Governance provides the framework through which pharmacovigilance risks, decisions and compliance activities are managed. Robust governance converts legal and regulatory requirements into repeatable organisational behaviours, evidence trails and timely decisions that protect patients and meet inspector expectations.
Table of contents
- Why Governance Matters
- Regulatory Context and Inspection Relevance
- Typical Governance Components
- QPPV Oversight
- Governance attributes the QPPV must demonstrate
- Practical implementation of QPPV oversight
- Decision Authority Matrix
- Checklists for Inspection-Readiness and Operational Use
- QPPV Oversight Checklist
- Inspection Ready Pack Checklist
- Vendor Oversight Checklist
- CAPA & RCA Checklist
- Meeting & Decision Management Checklist
- Oversight of Affiliates, Local Representatives and Outsourced Partners
- KPIs, Metrics and Management Reporting
- Governance and Decision-Making — Committees, Independence and Conflicts
- Governance for Compliance Failures and CAPA
- Training, Competency and Succession
- Practical Tools, Templates and Records Management
- Conclusion
- Related Guides
Why Governance Matters
Effective governance supports accountability, escalation, decision-making and compliance oversight. It clarifies who may act, under what authority, and what evidence must exist to demonstrate actions were taken. For pharmacovigilance (PV) this directly affects patient safety, product availability and the organisation's regulatory standing.
Regulatory Context and Inspection Relevance
Regulatory authorities set explicit expectations for PV governance:
- European Union: Regulation (EU) No 1235/2010, Directive 2010/84/EU and EMA Good Pharmacovigilance Practices (GVP), notably Module I, prescribe the QPPV role, PSMF content, and governance arrangements.
- United Kingdom: MHRA guidance maintains comparable expectations for a UK‑nominated responsible person post‑Brexit.
- United States: FDA relies on sponsor responsibility frameworks for safety surveillance and may inspect PV processes, focusing on data integrity and adverse event reporting systems.
- Other jurisdictions: Local laws may require a resident safety responsible person, local reporting pathways or specific timelines.
Inspection relevance: Inspectors assess whether governance is operational (not just documented). They look for real-world evidence—timely decisions, delegation logs, committee minutes with clear actions, documented escalations, audit trails, CAPA records and PSMF accuracy. Governance must show authority (e.g., QPPV can stop distribution), access to senior management, and independent review where appropriate.
Typical Governance Components
- Safety governance committees (e.g., Safety Review Board, Risk Management Committee)
- Escalation procedures and SLAs
- Compliance reporting and management dashboards
- Risk review and mitigation processes (RMP lifecycle)
- Delegation and accountability framework (delegation logs, PVAs)
- Documentation control (PSMF, SOPs, decision logs)
- Oversight of affiliates and vendors (PV agreements, audits)
QPPV Oversight
The Qualified Person for Pharmacovigilance (QPPV) occupies a central role in PV governance. QPPV oversight is the set of activities, authorities and governance arrangements by which the QPPV ensures that the company’s PV system is compliant, capable of meeting regulatory obligations and responsive to safety risks across jurisdictions.
Key QPPV responsibilities (summarised):
- Ensure a robust, resourced PV system (people, processes, IT).
- Maintain the PSMF and ensure it reflects global and local arrangements.
- Ensure timely case processing, aggregate reporting, signal detection and risk management.
- Oversee delegations and outsourced activities; ensure PV agreements and oversight.
- Serve as a regulatory contact and maintain availability arrangements.
- Report to senior management and safety governance committees; initiate escalations.
Regulatory expectation: The QPPV role is mandated in EU legislation and operationalised in EMA GVP Module I. Equivalent expectations exist in other regions; global companies must map local requirements and ensure the QPPV’s remit covers applicable markets.
Governance attributes the QPPV must demonstrate
- Authority: Formal, documented delegation to implement and enforce PV processes, including safety-related product actions (e.g., communications, distribution holds).
- Access: Direct line to senior management, regulatory affairs, clinical development, manufacturing and IT.
- Knowledge: Current technical competence in safety surveillance, regulatory requirements and company products.
- Documentation: Written delegations, SOPs, meeting minutes, decision logs and an up-to-date PSMF.
Practical implementation of QPPV oversight
Operationalising oversight requires structured tasks, schedules and artefacts. The following are concrete, implementable elements with practical notes for inspectors and auditors.
- Governance charter and terms of reference
- Publish a Pharmacovigilance Governance Charter that defines QPPV scope, authority limits, escalation pathways, reporting lines and vendor/affiliate relationships.
- Maintain ToR for safety governance committees that specify membership, quorum, voting rules and conflict-of-interest declarations.
