Back to Resources

Blog

PSMF Version History vs Audit Trail: What Each Proves During Inspection

Inspection ReadinessJuly 2026

Learn how version history and audit trails support PSMF inspection readiness, traceability of Annex I Change Logs, QPPV oversight, and controlled PSMF governance.

PSMF Version History vs Audit Trail: What Each Proves During Inspection

A Clean Version Number Does Not Always Prove Control

A PSMF can have a clean version number and still fail to prove control.

This is often where inspection questions begin.

Many pharmacovigilance teams use version history and audit trails interchangeably. During a PSMF inspection, however, they serve very different purposes.

Version history helps demonstrate how the PSMF evolved over time.

Audit trails help demonstrate how updates moved through review, approval, QPPV oversight, and controlled governance before becoming part of the active PSMF.

Understanding that distinction becomes increasingly important as organizations manage multiple affiliates, outsourced activities, local PSMFs, and frequently changing annexes.

Key Takeaway: Version history proves document evolution. Audit trails prove controlled actions. Inspectors may review both when assessing Annex I Change Log records, reviewer involvement, approval workflows, version governance, and QPPV oversight. The real risk is not simply an outdated PSMF. The bigger risk is being unable to demonstrate how updates were reviewed, approved, and maintained within a controlled governance process.


Why Inspectors Look Beyond the Latest PSMF Version

As per EMA GVP Module II, the PSMF must maintain an accurate and current description of the pharmacovigilance system.

As a result, inspectors rarely stop at the latest PDF.

Instead, they often use the current version as a starting point and then work backward through the governance process.

A typical inspection discussion may move quickly from:

"Is the PSMF current?"

to:

"What triggered this update?"

"When was Annex I updated?"

"Who reviewed the change?"

"Who approved it?"

"Was the QPPV aware of the update before release?"

The final document may show that an update occurred.

Inspectors often want evidence showing how that update was controlled.

Version history shows the evolution, audit trail shows the control


What PSMF Version History Actually Proves

Version history is focused on the document itself.

It helps demonstrate how the PSMF moved from one approved state to another and which version was active at a specific point in time.

For example, an inspector may ask to review the version that was active during a previous inspection, audit, or Data Lock Point (DLP).

Version history helps answer questions such as:

  • Which version was approved?
  • When did it become effective?
  • Which version replaced it?
  • Can historical versions still be retrieved?

This is important evidence of document control and is a key part of maintaining an inspection-ready PSMF.

However, version history only tells part of the story.

It may show that Version 5.0 replaced Version 4.0, but it does not always explain how the update moved through review and approval.

This is where audit trails become critical.

For organizations managing multiple PSMF versions across affiliates or regions, maintaining controlled global and local PSMFs becomes even more important because version consistency must be maintained across multiple records.


What a PSMF Audit Trail Actually Proves

While version history focuses on document outcomes, audit trails focus on activity.

Audit trails provide time-stamped evidence of actions performed throughout the lifecycle of a PSMF update. They help demonstrate:

  • Who made the change
  • When the change occurred
  • Who reviewed it
  • Who approved it
  • Which workflow was followed
  • What changes were made

From an inspection perspective, audit trails provide accountability.

They help demonstrate that updates were controlled rather than simply recorded.

This is why robust tracked changes and audit trail controls are often considered a core component of PSMF governance.


Why Inspectors Start With Version History but End With Audit Trails

A clean version history can create the impression that governance is under control.

This is where many organizations struggle.

Inspectors often want to understand what happened between the versions.

Imagine a vendor update that affects the pharmacovigilance system.

The annex is updated. A new PSMF version is released. The version history clearly shows that the change occurred.

The inspector may then ask:

  • Who initiated the update?
  • Was the impact on the PSMF assessed?
  • Was Annex I updated with the change?
  • Was the reviewer sign-off completed before the PDF was published?
  • Was QPPV approval documented?

At this point, the inspection focus shifts from document history to governance evidence.

A version history confirms that a change occurred.

An audit trail helps demonstrate that the change followed a controlled process.


Why Annexes Create the Greatest Governance Risk

The main PSMF body often changes less frequently than the annexes.

Annexes regularly receive updates relating to vendors, affiliates, organizational structures, local responsibilities, and operational processes.

This is where traceability challenges typically emerge.

Annex I is particularly important because it functions as the Change Log for updates affecting the PSMF and the pharmacovigilance system.

When Annex I entries are recorded contemporaneously during the workflow, they help establish a traceable governance record.

Commission Implementing Regulation (EU) 2025/1466 reinforces the need to document major or critical deviations from pharmacovigilance procedures, including their impact and management, in the PSMF until they are resolved. This makes accurate, traceable change records even more important. Our article on EU Regulation 2025/1466 and the PSMF covers this shift in more detail.

