Your PSMF Is the First Operational Test
Inspectors do not start with your SOP library or your safety database. They start with the Pharmacovigilance System Master File because it tells them where your system may break. EMA GVP Module II is explicit that the PSMF must describe the pharmacovigilance system, support and document compliance, and contribute to the planning and conduct of audits and inspections. In other words, the PSMF is not just a record. It is an inspection map. (European Medicines Agency (EMA))
Weak PSMFs attract scrutiny quickly. In its 2024 Annual report, the EMA Pharmacovigilance Inspectors Working Group identified 87 deficiencies in CHMP-requested inspections, including 29 major findings. PSMF was among the top three most common areas with findings identified during inspections conducted in 2024. Inspectors do not review the PSMF for structure or wording. They use it to identify gaps in governance, traceability, and operational control. (European Medicines Agency (EMA))
Inspectors first check whether the PSMF reflects the live system
The first inspection question is simple: does the document still describe the system as it operates today?
Under Implementing Regulation (EU) No 520/2012, the MAH must keep the PSMF up to date. EMA GVP Module II also requires it to reflect the system across global, regional, and local levels. If it still shows outdated structures or workflows, it is not a documentation issue. It is a governance failure.(EUR-Lex)
This is where the data lock point matters. Inspectors check whether the PSMF reflects the pharmacovigilance system on the date of request, not just the last PSMF review cycle. If recent changes are missing, it signals weak change control. That is one reason manual PSMF management failures turn into inspection findings so often.
Annex accuracy is where many major findings begin
The main PSMF body may open the inspection, but annexes determine its direction.
Inspectors use annexes to verify whether the PSMF reflects real operations. They are not checking if Annex B, C, G, or I exists. They are checking if the data matches actual agreements, teams, audits, and system changes.
Annex B tests vendor and subcontracting control. Under Regulation (EU) 2025/1466, unclear delegation or lack of MAH visibility is treated as loss of control, not a documentation gap.
Annex C tests completeness of safety data sources and reporting pathways. Missing channels suggest gaps in case capture.
Annex G tests whether audits are planned, executed, and followed up based on risk, not just listed.
Annex I tests change control. If real changes are not logged, inspectors see system drift, not a missed update.
This is why PSMF version control and governance is not a documentation topic. It is an inspection readiness topic.
QPPV oversight is tested through evidence, not titles
The QPPV remains one of the clearest inspection lenses into whether pharmacovigilance governance is real.
GVP Module I requires the QPPV to have the necessary expertise or access to medical expertise. Inspectors test this because it directly impacts medical review and decision-making. (European Medicines Agency (EMA))
They also assess whether the QPPV can exercise oversight in practice. This includes access to the PSMF, compliance data, audit outcomes, and vendor activities. A QPPV named in the document but not involved in changes, metrics, or escalations is a weak signal.
A common finding arises when oversight is described but not supported by evidence such as meeting records, performance reviews, or escalation logs. The issue is not poor documentation. It is lack of demonstrable control.
Inspectors trace ICSR pathways from intake to submission
Inspectors move quickly from “describe your process” to “show me a case.”
They check whether the PSMF makes ICSR flow clear and verifiable across intake, triage, medical review, and submission. Visual pathways or flowcharts often help reduce ambiguity during review.
This matters more with EudraVigilance now central to safety monitoring. EMA guidance requires MAHs to use it as an active data source. If your PSMF treats it as peripheral, the system may be seen as outdated.
With over 29 million ICSRs in EudraVigilance, inspectors expect systems to reflect this scale and integration.
Vendor oversight findings usually come from ambiguity, not absence
Most companies now have vendor agreements. Inspectors know that.
They test whether agreements create real accountability. This includes clear responsibilities, audit rights, escalation routes, and evidence of performance review. A contract with unclear ownership is almost as weak as no contract.
Regulation (EU) 2025/1466 has increased focus on subcontracting and documentation, making vague vendor structures and weak follow-up more visible during inspections. (EUR-Lex)
If you want a practical internal-link bridge here, this section pairs naturally with global and local PSMF alignment across affiliates, because vendor ambiguity and affiliate ambiguity often surface in the same inspection trail.
What good inspection performance looks like
The strongest organizations do not maintain the PSMF as a quarterly document task. They maintain it as a governed reflection of the live system.
That usually shows up in four ways.
First, change control is continuous, especially in Annex I. Second, the QPPV has documented visibility into changes, metrics, and medical escalation routes. Third, annex ownership is clear enough that inspectors can move from file entry to evidence without hitting contradiction. Fourth, the system description is coherent with current regulatory expectations, including the post-2025 changes around significant deviations, subcontracting clarity, and EudraVigilance use. (EUR-Lex)
A Simpler Inspection Summary
| Area | What Inspectors Actually Test |
|---|---|
| Core narrative | Whether the file still matches the live pharmacovigilance system |
| Annex B | Whether vendor and subcontracting responsibilities are clear and controlled |
| Annex C | Whether all relevant safety data sources and pathways are identified |
| Annex G | Whether audits are risk-based, completed, and followed through |
| Annex I | Whether changes are captured continuously, not only at version release |
| Annex A | Whether oversight is active, evidenced, and medically supported where needed |
| Annex E | Whether document references and actual process control are synchronized |
| Annex F | Whether intake-to-submission flows are traceable and inspection-ready |
| Annex D | Whether the scope and product references are consistent with current regulatory data expectations |
The real inspection question
The real question is not whether your PSMF is complete.
It is whether an inspector can start in the PSMF, follow one annex entry, one vendor responsibility, one QPPV oversight statement, or one ICSR flow, and arrive at evidence that still matches the file.
That is the standard for maintaining an inspection-ready PSMF. Request a demo today for PSMF Manager!