-
Implementation detail: store charter and ToRs in the controlled document system; include version history and approval signatures.
-
Delegation and accountability framework
- Maintain a Delegation Log capturing task, delegate, contact details, effective date, review date, source document and rationale.
- Practical: integrate the delegation log with HR and contract repositories to ensure automatic alerts when contracts or personnel change.
-
Inspection relevance: inspectors expect to see delegation evidence linked to PV Agreements and evidence of oversight activities.
-
PSMF and documentation control
- Ensure PSMF completeness and rapid availability; maintain controlled index and version history.
-
Implementation detail: provide an "inspection extract" version of the PSMF that contains key sections for rapid production.
-
Oversight cadence
- Define and document meeting cadences: weekly operational calls during critical periods, monthly ops review, quarterly governance report and annual strategic review.
-
Practical: automate meeting invites, agendas and action tracking; record attendance and decisions in decision logs.
-
Meeting and decision management
- Use standardised agenda templates covering trends, overdue cases, signals, aggregate reporting, inspection readiness and CAPAs.
- Maintain decision logs that capture the rationale, participants, minority views, and follow-up actions.
-
Implementation detail: store decision logs in the QPPV’s evidence binder within the PSMF and link action items to CAPA tracking.
-
Oversight of data systems and integrity
- Validate safety databases; implement change control, role‑based access, audit trails and reconciliation procedures.
-
Practical: schedule quarterly reconciliations between clinical databases, PV databases and EHR/sales data to detect discrepancies.
-
Resourcing and competency management
- Maintain training matrices, workforce plans, and succession plans with nominated deputies and handover checklists.
-
Implementation detail: require documented QPPV deputy authorisation letters and perform periodic emergency role‑play exercises.
-
Vendor and affiliate oversight operationalisation
- Use vendor onboarding checklists, qualification assessments, periodic audits, KPI scorecards and CAPA tracking.
- Inspectors will look for evidence that vendor KPIs are reviewed and actioned, and that audits generate effective CAPAs.
Decision Authority Matrix
A Decision Authority Matrix (DAM) clarifies who may take specific PV decisions and at what level additional approvals or committee review are required. It reduces ambiguity, speeds response in urgent situations and provides inspectors a clear governance map.
| Decision / Action | QPPV (or delegate) | PV Head / Chief Safety Officer | Safety Governance Committee | Regulatory Affairs | C-suite / CEO | Legal / Compliance | Board |
|---|---|---|---|---|---|---|---|
| Routine expedited reporting under timelines (7/15/30) | Yes | Inform | No | Yes (notify) | No | No | No |
| Determination of reportability (ICSR causality) | Yes | Inform | No | No | No | No | No |
| Initiation of urgent safety communication (DHPC) | Yes (recommend) | Approve | Review within 24–72h | Coordinate | Inform | Legal review req. | No |
| Request to withdraw or restrict product | Recommend | Recommend / endorse | Required | Required | Required | Legal review req. | Inform |
| Stop distribution (safety hold) | Yes (if authority) | Required within 24h | Required for sustained hold | Required | Required | Legal review req. | Inform |
| Major label change / contraindication | No | Recommend | Required | Required | Inform | Legal review req. | No |
| RMP or major risk minimisation change | Recommend | Approve | Required | Coordinate | Inform | No | No |
| Notification of regulators for major safety signal | Yes (execution) | Inform / endorse | Review | Coordinate | Inform | No | No |
| Initiation/closure of major CAPA | Yes (input/lead) | Approve plan | Oversight/monitor | Inform | Inform | Yes (for compliance risks) | No |
| Approval of resource reallocation for PV function | No | Recommend | No | No | Approve | No | Approve large reallocation |
| Acceptance of vendor audit findings/CAPA | Yes (lead) | Approve closure | Monitor | Inform | No | No | No |
Notes: The matrix should be tailored to the organisation’s legal structure and delegated authorities. For example, if the QPPV does not have legal power to stop distribution under local law, the matrix must reflect the required escalation. All roles must be defined in the Governance Charter and tied to signatory authorities.
Inspection relevance: Inspectors will request to see the DAM, evidence it is used (committee minutes, signed approvals), and evidence of deviations from DAM being approved and documented.
Checklists for Inspection-Readiness and Operational Use
The following checklists are practical, formatted tools to operationalise governance and prepare for inspections. Use them as standard work aids; place completed checklists in the PSMF evidence binder for inspectors.
