A Practical Guide to the PSMF: How to Structure Your Pharmacovigilance System File

The PSMF is not just a Document, it is the System

For any QPPV, the Pharmacovigilance System Master File (PSMF) is the most important document. It's not just a simple dossier to be archived, but the living, breathing "identity card" of the entire company's pharmacovigilance system. Mandatory under European regulations (and detailed in GVP Module II), the PSMF describes in a single document how the company fulfills its pharmacovigilance obligations.

During a GVP inspection, the PSMF is almost always the first document requested by the authority (which expects to receive it within 7 days of the request). An incomplete, outdated, or inaccurate PSMF is the first and most serious warning sign for an inspector.

But how do you build a robust, maintainable, and inspection-ready PSMF? And how do you use it as an active management tool, rather than a mere bureaucratic requirement? This practical guide analyzes the structure and operational management of the Master File.

The PSMF Structure: What to Include (Second to GVP Module II)

GVP Module II provides a detailed table of contents for the PSMF. While the structure can be adapted, it should contain clear sections covering the following domains.

Section 1: The QPPV

This section is the "Who" section. It must clearly identify the nominated QPPV.

• Personal data and contact details: Name, surname, and 24/7 contact information (telephone, email).
• Summary CV: Must demonstrate that the QPPV has the necessary qualifications and experience.
• Responsibilities: A summary of key responsibilities (often a callback to GVP Module I).
• Back-up: The description of the back-up system, including the details of the Deputy QPPV(s).

Section 2: The Organizational Structure

This section explains "Where" and "How" QPPV fits into the business.

• Organizational charts: Must show the QPPV's position in the company, his reports (hierarchical and functional) and relationships with other functions (QA, RA, Medical).
• Pharmacovigilance Team: Description of the team structure (central and local/affiliate), including key roles (e.g., Safety Physician, Case Processor, Signal Manager).
• Third Parties: A list of all PV activities possibly outsourced (e.g. to CRO) and related agreements (SDEA).

Section 3: Sources of Safety Data

Here we describe "What" is collected.

• Data collection flows: How the company collects data (spontaneous reports from doctors/patients, scientific literature, clinical studies, post-authorization studies, commercial partners).
• Product List: A complete list of all medicines (with MA) covered by the PV system.

Section 4: Information Systems (Database)

The technological "How".

• Database Description: What security software is used (e.g. Argus, ARISg).
• Validation: A summary of the database validation status (essential for inspectors).
• EudraVigilance: Description of how the company interacts with EudraVigilance for reporting (gateway, EVWEB).

Section 5: Key Pharmacovigilance Processes

The operational "What to do".

• ICSR Management: Description of the flow of a case (reception, triage, data entry, medical assessment, reporting).
• Signal Management: How the company performs signal detection (methodology, frequency, statistical tools) and evaluation.
• Risk Management: How RMPs and risk minimization measures are developed and monitored.
• PSUR Management: Planning and drafting Periodic Safety Reports.

Section 6: System Performance

“How we measure” effectiveness.

• Key Performance Indicators (KPIs): This is a critical section. It should include key metrics, such as compliance with reporting deadlines (e.g., % serious ICSRs submitted within 15 days), data quality, and timely PSUR submissions.
• Quality System (Audit): A summary of the quality system applied to the PV.

Section 7: Annexes

Attachments contain the "live" information, the information that changes most frequently.

• Changelog: A log of all changes made to the PSMF.
• SOP List: The complete list (index) of all pharmacovigilance operating procedures.
• Audits: A list of GVP audits (internal and external) conducted and planned.
• KPI: Updated reports of performance indicators.
• Training: Key personnel GVP training records (including QPPV).

Beware of... Common Mistakes in PSMF Management

A weak PSMF almost always presents the same problems, which are "red flags" for inspectors:

1. PSMF "Shelf": The document is written once and never updated. The organizational chart is two years old, the list of SOPs doesn't match those currently in use, and the KPIs are missing. The PSMF must be continually updated.
2. Lack of QPPV Oversight: The PSMF is managed by a junior function or QA, and the QPPV is not familiar with its details. The inspector notices this by asking the QPPV specific questions about the content.
3. Missing or "Adjusted" Performance Data: The KPI section is blank or shows an unrealistic 100% compliance. The absence of metrics indicates that the system is not being monitored.
4. Generic Descriptions: The PSMF copies and pastes the GVPs ("The company does signal detection..."), but does not describe how it does it in practice (e.g. "We use a statistical analysis (PRR) on our validated database 'X' on a monthly basis, discussed in Security Committee Y...").

Best Practice Box: The PSMF as a Management Review Tool

The most experienced QPPV doesn't just use the PSMF for inspection. They use it as an agenda for the Management Review of the PV system. The annexes (KPIs, audits, deviations, training) become the "dashboard" to present to senior management for:

• Demonstrate compliance (or gaps).
• Identify areas of risk (e.g., declining reporting compliance).
• Request resources (e.g., "KPIs show overload, need to hire a Case Processor").
• Track continuous improvement.

Operational Checklist: Is Your PSMF Ready for Inspection?

Use this quick checklist (based on GVP Module II) for a self-assessment:

• QPPV: Are the CV and contact details of the QPPV owner and Deputy updated?
• Organizational Chart: Does it reflect the actual structure of the company today ?
• Outsourcing: Is the list of CROs/partners and their SDEAs complete?
• Database: Is the security database validation status documented?
• Processes: Do the flows (ICSR, Signals) described correspond to the SOPs in force?
• SOP: Does the SOP index in the PSMF match the master list?
• Performance: Are KPIs (especially compliance reporting) present, up-to-date, and honest?
• Audit: Has the GVP audit log (internal/external) been updated with the latest reports?
• Update: Has the entire document been revised (at least formally) in the last year?
• Accessibility: Can you retrieve and provide the complete PSMF (including attachments) within 7 days?

Conclusion

Managing the PSMF is a core responsibility of the QPPV and their team. It's a document that requires constant maintenance and an honest approach. If maintained properly, it's not a burden, but the best tool the QPPV has for managing their system, demonstrating compliance, and driving continuous improvement.

Want to master every detail of GVP Module II and learn how to manage an inspection-proof PSMF, with practical examples and templates? Discover the complete guide " The Role of the Pharmacovigilance Manager (QPPV) and His Team " on GuideGxP.com.