Table of Contents
- Overview
- Purpose of a Pharmacovigilance Inspection
- Regulatory Context and Key Guidance
- The Role of the QPPV in Inspections
- Inspection Triggers and Typical Scope
- Common Areas Reviewed by Inspectors
- PSMF: Purpose and Detailed Contents Table
- Continuous Inspection Readiness: Governance and Practical Implementation
- Inspection Readiness Checklist (Inspection‑Ready Controls)
- Step‑by‑Step Inspection Process with Timelines and Example Findings
- Mock Inspections, CAPA and Vendor Oversight — Practical Details
- Inspection Reporting, Follow‑up and Closure
- Annex A: Example Inspection Findings and How They Are Categorised
- Annex B: Templates and Document References (select)
- Last reviewed
Overview
A pharmacovigilance inspection is a regulatory assessment performed to evaluate whether a marketing authorisation holder (MAH) maintains and operates an effective, compliant pharmacovigilance system. Inspections review governance, processes, records and performance metrics to ensure patient safety is protected, legal obligations are met and corrective actions follow from identified weaknesses.
Purpose of a Pharmacovigilance Inspection
Regulatory authorities conduct inspections to:
- Verify compliance with applicable legislation (e.g., Directive 2001/83/EC, Regulation (EC) No 726/2004) and regulatory guidance.
- Confirm that pharmacovigilance system master file (PSMF) and supporting documentation accurately reflect operations.
- Assess whether the QPPV and the pharmacovigilance function have adequate oversight, authority and resources to perform required activities.
- Evaluate implementation of key processes: case intake, case processing, expedited reporting, signal detection, risk management and product safety communication.
- Ensure that vendors and outsourced partners operate under appropriate oversight and documented agreements.
- Confirm that corrective and preventive actions (CAPA) adequately address root causes and prevent recurrence.
Regulatory Context and Key Guidance
Pharmacovigilance inspections and expectations derive from statutory obligations and regulatory guidance. Inspectors will reference these documents during assessment and will expect MAHs to have implemented the principles therein:
- European legislation: Directive 2001/83/EC (medicinal products for human use) and Regulation (EC) No 726/2004 (centralised authorisation).
- EMA Good Pharmacovigilance Practices (GVP) — particularly:
- GVP Module I: Pharmacovigilance systems and their quality systems (including PSMF content and maintenance).
- GVP Module V: Risk management systems (signal detection and RMP implementation).
- Other GVP modules as applicable (e.g., signal management, PSURs, periodic safety updates).
- ICH guidance: ICH E2B(R3) for safety data exchange standards and ICH E2D on post-approval safety data management.
- National inspection guidelines: e.g., MHRA Good Pharmacovigilance Practice and inspection guidance, FDA postmarketing safety guidance where inspections are cross‑referenced.
- Internal regulatory expectations: MAH-specific commitments, variations and legally binding risk management plan obligations.
Inspectors will expect MAHs to map internal processes to these documents and be able to show evidence of implementation and oversight.
The Role of the QPPV in Inspections
The Qualified Person Responsible for Pharmacovigilance (QPPV) holds a central role in the pharmacovigilance system. Inspectors typically assess:
- Appointment and legal responsibilities: QPPV nominated per applicable legislation and documented in the PSMF and regulatory dossiers.
- Oversight mechanisms: How the QPPV receives performance indicators, periodic reports, signal and safety intelligence, and safety-related regulatory communications.
- Authority and escalation: Evidence QPPV can effect change, halt distribution if needed and escalate to senior management.
- Delegations and resource adequacy: How responsibilities are delegated (if applicable) and how the QPPV ensures competence, training and independence.
- Interaction with governance: Participation in safety governance bodies, e.g., safety risk management committee, cross-functional review boards, and reporting lines into executive management.
Inspectors will often interview the QPPV to confirm understanding of the system, oversight of outsourced activities, key risks and recent significant safety actions.
