RMP Governance and Version Control
- RMP Governance and Version Control
- Introduction
- Why Governance Matters
- Governance Objectives
- RMP Ownership
- Global and Local Ownership Models
- Governance Committees
- Relationship to Signal Management
- Relationship to Product Information
- Version Control Principles
- Version Numbering
- Change Histories
- Trigger-Based Change Management
- Core RMP and Derived Documents
- Global-to-Local Change Control
- Regulatory Commitment Tracking
- Document Repositories
- Inspection Focus Areas
- Common Governance Failures
- Role of the QPPV
- Characteristics of Mature Governance Systems
- Key Takeaways
- References
Introduction
Risk Management Plans are among the most complex pharmacovigilance documents maintained throughout the lifecycle of a medicinal product. Unlike many regulatory documents, RMPs evolve continuously as new safety information becomes available and as regulatory obligations change.
A single product may have multiple related risk management documents across different jurisdictions and regulatory procedures. Updates may be triggered by signal assessments, study results, product information changes, new indications or regulatory requests.
Effective governance and version control are therefore essential. Without them, organisations may struggle to maintain consistency, implement changes appropriately or demonstrate regulatory compliance.
Why Governance Matters
Governance provides the framework through which RMP decisions are reviewed, approved and implemented.
The objective is to ensure that:
- Safety concerns remain justified
- Updates are scientifically supported
- Regulatory commitments are tracked
- Global and local documents remain aligned
- Responsibilities are clearly defined
Governance is particularly important because RMP decisions frequently affect pharmacovigilance activities, risk minimisation measures and benefit-risk evaluation.
Governance Objectives
A mature governance framework should support:
- Scientific consistency
- Regulatory compliance
- Document integrity
- Change control
- Accountability
- Inspection readiness
The goal is not administrative control for its own sake. The goal is to ensure that risk management activities remain accurate, current and defensible.
RMP Ownership
Ownership should be defined clearly.
Different organisations allocate responsibilities differently, but ownership commonly involves collaboration between:
- Pharmacovigilance
- Risk management functions
- Regulatory affairs
- Safety physicians
- QPPVs
The governance framework should identify:
- Document owner
- Scientific approver
- Regulatory approver
- Local implementation owners
Ambiguity regarding ownership is a common source of lifecycle management problems.
Global and Local Ownership Models
Large multinational organisations frequently operate multiple ownership layers.
For example:
Global Core RMP Owner
↓
Regional RMP Leads
↓
Local Affiliates
This structure allows global consistency while supporting local regulatory obligations.
However, effective communication between levels is essential.
Governance Committees
Many organisations review significant RMP changes through governance committees.
Examples include:
- Safety Management Teams
- Product Safety Committees
- Benefit-Risk Committees
- Risk Management Committees
Committee review may be appropriate when changes involve:
- New safety concerns
- Removal of safety concerns
- New studies
- Additional risk minimisation measures
- Significant regulatory commitments
Committee oversight provides documentation and accountability for important decisions.
Relationship to Signal Management
Signal management and RMP governance are closely connected.
Signal outcomes may result in:
- Addition of Important Identified Risks
- Addition of Important Potential Risks
- Removal of safety concerns
- New pharmacovigilance activities
- New risk minimisation measures
Governance frameworks should ensure that signal management outputs are evaluated systematically for potential RMP impact.
A frequent inspection question is:
How are significant signal outcomes evaluated for RMP updates?
Organisations should be able to demonstrate a clear process.
Relationship to Product Information
Changes to product information may affect the RMP.
Examples include:
- New warnings
- New contraindications
- New adverse reactions
- Changes to monitoring recommendations
Governance processes should assess whether product information changes require corresponding updates to:
- Safety concerns
- Pharmacovigilance activities
- Risk minimisation measures
Consistency between these documents is important.
Version Control Principles
Version control ensures that organisations can identify:
- Current versions
- Historical versions
- Change histories
- Approval status
- Submission status
Without robust version control, inconsistencies may develop across jurisdictions and product teams.
Version control is therefore a core component of RMP governance.
Version Numbering
Version numbering practices vary.
Common approaches include:
Version 1.0
Version 1.1
Version 2.0
Version 3.0
Major versions often reflect substantial updates.
Minor versions may reflect administrative or limited content changes.
