An expanded, inspection‑ready reference on the regulatory expectations applicable to Qualified Persons Responsible for Pharmacovigilance (QPPVs) within the European Union. This chaptered guide provides practical implementation details, governance expectations, delegation oversight procedures, a comprehensive PSMF checklist, illustrative examples and inspection‑focused evidence requirements. Regulatory citations to EU legislation and EMA Good Pharmacovigilance Practices (GVP) are referenced inline where relevant.
Chapter 1 — Legal and Regulatory Context
1.1 Legal basis and scope
- The requirement for a QPPV and for marketing authorisation holders (MAHs) to maintain a pharmacovigilance system is established in European Union medicines law (Directive 2001/83/EC; Regulation (EC) No 726/2004) and implemented through EMA Good Pharmacovigilance Practices (GVP) guidance (see GVP Modules I and II). These instruments require an accountable individual and a documented pharmacovigilance system proportionate to the risk profile of products and the marketing footprint (Directive 2001/83/EC; Regulation (EC) No 726/2004; EMA GVP Modules I & II).
1.2 Regulatory expectations emphasised
- Oversight, accountability, quality systems, inspection readiness and continuous availability are core expectations for the QPPV role (EMA GVP Module I). Regulators expect documented governance and demonstrable control of delegated activities (EMA GVP Modules I & II).
Chapter 2 — Appointment, Qualifications and Governance
2.1 Appointment and legal accountability
- The MAH is responsible for appointing a QPPV and must ensure the individual has the authority, resources and organisational access to fulfil regulatory obligations (Directive 2001/83/EC; EMA GVP Module I).
2.2 Expected qualifications and experience
- The QPPV should possess appropriate scientific, medical or regulatory qualifications and demonstrable pharmacovigilance experience proportionate to the complexity and risk profile of the MAH’s product portfolio. The role is not purely administrative: professional competence, regulatory knowledge, and seniority sufficient to influence corporate decisions are expected (EMA GVP Module I).
2.3 Governance and organisational positioning
- The QPPV must be placed within MAH governance so they can exercise authority (access to senior management, quality unit, regulatory affairs, clinical and manufacturing functions). Documentation should include the QPPV’s job description, delegation log, reporting lines and evidence of participation in key governance committees (EMA GVP Module I).
Chapter 3 — Roles and Responsibilities of the QPPV
3.1 Core responsibilities
- Maintain overall responsibility for pharmacovigilance system performance and compliance; ensure timely reporting of safety information; ensure signal detection and risk-minimisation activities are performed; ensure maintenance of the PharmacoVigilance System Master File (PSMF); liaise with competent authorities and support inspections (EMA GVP Module I & II).
3.2 Oversight beyond case processing
- Oversight spans governance, SOPs, quality management systems (QMS), periodic safety reports, risk management plans, signal management, product safety communications, audits and corrective and preventive action (CAPA) systems (EMA GVP Module I).
3.3 Evidence and artefacts expected
- Job description, delegation matrix, training records, minutes showing QPPV participation in governance, risk assessments, CAPA trackers, and PSMF entries linking QPPV responsibilities to operational processes.
Chapter 4 — Continuous Availability and Deputies
4.1 Continuous and permanent availability
- The QPPV must be continuously and permanently available to fulfil regulatory responsibilities and to respond to national competent authorities and the EMA as required (EMA GVP Module I). “Continuous availability” requires demonstrable mechanisms and records — not simply an assertion.
4.2 Practical arrangements and evidence
- Documented deputy arrangements (primary and back‑up deputies), on‑call rosters, telephone escalation trees, contractual arrangements for external QPPVs (if used), handover logs, and availability logs. Evidence should demonstrate cover for out‑of-hours events, holidays and periods of absence.
4.3 Deputies: selection and empowerment
- Deputies must be authorised, trained, and recorded in the delegation log. The QPPV must ensure deputies are familiar with high‑priority processes (case triage, expedited reporting, urgent safety communications) and can access required systems and documents. Training completion certificates and simulated exercise records (e.g., tabletop exercises) are useful inspection evidence.
Chapter 5 — The Pharmacovigilance System Master File (PSMF)
5.1 Role of the PSMF
- The PSMF describes the pharmacovigilance system, responsibilities, processes and locations where PV activities are performed. It is a living document and must be maintained in a way that enables rapid presentation to inspectors (EMA GVP Module II).
