GxPinnacle Logo
Skip to content

What Do Inspectors Check for Vendor Oversight and Governance in Pharmacovigilance?

Pharmacovigilance systems must maintain oversight of vendors and service providers under Safety Data Exchange Agreements. Regulators expect the MAH to retain control, monitor performance, audit vendors, and ensure compliance with all PV obligations.

For: Founders, CEOs & MDs·PV Leads·QA/Compliance·Scientists tasked with documentation

Alignment: Global pharmacovigilance principles (ICH-aligned) and inspection practices

Most useful when: Preparing for inspection, setting up a process, or closing a documentation gap

Key points

  • The MAH must retain ultimate responsibility for pharmacovigilance even when activities are outsourced.
  • Vendor responsibilities must be clearly defined in Safety Data Exchange Agreements.
  • The MAH must actively monitor vendor performance against agreed obligations.
  • Audit rights and oversight mechanisms must be established and exercised.
  • Escalation and corrective action processes must address vendor non-compliance.
  • Inspection-ready evidence must demonstrate active governance and control of outsourced PV activities.

What inspectors expect

Each point below should be supported by controlled documents and traceable records.

  • The MAH must retain ultimate accountability for pharmacovigilance.
  • Vendor roles must be clearly defined and documented.
  • Vendor performance must be actively monitored.
  • Audit and oversight mechanisms must be implemented.
  • Non-compliance must trigger escalation and CAPA.

Summary

Inspectors assess whether the MAH maintains effective oversight of vendors and service providers performing pharmacovigilance activities. They typically review agreements, performance monitoring, audit records, escalation processes, and evidence that the MAH retains control of the PV system.

Common questions

These are the questions this page is designed to answer directly.

  • What is vendor oversight in pharmacovigilance?
  • What do inspectors check for PV vendor oversight?
  • How does the MAH maintain control over outsourced PV activities?
  • What are pharmacovigilance vendor oversight requirements?
  • How are CROs managed in pharmacovigilance?
  • What governance is required for PV vendors?
  • How do inspectors assess vendor compliance?
  • What audit requirements exist for pharmacovigilance vendors?
  • What responsibilities can be delegated in PV?
  • How do you ensure vendor compliance with SDEAs?

Evidence objects inspectors expect

Vendor Safety Data Exchange Agreement

  • Defined scope of delegated pharmacovigilance activities
  • Clear allocation of vendor and MAH responsibilities
  • Defined timelines and compliance expectations
  • Version control and active agreement status

Vendor Oversight and Performance Monitoring

  • KPI tracking for vendor performance
  • Monitoring of case processing timelines
  • Review of data quality and compliance metrics
  • Governance meeting records with vendor

Audit and Inspection Records

  • Vendor audit reports
  • Inspection readiness documentation
  • Findings and CAPA from vendor audits
  • Evidence of audit follow-up and closure

Escalation and CAPA Records

  • Escalation logs for vendor non-compliance
  • Corrective and preventive action plans
  • Tracking of CAPA implementation
  • Verification of CAPA effectiveness

Governance and Communication Evidence

  • Joint safety or governance meetings
  • Communication logs between MAH and vendor
  • Defined escalation pathways
  • Updated contact lists and responsibility ownership

Regulatory Basis (Primary Sources)

  • GVP Module I – MAH retains responsibility for pharmacovigilance systems and oversight
  • GVP Module VI – requirements for managing and monitoring outsourced PV activities
  • ICH E2D – responsibilities for safety data management
  • MHRA GPvP guidance – oversight of contracted pharmacovigilance activities
  • FDA pharmacovigilance guidance – responsibility of application holder for compliance

Typical Inspection Questions (What Inspectors Ask)

  • How do you oversee your pharmacovigilance vendor?
  • What KPIs do you use to monitor vendor performance?
  • Show me your vendor audit reports.
  • How do you ensure the MAH retains control of PV activities?
  • What happens when the vendor fails to meet requirements?

Failure patterns

The MAH relies on the vendor without active oversight.

Vendor responsibilities are unclear or incomplete.

Vendor performance is not monitored or documented.

Audit findings are not addressed or tracked.

The MAH cannot demonstrate control over outsourced activities.

What good looks like

  • Clear agreements defining vendor responsibilities and MAH oversight.
  • Active monitoring of vendor performance using defined KPIs.
  • Regular audits with documented findings and follow-up.
  • Effective escalation and CAPA processes.
  • Demonstrable MAH control over all pharmacovigilance activities.

Operationalisation

  • Define vendor responsibilities clearly in SDEAs.
  • Implement performance monitoring using KPIs and metrics.
  • Conduct regular vendor audits and document findings.
  • Establish escalation and CAPA processes for non-compliance.
  • Maintain active governance through regular meetings and reviews.
  • Ensure MAH retains visibility and control over all PV activities.

Need regulatory documentation today?

Save time and reduce inspection risk with structured, pre-built process-ready documentation.
Created by industry professionals, adaptable to your organisation.

Related pre-built documentation inside the app

Get AccessLog In

FAQ

What is vendor oversight in pharmacovigilance?

Vendor oversight is the process by which the MAH monitors and controls pharmacovigilance activities performed by third-party service providers.

Who is responsible for pharmacovigilance compliance when activities are outsourced to a vendor?

The Marketing Authorisation Holder remains ultimately responsible for pharmacovigilance compliance even when operational activities are outsourced to a vendor or service provider.

Does outsourcing pharmacovigilance transfer responsibility?

No. The MAH retains full responsibility for pharmacovigilance compliance even when activities are outsourced.

How do inspectors assess vendor oversight?

Inspectors review agreements, performance metrics, audit records, and governance processes to confirm that the MAH maintains control.

What are common vendor oversight failures?

Common failures include lack of monitoring, unclear responsibilities, missing audits, and weak escalation of issues.

How are vendors monitored in pharmacovigilance?

Vendors are monitored through KPIs, audits, reconciliation activities, and governance meetings.

What evidence is required for vendor oversight?

Evidence includes agreements, performance metrics, audit reports, CAPA records, and governance documentation.

Sources

Primary guidance used to inform this map. This page is a structured interpretation layer; always validate against the original source documents.

European Medicines Agency (EMA)

  • Guideline on good pharmacovigilance practices (GVP) – Module I
    View source
  • Guideline on good pharmacovigilance practices (GVP) – Module VI
    View source

FDA

ICH

MHRA