When updates are reconstructed later, organizations may struggle to demonstrate the full context behind the change.

This is why effective PSMF change tracking is closely linked to inspection readiness. See our guide on PSMF Change Tracking for a deeper look at how updates should be recorded, reviewed, and governed. For more on how annex updates specifically create governance risk, see PSMF Annex Management for Dynamic Annexes.

Inspectors do not simply want to see that a change occurred.

They want to understand when it occurred, why it occurred, who reviewed it, and how it was approved.


What Happens When Annex I and Version History Do Not Match

One of the more difficult inspection scenarios occurs when Annex I records and version history tell different stories.

For example, a PSMF version may indicate that a significant update was released in March.

However, Annex I may show the change being recorded months later.

This creates questions about:

  • Change timing
  • Reviewer oversight
  • QPPV visibility
  • Change governance

Even if the final document appears accurate, gaps between change records and document history can create uncertainty around how the update was controlled.

This is why contemporaneous Change Log management is generally more defensible than retrospective reconstruction.


Why Global and Local PSMFs Make Version Control Harder

Version governance becomes significantly more complex when organizations maintain multiple local PSMFs alongside a global PSMF.

Local updates may affect:

  • Affiliate information
  • Local contact details
  • Local agreements
  • Regional products
  • Country-specific processes

Without consistent governance, local updates may not always be reflected appropriately in the wider pharmacovigilance documentation framework.

This creates a risk that version history, Annex I records, and operational reality become misaligned.

Maintaining visibility across both global and local records is one reason many organizations adopt structured approaches to managing global and local PSMFs. Our article on UK PSMF vs EU PSMF explores one common example of this challenge.


What Controlled Governance Looks Like in Practice

Strong governance requires more than document storage.

Organizations need a process that connects source updates, reviews, approvals, audit trails, version history, and QPPV oversight.

This becomes especially important when updates originate from affiliates, vendors, or External Data Sources.

The objective is not simply to create a new PSMF version.

The objective is to maintain evidence showing:

  • What changed
  • Why it changed
  • Who reviewed it
  • Who approved it
  • When it became effective
  • Which version became active

When these elements remain connected, inspection preparation becomes significantly easier.


How PSMF Manager Supports Controlled Governance

PSMF Manager helps organizations connect version history, audit trails, reviewer workflows, approval workflows, and QPPV oversight into a controlled governance process.

Updates can originate through controlled workflows or External Data Sources. Where appropriate, Ask AI can assist by suggesting Annex I Change Log content and identifying differences between versions.

Reviewers remain responsible for checking updates. Audit trails record actions and preserve historical records. Approved content becomes part of the controlled PSMF record. A PDF version is generated, QPPV approval is completed, and version lock is applied.

Supporting features such as Version History and Tracked Changes help maintain visibility throughout the process.


What This Means for Inspection-Ready PSMF Governance

Version history and audit trails are both essential components of inspection-ready PSMF governance.

Version history helps demonstrate how the PSMF evolved over time.

Audit trails help demonstrate how those changes were reviewed, approved, and controlled.

Neither replaces the other.

Together, they provide the traceability, accountability, and oversight evidence inspectors frequently expect when assessing a pharmacovigilance system.

For MAHs, the goal should not simply be maintaining the latest PSMF version.

The goal should be maintaining a controlled record that demonstrates what changed, how it changed, who approved it, and when it became part of the active pharmacovigilance system.

For more insights into inspection readiness, see our guide on what inspectors look for in your PSMF during inspections.

Request a demo of PSMF Manager today to see how controlled workflows, audit trails, and version governance can help maintain an inspection-ready PSMF. Request a demo


FAQs

Frequently Asked Questions

What do inspectors typically ask after reviewing PSMF version history?+
Inspectors often request supporting evidence showing why a change was made, who reviewed it, whether Annex I was updated, whether approvals were completed, and whether the QPPV had visibility before release.
What is the difference between an Annex I Change Log and a PSMF audit trail?+
Annex I records relevant changes affecting the PSMF and pharmacovigilance system. An audit trail records the underlying workflow activity, including user actions, reviews, approvals, and timestamps associated with those changes.
Can a final PDF prove that a change was approved?+
Not always. A PDF shows the final document output, but inspectors may also request evidence of reviewer involvement, approval actions, QPPV approval, and version governance before release. This is where built-in audit trails become valuable, as they provide time-stamped evidence of the actions completed throughout the review and approval workflow.
How should organizations manage version history across global and local PSMFs?+
Organizations should maintain consistent governance processes so that updates, approvals, version history, and Change Log records remain traceable and aligned across both global and local PSMFs.
What do inspectors look for beyond the latest PSMF version?+
Inspectors often assess Annex I records, reviewer workflows, approval evidence, version history, audit trails, and QPPV oversight to understand how the PSMF has been maintained over time.