5.2 PSMF ownership and QPPV’s relationship
- The QPPV should maintain awareness of PSMF content, location and operation, and sign or otherwise formally accept responsibility for the PSMF as part of governance (EMA GVP Module II).
5.3 PSMF accessibility and distribution
- The PSMF should be available electronically and/or in hard copy at the site(s) where pharmacovigilance activities are conducted and must be accessible to inspectors within the timelines prescribed in GVP guidance (EMA GVP Module II).
5.4 PSMF maintenance and version control
- Implement version control, change logs, review schedules and a single source of truth for the PSMF. Record who reviewed and approved significant updates and link PSMF entries to controlled SOPs, contracts and organisational charts.
Chapter 6 — PSMF Checklist (Inspection-Ready)
Use this checklist to prepare an inspection‑ready PSMF. Each item should have a document reference and evidence of currency (date, author, approver).
Mandatory PSMF elements (minimum inspection evidence) - Title page with MAH name, PSMF contact details and location(s) of PV activities (EMA GVP Module II). - Index and document control page (version, effective date, author, approver, distribution list). - Statement of MAH legal responsibility and QPPV appointment details (name, contact, CV extract, job description) (Directive 2001/83/EC; EMA GVP Module I). - Organisational charts showing PV governance, QPPV reporting lines and locations where activities are performed. - List of marketing authorisations covered (product names, MA numbers, centralised or national authorisations). - Description of the pharmacovigilance system: processes for collection, detection, evaluation, reporting (including expedited reporting), signal management, PSUR/PBRER production. - SOP index and links to SOPs; status (current/superseded) and last review dates. - Summary of electronic systems used (safety database, eCTD, electronic document management system) and system validations. - List of third-party providers (vendors), delegated activities and copies of signed contracts and pharmacovigilance agreements (PVAs). - Quality system documentation: QA plan, audit schedule, recent audit reports and CAPA trackers. - Training matrix and training records for PV personnel including QPPV and deputies. - Policies and procedures for urgent communications and crisis management. - Local contact details and hours of availability for QPPV and deputies; logs demonstrating continuous availability. - Data protection and confidentiality arrangements relevant to safety data handling. - Records of regulatory interactions: inspection reports, AIs, follow‑up responses and closure evidence. - Risk assessments (e.g., for delegated functions, system failures) and mitigation plans. - Evidence of system performance: KPIs, trend reports and management review minutes. - List of national competent authorities and contact details where MAH is represented. - Appendix: sample templates used for ICSRs, expedited reporting, RMPs, signal minutes.
Inspection evidence to accompany the PSMF - Signed delegation logs, contracts, PVAs and vendor qualification evidence. - System-generated extracts: availability rosters, call logs, managed incidents and CAPA closure evidence. - Minutes and outputs from periodic management reviews with PV agenda items. - Examples of urgent safety communications issued, showing QPPV oversight and approval. - Recent audit reports (internal and third‑party) and corrective action plans.
Chapter 7 — Delegation and Oversight of External Providers
7.1 Delegation principles and regulatory expectations
- Delegating PV activities does not transfer legal responsibilities. The MAH and QPPV retain ultimate accountability for pharmacovigilance compliance; delegated activities must be controlled and documented (EMA GVP Module I & II).
7.2 Contractual and procedural requirements
- Pharmacovigilance Agreement (PVA): should be signed and include scope, responsibilities, data flows, reporting timelines (including for expedited reports), data protection, audit rights, training expectations and business continuity arrangements.
- Service Level Agreements (SLAs): measurable KPIs for timeliness, quality and accuracy of safety data handling; definitions of reportable events and escalation thresholds.
- Change control: obligations for vendors to notify MAH/QPPV of material process changes, system upgrades, workforce changes and subcontracting.
7.3 Qualification and selection of vendors
- Pre‑contract due diligence: questionnaires, audits, reference checks and review of validated systems. Documented vendor selection justifying risk‑based choice.
- Technical evaluation: confirm vendor proficiency for critical tasks (e.g., signal detection, literature screening, aggregate reporting).
7.4 Ongoing oversight and monitoring (procedural details)
- Routine governance cadence:
- Monthly operational metrics review (KPIs: ICSR intake timeliness, quality error rates, duplicate handling).
- Quarterly vendor performance review with scorecards and trend analysis.
