EudraVigilance Registration and Access Management
- EudraVigilance Registration and Access Management
- Introduction
- Why Registration Matters
- Organisational Registration
- User Registration
- Role-Based Access
- Training Requirements
- Access Lifecycle Management
- Periodic Access Reviews
- Segregation of Duties
- Access Governance and Data Integrity
- Relationship with EVDAS
- Relationship with Reporting Activities
- QPPV Oversight
- Inspection Perspective
- Common Inspection Findings
- Practical Considerations
- Key Takeaways
- References
Introduction
Access to EudraVigilance is controlled by the European Medicines Agency (EMA).
Before organisations can submit reports, download data, access EVDAS outputs or perform other authorised activities, both the organisation and its users must complete the appropriate registration and training requirements.
Although registration is often viewed as an administrative task, access governance forms an important component of pharmacovigilance compliance.
Poor control of user access can create operational, compliance, security and inspection risks.
For QPPVs, understanding how access is governed is important because EudraVigilance access directly supports reporting compliance, signal management and safety surveillance activities.
Why Registration Matters
EudraVigilance contains sensitive regulatory information.
Access must therefore be controlled to ensure:
- Appropriate use
- Data integrity
- User accountability
- Security
- Regulatory compliance
The registration process helps ensure that only authorised individuals gain access to the system.
Organisational Registration
Before users can access EudraVigilance, an organisation must be registered.
The registration process establishes:
- Organisation identity
- Regulatory role
- Authorised contacts
- Administrative responsibilities
Examples of organisations requiring registration may include:
- Marketing Authorisation Holders
- Sponsors
- National Competent Authorities
- Pharmacovigilance service providers
- Regulatory partners
Registration requirements may vary depending on organisational role and intended use of the system.
User Registration
Individual users must also be registered.
Registration generally requires:
- User identification
- Contact information
- Role assignment
- Training completion
- Approval workflows
User accounts should never be shared between individuals.
Access should always be attributable to a specific user.
Role-Based Access
EudraVigilance access is role-based.
Different users may receive different permissions depending on their responsibilities.
Examples may include:
- Reporting users
- EVDAS users
- Administrators
- Compliance users
- Signal management users
Role-based access helps ensure that users receive only the permissions required to perform their duties.
Training Requirements
Training forms an important component of EudraVigilance access management.
Before obtaining access, users may be required to complete applicable EMA training programmes.
Training helps ensure that users understand:
- System functionality
- Regulatory expectations
- Reporting processes
- Data handling responsibilities
Organisations should maintain evidence of training completion where appropriate.
Access Lifecycle Management
Access governance should extend beyond initial registration.
Effective lifecycle management includes:
- User onboarding
- Role changes
- Periodic review
- Suspension where necessary
- User deactivation
Access controls should reflect organisational changes as they occur.
Periodic Access Reviews
Periodic review of user access is considered good governance practice.
Reviews may assess:
- Active users
- Assigned permissions
- Role appropriateness
- Training status
- Dormant accounts
Periodic review helps identify access that is no longer required.
Segregation of Duties
Organisations should consider whether access assignments create inappropriate concentrations of responsibility.
Examples may include situations where a single user can:
- Create reports
- Approve reports
- Modify records
- Perform oversight activities
Appropriate segregation of duties may help reduce compliance risks.
Access Governance and Data Integrity
Access controls contribute directly to data integrity.
Poorly controlled access may increase the risk of:
- Unauthorised changes
- Inappropriate data access
- Operational errors
- Security incidents
Governance controls help maintain confidence in system data.
Relationship with EVDAS
Access governance also affects EVDAS activities.
Users performing signal detection activities require appropriate access to analytical outputs.
Organisations should understand:
- Who has EVDAS access
- Why access is required
- How access is reviewed
For more information see:
[[evdas-and-signal-detection]]
Relationship with Reporting Activities
Reporting users require access appropriate to their responsibilities.
This may include:
- EVWEB access
- Reporting permissions
- Acknowledgement review activities
Access should align with operational responsibilities.
For additional information see:
[[eudravigilance-reporting]]
QPPV Oversight
The QPPV is not usually responsible for creating user accounts.
However, regulators generally expect the QPPV to understand:
- How access is governed
- How users are trained
- How reviews are performed
- How significant issues are escalated
The QPPV should have confidence that access controls support pharmacovigilance compliance.
Inspection Perspective
Inspectors may review access governance during pharmacovigilance inspections.
Review activities may include:
- User listings
- Access procedures
- Training records
- Access reviews
- Governance documentation
Inspectors often seek evidence demonstrating that access is appropriately controlled and periodically reviewed.
Common Inspection Findings
Observed deficiencies may include:
- Inactive users retaining access
- Missing access reviews
- Inadequate documentation
- Unclear responsibilities
- Training deficiencies
- Weak governance controls
Many findings arise because access management is viewed as an IT activity rather than a pharmacovigilance governance activity.
Practical Considerations
Effective access governance commonly includes:
- Defined ownership
- Access request procedures
- Training requirements
- Periodic reviews
- User lifecycle management
- Compliance monitoring
These controls help maintain security, accountability and regulatory compliance.
Key Takeaways
- EudraVigilance access is controlled through registration and role-based permissions.
- User accounts should be individually assigned and appropriately governed.
- Training requirements support competent system use.
- Periodic access reviews help reduce compliance risks.
- Access governance contributes directly to data integrity.
- QPPVs are expected to understand how access is controlled within the pharmacovigilance system.
- Access governance may be reviewed during inspections.
References
- EMA EudraVigilance Registration Manual.
- EMA EudraVigilance Training Materials.
- Regulation (EC) No 726/2004.
- Directive 2001/83/EC.
- Commission Implementing Regulation (EU) No 520/2012.
- GVP Module I – Pharmacovigilance Systems and Their Quality Systems.
- EMA EudraVigilance Documentation.