Inspection Triggers and Typical Scope
Inspections can be routine, for cause or triggered by specific events:
- Routine (scheduled) inspections of MAHs or third-party providers.
- For-cause inspections prompted by safety concerns, product withdrawals, serious under‑reporting, repeat non‑compliance or major deviations from commitments.
- Triggered by organisational changes: acquisition, outsourcing, new marketing authorisations or mergers.
- Following previous inspection findings where corrective effectiveness needs verification.
Scope commonly includes the QPPV function, PSMF, case handling, signal management, risk management plans, CAPA, training, quality assurance, vendor oversight and computerised system validation.
Common Areas Reviewed by Inspectors
Inspectors evaluate both structures and operations. Typical areas:
- PSMF accuracy and accessibility
- QPPV appointment, responsibilities and oversight
- Case intake and triage processes, including sources of reports
- Individual case safety report (ICSR) processing and quality assurance
- Expedited reporting (timeliness and content)
- Aggregate reporting: PSURs/PBRERs and compliance with reporting schedules
- Signal detection, assessment and follow-up
- Risk management plan (RMP) implementation and effectiveness evaluation
- Clinical trial safety collection (if applicable)
- Computerised systems: validation, access control, audit trails
- Vendor management and oversight (service level agreements, oversight evidence)
- Training records, SOPs and change control
- CAPA processes and management review
- Key performance indicators (KPIs) and quality metrics
PSMF: Purpose and Detailed Contents Table
The Pharmacovigilance System Master File (PSMF) is the primary instrument inspectors use to understand and navigate a MAH’s pharmacovigilance system. It must be accurate, readily available and kept up to date (GVP Module I). Below is a practical contents table to ensure inspection readiness.
PSMF Contents Table (recommended structure and key contents)
-
- Cover page and revision control
- Product portfolio summary snapshot
- PSMF holder details and contact information
- Location(s) of the PSMF (physical and electronic)
-
Date of last update and next planned review
-
- Executive summary and system overview
- High-level description of the pharmacovigilance system
- Legal basis and authorisation details for each product
-
PSMF applicability (scope and exclusions)
-
- Organisational structure and responsibilities
- Organogram (pharmacovigilance and related functions)
- QPPV appointment and CV, authorised deputies
- Delegation of tasks and responsibility matrix (RACI)
-
Escalation routes to senior management
-
- Resources and facilities
- Locations where pharmacovigilance activities are performed
- Staffing levels and competency/qualification summaries
-
Outsourced functions and contact details for service providers
-
- Pharmacovigilance processes and systems
- Case management (intake to reconciliation, SOPs)
- Signal detection and management procedures
- Aggregate reporting and PSUR/PBRER processes
- Risk management plan implementation and follow-up
-
Risk minimisation measures and effectiveness evaluation
-
- Computerised systems and IT infrastructure
- List of systems used (safety database, literature review tools, analytics)
- Validation status and reference to CSV documentation
- Access control and audit trail policies
-
Interfaces between systems and data flow diagrams
-
- Quality system and procedures
- Overview of the pharmacovigilance quality system (GVP Module I)
- Document control processes, SOP list and distribution
- Training and competence management
-
Internal audit and management review schedules
-
- Contracts and agreements
- Copies or listings of critical vendor contracts (PV service providers, clinical safety vendors)
-
MAH responsibilities and vendor oversight processes (KPIs, audit evidence)
-
- Safety communication and regulatory reporting
- Processes for signal communication, DSUR/PSUR/PBRER submission
- Periodic report calendar and responsible persons
-
Safety-related labeling change processes and track record
-
- Product information (portfolio details)
- Product list with MA numbers, authorised countries, and authorised indications
-
Status of RMPs and major safety actions
-
- Findings, CAPA and continuous improvement
- Summary of recent inspections and audits with status of CAPAs
-
Key performance metrics and trending analyses
-
- Appendices
- Sample SOPs and forms
- Contact list of key personnel and vendors
- Recent management review minutes
- Relevant regulatory communications and commitments
Inspection relevance: Inspectors expect the PSMF to be navigable and supported by evidence. Cross-reference documents should be easy to retrieve and current. The PSMF should allow an inspector to rapidly identify the QPPV, delegated responsible people, where activities take place and how oversight is performed.