- Annual supplier re‑qualification and on‑site or remote audit (risk‑based).
- Inspection evidence:
- Meeting minutes showing QPPV or delegated QA representative attendance.
- KPI dashboards, trend reports, escalation logs and corrective action closure evidence.
- Escalation and breach handling:
- Documented incident management workflow: detection → notification → impact assessment → root cause analysis → CAPA → verification. Retain evidence for each step with QPPV sign‑off where significant.
7.5 Delegation oversight SOP (summary of required elements)
- Purpose and scope.
- Roles and responsibilities (MAH, QPPV, vendor, QA).
- Vendor selection and qualification process.
- Contract and PVA content requirements.
- Operational monitoring (KPIs, reporting frequencies).
- Audit and inspection provisions.
- Change control and notification requirements.
- Data privacy, security and business continuity expectations.
- Record retention and documentation standards.
Chapter 8 — Practical Examples and Case Scenarios
8.1 Example 1 — Delegated case processing to a PV vendor
Scenario: MAH delegates spontaneous ICSR intake and case processing to an external vendor. A serious unexpected suspected adverse reaction is reported and requires expedited reporting.
Expected QPPV/MAH actions and evidence: - Valid PVA specifying timelines for receipt and submission of ICSRs to the MAH and national competent authorities (PVA clause reference). - Vendor incident notification within agreed SLA (evidence: vendor notification email, dated and time‑stamped). - QPPV review of the expedited report and sign‑off prior to submission (evidence: case audit trail with QPPV user ID and timestamp). - Demonstrable linkage in PSMF: vendor activity, SOP references, and system extraction showing submission to the EudraVigilance/NCAs. - Post‑event vendor governance meeting minutes and CAPA if vendor failed SLA (evidence: KPI report, CAPA plan, completion evidence).
Inspection relevance: Inspectors will expect demonstration of timely notification, QPPV oversight and system records proving traceability from receipt to submission (EMA GVP Module I & II).
8.2 Example 2 — QPPV not available during a regulatory inquiry
Scenario: A national competent authority issues an urgent information request and the listed QPPV is not reachable.
Expected governance controls and evidence: - Documented deputy arrangements with primary and secondary deputies listed in the PSMF and delegation log. - Handover records demonstrating deputy authority and recent exercise of responsibilities (e.g., simulated urgent request exercise). - Communication logs demonstrating competent authority contact attempts and timely response by deputy (email/phone logs). - If the MAH failed to respond timely, evidence of remedial actions and CAPA.
Inspection relevance: Inspectors will seek to confirm continuous availability mechanisms and to review the timeliness of responses to regulatory requests (EMA GVP Module I).
8.3 Example 3 — Vendor change without notification
Scenario: A vendor changes subcontracting arrangements and this results in delayed literature screening and missed ICSRs.
Expected controls and remediation: - Contractual change control clause requiring vendor notification of subcontracting and MAH pre‑approval. - Upon discovery, the MAH conducts impact assessment and root cause analysis. - Corrective action: vendor audit, reprocessing of backlog cases, notification of competent authorities if applicable. - Evidence: email exchanges, audit report, reprocessing records with QPPV oversight and CAPA verification.
Inspection relevance: Inspectors will search for contractual controls, evidence of MAH oversight, audit results and CAPA effectiveness (EMA GVP Module I & II).
Chapter 9 — Inspection Readiness: Practical Steps and Evidence
9.1 Preparing the QPPV and governance artefacts
- Maintain an inspection pack including: current PSMF, QPPV CV and job description, delegation log, SOPs, latest audit reports, KPI dashboards, recent CAPAs, training matrices and deputy availability evidence.
- Establish a rapid retrieval system for electronic records (searchable indices, bookmarked PSMF sections).
9.2 Documents inspectors commonly request
- QPPV appointment letter and contact details.
- PSMF and PVA(s) with vendors.
- Safety database extracts for selected ICSRs: intake timestamps, case processing audit trails, submission receipts (EudraVigilance/NCAs).
- Audit reports (internal/vendor) and CAPA evidence.
- Management review minutes and policy/strategy documents.
- Evidence of availability: call/roster logs, email trails, out‑of‑office and handover notes.