QPPV Oversight Checklist
- [ ] Current QPPV CV with contact details and deputy information available
- [ ] QPPV delegation letter(s) signed and filed
- [ ] Governance Charter and QPPV ToR present and version controlled
- [ ] Delegation Log up to date (includes vendor delegations)
- [ ] PSMF updated within last 12 months and includes organisational chart
- [ ] Evidence of QPPV access to senior management (meeting invites, emails)
- [ ] Recent safety governance committee minutes (past 12 months)
- [ ] Decision log with rationale for major decisions (last 24 months)
- [ ] Top KPIs dashboard and trend analysis for last 6 months
- [ ] Evidence of oversight of vendors (audit reports, KPI reviews, CAPAs)
- [ ] Documentation of QPPV availability arrangements (on-call roster or contract)
- [ ] Training records for QPPV and nominated deputies
Practical implementation: Maintain a one‑page executive summary of the checklist with hyperlinks to the evidence locations in the document control system.
Inspection Ready Pack Checklist
Core documents for rapid inspection response (extract pack):
- [ ] PSMF extract (index, key governance sections)
- [ ] QPPV CV and delegation letters
- [ ] Delegation Log and PV Agreement summary
- [ ] Recent safety governance committee minutes and decision log
- [ ] Top 10 PV KPIs and trending graphs
- [ ] List of ongoing major signals and their status
- [ ] Recent audits and inspection history (last 3 years)
- [ ] Open CAPA summary with owners and status
- [ ] System validation and data reconciliation evidence (recent)
- [ ] Vendor oversight summary (current vendors, audit status, KPIs)
- [ ] Emergency contact list and on-call roster
Inspection relevance: The extract pack should be producible within 3–5 business days. Maintain a “ready” folder with extracts updated monthly.
Vendor Oversight Checklist
- [ ] Vendor onboarding risk assessment completed
- [ ] Signed PV Agreement / SLA present and filed
- [ ] Delegation Log lists vendor tasks and contact points
- [ ] Vendor KPI definitions and thresholds agreed
- [ ] First-line quality check criteria defined and documented
- [ ] Audit schedule and most recent audit report available
- [ ] CAPA log for vendor findings with closure evidence
- [ ] Evidence of periodic performance review meetings (minutes, actions)
- [ ] Business continuity and data access arrangements tested
- [ ] Exit plan and data return/destruction clauses included
Implementation detail: KPIs should include a quantitative case quality score, % on-time reporting, and % of audit findings closed on time. Set escalation thresholds (e.g., >10% missed timelines triggers immediate review).
CAPA & RCA Checklist
- [ ] Incident triage completed and classification documented
- [ ] RCA method used documented (e.g., 5 Whys, Fishbone)
- [ ] Root cause statements and evidence identified
- [ ] CAPA plan with owner, milestones and verification metrics created
- [ ] Risk assessment of impact on patient safety and compliance performed
- [ ] Interim measures documented and implemented
- [ ] CAPA verification or re-audit planned and documented
- [ ] Senior management informed for high‑impact CAPAs
- [ ] Closure evidence and sustained effectiveness checks recorded
Inspection relevance: Inspectors will evaluate whether RCA was robust, whether CAPAs addressed root causes not only symptoms, and whether effectiveness verification was performed.
Meeting & Decision Management Checklist
- [ ] Agenda distributed in advance with supporting documents
- [ ] Quorum and membership recorded in minutes
- [ ] Conflicts of interest declared and recorded
- [ ] Decisions recorded with rationale, dissenting opinions and planned actions
- [ ] Action items with owners and due dates entered into CAPA or action tracker
- [ ] Minutes approved and version controlled within SOP timelines
- [ ] Link decisions to regulatory notifications where applicable
Practical tip: Use an action-tracking tool integrated with the PMS/quality system so that completion automatically updates the governance dashboard.
Oversight of Affiliates, Local Representatives and Outsourced Partners
The QPPV must maintain oversight over diverse legal entities and operational delegates internationally.
- Mapping: Maintain a live global PV responsibility map indicating the MAH per country, local responsible person, delegated tasks and escalation contacts.
- Local governance agreements: Use templated local PV agreements that clearly delineate responsibilities (spontaneous reporting, local communications, aggregate report inputs).
- Affiliate performance reporting: Require standardised monthly or quarterly reports covering case volumes, timelines, serious/unexpected events and local regulatory interactions.
- Central review: Conduct remote assessments and periodic on-site audits focused on case intake, data quality and reporting compliance.
- Escalation matrix: Define concrete thresholds for escalation (e.g., unexpected death, cluster of serious events, media attention) and timeframes for affiliate notification to central PV.
Inspection relevance: Inspectors often review affiliate records to confirm central oversight is effective. Evidence of remote monitoring and corrective actions is valuable.
