA). GoVal Enterprise customers can also request on-premise or private cloud deployment for full infrastructure control.

See What a Dual ISO‑Certified Validation Platform Looks Like

Join Life Sciences organisations across Europe and North America who chose GoVal for its unmatched combination of security, data integrity, and compliance coverage.

Book a Demo

Tailored to your regulatory context

Security & IntegrityBuilt for Pharma