9.3 Typical inspection findings and how to prevent them
Common findings: - Incomplete or out‑of‑date PSMF entries. - Lack of evidence of QPPV availability or inadequate deputy arrangements. - Insufficient oversight of outsourced activities (missing PVAs, poor KPI monitoring). - Uncontrolled SOPs, missing training records or gaps in documentation. Prevention: - Periodic PSMF review protocol, mandatory quarterly QPPV review of PSMF sections. - Simulation exercises confirming deputy readiness. - Routine vendor audits and documented follow‑up actions. - Controlled document management with required periodic review cycles.
9.4 Inspection conduct: QPPV role during an inspection
- The QPPV should act as the single point of contact for inspectors on system‑level questions and be available to explain governance, oversight, decisions and risk tolerances. The QPPV need not be the subject-matter expert for every technical detail but must be able to present the system and evidence of its performance (EMA GVP Module I).
Chapter 10 — Quality Assurance, Metrics and Continuous Improvement
10.1 Quality system elements for PV
- Well‑defined QMS including SOPs, periodic management review, change control, records management, audits (internal and vendor) and CAPA systems. Integration with corporate quality systems is essential (EMA GVP Module I).
10.2 Metrics and KPIs that matter to inspectors
- Timeliness measures: ICSR receipt to database entry; time-to‑first assessment; submission to authorities.
- Quality measures: case quality scores, error rates, reconciliation rates between sources.
- Oversight measures: number of vendor deviations, audit findings closed on time, CAPA effectiveness.
- Governance measures: number of PV issues escalated to senior management; training completion rates.
10.3 Management review and escalation
- Regular management review meetings with PV agenda, KPI trend analysis, summary of audit findings, resource needs and decisions. Minutes should show action items, owners and due dates.
Appendix A — Delegation Oversight Procedure: Step-by-Step (Template Summary)
- Initiation
- Define activity to delegate and perform risk assessment.
- Identify required vendor capabilities and regulatory requirements.
- Selection & Qualification
- Issue questionnaire, review validation evidence, perform pre‑contract audit if high risk.
- Contracting
- Execute PVA containing detailed responsibilities, KPIs, audit rights and change control.
- Operationalisation
- Agree SOP references, interfaces, data transfer formats and system access.
- Conduct joint onboarding and training.
- Performance Monitoring
- Receive monthly KPI reports, perform quarterly governance reviews.
- Hold escalation calls for KPI deviations.
- Audit & Reassessment
- Conduct annual audits (risk‑based); more frequent where critical.
- Requalify vendor after material changes.
- Termination/Transfer
- Formal handover plan; ensure data integrity and backlog closure.
- Closeout audit and knowledge transfer.
Appendix B — Representative Documents and Evidence List
- PSMF (current version).
- QPPV appointment documentation (letter, contract, CV).
- Delegation log and delegation of authority matrix.
- PVAs and subcontractor lists.
- SOPs for ICSR handling, expedited reporting, signal management, literature screening, vendor oversight and change control.
- Safety database validation reports and access logs.
- KPI dashboards and trend analyses.
- Audit reports (internal, vendor) and CAPA status.
- Training matrix and records for PV staff and deputies.
- Management review minutes and escalation records.
- Examples of urgent safety communications, submissions and regulatory correspondence.
- Evidence of business continuity and disaster recovery plans covering PV functions.
Key Regulatory References (inline)
- Directive 2001/83/EC — community code relating to medicinal products for human use (requirement for MAHs to have pharmacovigilance systems and an accountable person) (Directive 2001/83/EC).
- Regulation (EC) No 726/2004 — centralised authorisation procedure and provisions for PV oversight (Regulation (EC) No 726/2004).
- EMA Good Pharmacovigilance Practices (GVP) — Modules I (Pharmacovigilance system and its quality system) and II (Pharmacovigilance System Master File) contain detailed guidance on QPPV responsibilities, PSMF content and PV system expectations (EMA GVP Modules I & II).
Final remarks (inspection relevance)
This chaptered reference is intended to support QPPVs, MAHs and PV governance bodies to implement inspection-ready pharmacovigilance systems. Inspectors will evaluate not only presence of documents but demonstrable operation: traceability, timely execution, effective oversight of delegated functions, evidence of continuous availability and a functioning quality system. Maintain the PSMF as a live, indexed repository linking governance to operational artefacts; ensure delegation is controlled contractually and operationally; and ensure the QPPV has the authority and evidence to demonstrate oversight at inspection.
Last reviewed: June 2026