The specific approach is less important than consistency and traceability.
Change Histories
Each update should be supported by a documented change history.
Typical change logs may include:
- Description of changes
- Reason for update
- Date of implementation
- Approval information
Change histories support transparency and facilitate inspection review.
Inspectors frequently examine update rationale.
Trigger-Based Change Management
Many organisations operate trigger-based update systems.
Common triggers include:
Signal Assessments
New evidence affecting safety concerns.
PASS Results
Completion of post-authorisation studies.
Regulatory Requests
Health authority requirements.
New Indications
Expansion of product use.
Product Information Changes
Safety-related labelling updates.
Trigger-based approaches help ensure consistent evaluation of update requirements.
Core RMP and Derived Documents
Many companies maintain a hierarchy of risk management documents.
For example:
Global Core RMP
↓
EU-RMP
↓
Country Annexes
or
Reference RMP
↓
Local Adaptations
Governance processes should define:
- Which document is authoritative
- How updates are propagated
- How conflicts are resolved
Failure to define document hierarchy frequently results in inconsistencies.
Global-to-Local Change Control
When changes occur within the core document, local impacts should be evaluated systematically.
Examples include:
- New safety concerns
- New educational materials
- New commitments
- Changes to risk minimisation measures
The organisation should be able to demonstrate:
- Impact assessment
- Local implementation decisions
- Completion of updates
This process is particularly important for products marketed in multiple jurisdictions.
Regulatory Commitment Tracking
Many RMPs contain commitments.
Examples include:
- PASS studies
- Registry activities
- Educational programmes
- Effectiveness evaluations
Governance frameworks should ensure that commitments are:
- Assigned
- Tracked
- Reviewed
- Completed
Open commitments should remain visible within governance processes.
Document Repositories
RMPs should be maintained within controlled document management systems.
Systems should support:
- Access control
- Version control
- Audit trails
- Archiving
- Retrieval
Inspectors may review how organisations manage controlled copies of RMPs.
Inspection Focus Areas
Inspectors commonly review:
- Ownership arrangements
- Version histories
- Change control records
- Governance decisions
- Regulatory commitments
- Consistency between documents
The objective is to determine whether RMPs are maintained systematically and remain aligned with current product knowledge.
Common Governance Failures
Several recurring issues are observed.
Unclear Ownership
Personnel cannot identify who is responsible for updates.
Weak Change Control
Updates occur without documented rationale.
Inconsistent Documents
Different jurisdictions contain conflicting information.
Poor Commitment Tracking
Studies and actions are not monitored effectively.
Delayed Updates
Important safety information is not incorporated promptly.
Weak Governance Documentation
Approval decisions cannot be reconstructed.
These deficiencies may lead to inspection findings.
Role of the QPPV
The QPPV should maintain visibility of significant risk management activities.
This includes awareness of:
- Major RMP updates
- Important safety concerns
- Additional pharmacovigilance activities
- Additional risk minimisation measures
- Significant regulatory commitments
The QPPV is not necessarily the author of the RMP, but inspectors often expect the QPPV to understand how important risk management decisions are governed and implemented.
Characteristics of Mature Governance Systems
Mature RMP governance systems generally demonstrate:
- Clear ownership
- Structured review processes
- Effective change control
- Robust version management
- Consistent global-to-local implementation
- Strong commitment tracking
- Appropriate QPPV visibility
The objective is to maintain an accurate and scientifically justified risk management strategy throughout the product lifecycle.
Key Takeaways
RMP governance ensures that risk management decisions are reviewed, approved and implemented consistently.
Version control and change management are essential because RMPs evolve continuously throughout the product lifecycle.
Signal assessments, study results, regulatory actions and product information changes frequently trigger updates.
Global and local document management requires strong governance and clearly defined ownership.
Inspectors commonly review governance arrangements, change histories and commitment tracking when assessing RMP compliance.
References
- EMA Good Pharmacovigilance Practices (GVP) Module V – Risk Management Systems.
- EMA Risk Management Plan Template.
- Commission Implementing Regulation (EU) No 520/2012.
- Regulation (EC) No 726/2004.
- Directive 2001/83/EC.
- ICH E2E Pharmacovigilance Planning.
- EMA Guidance on Risk Management Systems.
- CIOMS IX Practical Approaches to Risk Minimisation.