Continuous Inspection Readiness: Governance and Practical Implementation
Inspection readiness is a governance responsibility, not a one-off exercise. Practical elements include:
Governance framework
- Defined governance body: establish a pharmacovigilance steering committee or safety governance board chaired by a senior executive with defined terms of reference and regular meetings.
- Reporting cadence: QPPV provides regular status reports (e.g., monthly safety KPIs, quarterly risk reviews) to senior management.
- Documented responsibilities and delegations: up-to-date delegations of authority and RACI matrices.
- Management review: scheduled PV system reviews (at least annually) to ensure the quality system remains fit-for-purpose.
Operational controls
- PSMF maintenance plan: assign owner, schedule routine reviews (e.g., quarterly for high-change portfolios).
- SOP lifecycle management: documented SOP review cycles, version control and training completion records.
- Training and competence: structured onboarding and continuous professional development plans for PV staff.
- Vendor oversight programme: vendor risk profiling, SLA/KPI monitoring, periodic vendor audits and documented oversight evidence.
- Data integrity and system validation: CSV documentation for safety database and any critical systems; monitoring and incident management procedures.
- CAPA oversight: root cause analysis approach (e.g., 5‑why or fishbone), CAPA timelines, verification of closure effectiveness.
Inspection relevance: Inspectors will evaluate governance to determine whether senior management supports PV activities and whether the QPPV has the necessary authority and resources. Weak governance commonly leads to findings.
Inspection Readiness Checklist (Inspection‑Ready Controls)
Use this checklist to assess readiness immediately prior to and during inspection notification:
Administrative and access - PSMF is current, signed, and easily accessible to inspectors (electronic/physical copy). - Contact list for QPPV and key PV personnel is up to date. - Organogram and responsibilities (RACI) are current and match actual operations.
Documentation and procedures - All critical SOPs are controlled, with clear revision history and distribution records. - SOPs that map to inspection focus areas: case management, expedited reporting, signal management, vendor oversight, CAPA, computer system validation. - Recent management review minutes and audit reports available.
Case processing - Sample ICSRs representative of current operations (timeliness, completeness, causality, seriousness coding). - Case management metrics (timeliness, processing backlog, percent reconciled with safety database). - Evidence of literature monitoring and screening.
Signal and risk management - Signal detection outputs: signal log, assessment reports, follow-up actions and timelines. - RMP documents and evidence of implementation (risk minimisation measures).
Computerised systems - List of validated systems with summary of validation/CSV documents. - Access control lists and evidence of segregation of duties. - Backup and recovery logs, change control records for critical systems.
Vendor management - Contracts and SLA/KPI evidence for major vendors. - Vendor audit reports and oversight meeting minutes.
Training and CAPA - Training matrix covering PV staff with completion certificates. - CAPA register with status, root cause analyses and verification evidence.
Quality metrics and reporting - Key performance indicators, trend reports and any action plans. - Aggregate reports schedule and submission evidence.
Mock inspection evidence - Records of prior mock inspections, actions taken and lessons learned.
Inspection logistics - Dedicated interview rooms and schedules for QPPV and relevant staff. - Document retrieval process and a document custodian to manage inspector requests.
Step‑by‑Step Inspection Process with Timelines and Example Findings
Below is a practical, inspection‑ready process for handling a pharmacovigilance inspection from notification through closure. Timelines are indicative and reflect typical regulator practice; organisations should tailor to local inspection windows and regulator expectations.
Phase 0 — Continuous readiness (ongoing) - Maintain PSMF, SOPs, training, CAPA, vendor oversight and KPIs continuously. - Conduct internal audits and mock inspections at least annually; corrective actions tracked. - Timeline: continuous.