KPIs, Metrics and Management Reporting
Effective oversight is evidence-based. Use a tiered reporting approach:
Operational metrics (daily/weekly dashboards) - Median time to case entry (target ≤24–48 hours depending on product risk) - % of ICSRs meeting regulatory timelines (7/15/30 day windows) - % of cases with completed causality assessment within SOP timelines
Tactical metrics (monthly) - Case quality score (audit sample accuracy %) - Vendor SLA adherence (% missed timelines) - Number of active signals and days-to-validation
Strategic metrics (quarterly/annual) - PBRER/PSUR submission readiness index - CAPA closure on-time rate (% closed within agreed timeframe) - Resource utilisation vs forecast (FTEs vs workload)
Implementation detail: Define KPI thresholds and escalation rules. For example, if on-time reporting falls below 95% for two consecutive months, trigger a root cause review and vendor corrective action.
Inspection relevance: Inspectors expect consistent use of KPIs to drive decisions and evidence that management uses these metrics to allocate resources and remediate issues.
Governance and Decision-Making — Committees, Independence and Conflicts
Effective governance bodies combine technical expertise, independence and clear authority.
- Committee design: Define purpose, membership, chair, quorum, frequency and ToR for each committee (e.g., Safety Review Board, Risk Management Committee, Crisis Response Team).
- Independence: Ensure that members with potential commercial conflicts do not have sole decision authority on safety-critical matters. Where necessary, include external experts or independent delegates.
- Conflict-of-interest management: Require declarations at each meeting; record mitigations or recusal decisions.
- Transparency: Publish committee minutes with redaction for commercially sensitive information where necessary, and maintain decision logs accessible to inspectors.
Implementation detail: For high-stakes decisions (e.g., product withdrawal), require multi-disciplinary sign‑off (PV, regulatory, legal, medical, commercial) and document the governance trail.
Inspection relevance: Inspectors will read minutes for evidence of independent scientific review and documented management of conflicts.
Governance for Compliance Failures and CAPA
When failures occur the governance response must be swift, transparent and documented.
- Triage and escalation
- Use a documented triage flowchart to classify incidents and assign escalation levels (low, medium, high).
-
Practical: include response SLAs (e.g., high-impact incidents escalate to QPPV within 4 hours).
-
Investigation and RCA
- Use structured methodologies (5 Whys, fishbone) and involve cross-functional experts.
-
Evidence: timelines, interview notes, data extracts and analysis files.
-
CAPA planning and governance
- Create time-bound CAPAs with verifiable metrics and independent verification.
-
Make CAPA progress a standing item on safety governance meeting agendas until closed.
-
Verification and closure
- Independent verification or re-audit required for major CAPAs.
- Document sustainability checks post-closure (e.g., 3–6 month follow-up).
Inspection relevance: Regulators will scrutinise the speed of response, appropriateness of remedial actions, and whether the organisation identified and mitigated systemic causes.
Training, Competency and Succession
Governance depends on personnel competence and continuity.
- Training programmes: role-specific induction for QPPV and deputies, annual PV refresher for affiliates and vendors, and targeted training after changes.
- Competency assessments: maintain competency frameworks and perform periodic evaluations (e.g., annual).
- Succession planning: document temporary coverage arrangements, signatory authority delegation, and handover checklists to ensure uninterrupted oversight.
Practical implementation: conduct annual simulation exercises (inspection drill, safety crisis tabletop) to test readiness and succession plans.
Practical Tools, Templates and Records Management
Standardised tools increase consistency and inspection-readiness.
- Templates: Delegation Log, Decision Log, Meeting Agenda/Minutes, PSMF index extract, Vendor Oversight Plan, RCA and CAPA templates.
- Digital recordkeeping: use a controlled electronic document management system with role-based access, audit trails, and retention policies aligned with regulatory requirements.
- Evidence binder: maintain an electronic inspection evidence binder (extract pack) with hyperlinks to primary records.
- Version control: apply strict versioning to SOPs, ToRs and the PSMF; record the rationale for changes.
Implementation detail: schedule quarterly housekeeping activities to ensure all governance artefacts are current and searchable.
Conclusion
Pharmacovigilance governance translates regulatory obligations into accountable organisational behaviour. The QPPV is central to this system, but governance requires clearly documented authority, decision-making matrices, robust oversight of affiliates and vendors, KPI-driven management and demonstrable evidence for inspectors. Using practical checklists, a decision authority matrix and maintained evidence packs both improves day-to-day operations and materially strengthens inspection-readiness.
Related Guides
Last reviewed: June 2026