Phase 1 — Notification and initial response (Day 0 to Day 2) - Day 0: Receive inspection notification (oral/written). Verify scope, dates, inspectors and legal basis. - Day 0–1: Log notification in inspection tracker. Inform senior management and QPPV. - Day 1–2: Confirm attendance, propose logistical arrangements (rooms, access, IT), and request inspector agenda. - Deliverable: Acknowledgement to inspector with PSMF access arrangements and proposed interview schedule.
Phase 2 — Pre-inspection preparation (Day 2 to Day 7) - Day 2–4: Convene inspection management team: QPPV (or delegate), inspection lead, document custodian, legal, IT, vendor reps. - Day 3–6: Compile inspection pack: current PSMF, selected SOPs, organisational charts, CVs, recent audit reports, CAPA register, recent safety reports and sample ICSRs (both expedited and non‑expedited). - Day 6–7: Prepare staff interviews and briefings (QPPV, case processors, signal managers, vendor contacts). Conduct last-minute mock interviews. - Deliverable: Ready inspection binder (electronic and/or physical), interview list and document repository.
Phase 3 — Onsite/remote inspection execution (Typically Day 1–5 of inspection) - Day 1 morning: Opening meeting — MAH presents PSMF overview, organogram, QPPV role and scope of activities. - Day 1–3: Inspector interviews and document review. Typical interview subjects: QPPV, case processing team, signal management, IT/systems owner, vendor oversight lead, QA lead. - Day 2–4: Data/document requests generated; document custodian responds and updates tracker. - Day 3–5: Site walkthroughs or system demonstrations (safety database reconciliation, search queries, validation evidence). - Deliverable: Daily brief to senior management summarising progress and urgent issues.
Phase 4 — Close of inspection (Last day of inspection) - Inspector provides preliminary observations and may indicate potential findings. - MAH representatives confirm corrective actions proposed for any minor/administrative concerns. - Deliverable: Closing meeting minutes and confirmation of post-inspection deliverables (requested documentation, CAPA proposals).
Phase 5 — Post-inspection corrective actions and response (Day 1 to Day 60+) - Day 1–7 post-inspection: MAH drafts formal response (position statement) and CAPA plan with timelines and responsible owners. - Day 7–30: Finalise CAPA and commence implementation; schedule additional audits or system changes as required. - Day 30–60: Submit formal written response to inspector/regulator as required by inspector’s timelines. - Ongoing: Implement CAPA, track progress and prepare evidence for verification. Some CAPAs require long-term verification (e.g., system validation), which may be revisited at follow-up inspection. - Deliverable: Formal regulatory response and implementation evidence.
Phase 6 — Closure and verification (Varies) - Regulator reviews response. They may close the case, request more information, or schedule a follow-up inspection. - Timeline depends on regulatory process and severity of findings; closure may take weeks to months.
Example inspection findings and timelines for remediation
- Example finding: "PSMF out of date — organisation chart does not reflect current outsourced providers."
- Severity: Minor to major depending on impact.
- Typical MAH action: Update PSMF within 7–14 days; implement PSMF review schedule and assign owner.
-
Evidence for closure: Updated PSMF and governance minutes.
-
Example finding: "Delayed expedited reporting — sample ICSRs show late submission beyond the 15-day window."
- Severity: Major (patient safety implication).
- MAH action: Root cause analysis within 7 days, immediate containment (triage of backlog), process improvement plan (re-training, system fixes) within 30 days.
-
Evidence for closure: Corrective action implementation, monitoring KPIs demonstrating sustained timeliness over 3 months; may require regulatory follow-up.
-
Example finding: "Insufficient system validation documentation for safety database interfaces."
- Severity: Major.
- MAH action: Complete CSV gap assessment within 14 days and develop validation remediation plan with timelines (often 30–90 days depending on complexity).
-
Evidence for closure: CSV deliverables, test scripts, executed test results and change control records.
-
Example finding: "Inadequate vendor oversight — no recent vendor audit or KPI monitoring records."
- Severity: Varies.
- MAH action: Conduct vendor risk assessment within 14 days, schedule audit within 30–90 days, implement interim oversight KPIs.
- Evidence for closure: Audit reports, corrective action records and minutes of oversight meetings.
These examples illustrate expected MAH timelines and the type of evidence inspectors require. Severity grading and closure expectations vary by regulator.
Mock Inspections, CAPA and Vendor Oversight — Practical Details
Mock inspections
- Frequency: At least annually; more frequently during organisational change or after regulatory findings.
- Scope: Full system walk-through, focused deep dives (case processing, signal management) and role-based interview practice for QPPV and deputies.
- Execution: Independent internal audit or third-party specialist conducts the mock inspection using regulatory checklists (e.g., GVP Module I mapping).
- Outputs: Mock inspection report with prioritised findings, CAPA register and follow-up verification schedule.
CAPA management
- CAPA lifecycle: identification → root cause analysis (RCA) → corrective/preventive action → implementation → effectiveness verification → closure.
- RCA methodology: use structured approaches (5 why, fishbone, fault tree analysis) and document the rationale for chosen CAPAs.
- Timelines and prioritisation: classify CAPAs by risk to patient safety and regulatory compliance; high‑risk CAPAs require short timelines and executive oversight.
- Effectiveness metrics: define measurable outcomes (e.g., % of ICSRs processed within 15 days) and monitor trends post-implementation.
Vendor oversight
- Risk-based supplier segmentation: classify vendors by criticality (e.g., safety database vendor = critical; translation service = medium).
- Contractual controls: ensure contract includes obligations for regulatory inspections, access for auditors and data integrity provisions.
- Oversight activities: regular KPI reporting, periodic audits, formal governance meetings and evidenced follow-up of vendor findings.
- Inspection relevance: inspectors will request vendor contracts, recent vendor audits and records of oversight actions. Ensure these are included in PSMF appendices or accessible via clear cross-reference.
Inspection Reporting, Follow‑up and Closure
- Formal response: Rapidly prepare an accurate, balanced and evidence-based response. Provide CAPA plans with realistic timelines and clear ownership.
- Communication: Keep transparent internal communication channels open; senior management should be briefed and, where necessary, regulatory/legal counsel included.
- Tracking and documentation: Use an inspection/CAPA tracker with status, target completion dates and links to evidence. Maintain an audit trail of correspondence with inspectors.
- Closure evidence: Organise closure packages by finding — include evidence demonstrating root cause analysis, implemented CAPA and effectiveness verification. Be prepared to host a follow-up inspection if requested.
Annex A: Example Inspection Findings and How They Are Categorised
Inspectors generally classify findings into categories, for example:
- Critical: Systemic failure that places public health at immediate risk (rare).
- Major: Significant non‑compliance with legal requirements or practices that could affect patient safety or completeness/timeliness of reporting.
- Minor: Procedural or documentation shortcomings that do not immediately impact safety but require correction.
Example findings mapped to categories:
- Critical: Falsified data in ICSRs (rare, serious), deliberate suppression of safety information.
- Major: Repeated delayed expedited reports, lack of QPPV oversight or staffing preventing timely reporting, unvalidated safety database.
- Minor: Outdated SOPs, missing signatures on non‑critical forms, PSMF not updated to show non-core office move.
Annex B: Templates and Document References (select)
- PSMF template structure aligned to GVP Module I.
- Inspection readiness checklist (condensed).
- CAPA tracker template: finding, root cause, corrective action, owner, target date, evidence link.
- Vendor risk assessment template.
- Interview preparation brief for QPPV and deputies (example questions and suggested evidence locations).
Last reviewed: June 2026
This article aims to present the inspection view of QPPV responsibilities and practical steps to maintain inspection readiness. It is essential that each MAH tailors the generic structures above to their organisational context, regulatory commitments and product portfolio.