Holistic Risk Management in Safety: From Global Plans to Local Action

May 28, 2025 | Christina Kim

Risk management topped the list of drug safety critical inspection findings from 2012 to 2023, according to data from the UK Medicines and Healthcare Products Regulatory Agency (MHRA). During this period, risk management more than doubled the number of critical inspection findings relative to other Good Pharmacovigilance Practices (GPvP). And in 2023, risk management continued to top the list of critical findings during routine initial inspections.

Inspection trends: critical findings over time, 2012-2023

Source: Medicines & Healthcare Products Regulatory Agency, “MHRA GPvP Inspections: programme, tips and findings,” September 18, 2024.

Critical inspection findings can have serious consequences for biopharmas, including increased inspection frequency, costly fines, and in the worst cases, delays in bringing a product to market — and ultimately to patients.

I recently spoke to pharmacovigilance (PV) professionals at the American Drug Safety Summit about common risk management challenges, as well as fundamental risk management best practices that can improve oversight, efficiency, and compliance.

Read on to learn more.

De-risking your risk management plans

At the core of the process are risk management plans (RMPs), which define a product’s safety profile, including its epidemiology, pharmacovigilance plan, post-authorization studies, and risk minimization activities. These documents serve as the backbone of the risk management process and may be updated frequently during clinical trials and after approval. Importantly, core RMPs also serve as the basis for local RMPs, where information may be tailored to a submission to a specific agency, e.g., the FDA or EMA.

Specific markets also require additional risk measures when additional risk mitigation is needed to optimize the safe use of a drug. In the EU, for example, the EMA may require additional risk minimization measures (aRMMs), which can include information like demonstration kits, dispensing forms, and direct communications with healthcare professionals. Organizations must also demonstrate that they have implemented, tracked, managed, and measured the efficacy of these specific risk minimization tools.

Many PV organizations still take a manual approach to managing RMPs and related documentation, often using a combination of SharePoint, Excel, and paper across a mix of different systems. But, as regulatory requirements continue to evolve and biopharmas continue to expand into new markets, these traditional risk management approaches struggle to keep pace. Challenges include:

• Siloed sources of information: Disconnected documents and systems increase manual effort and the potential for errors, including disconnects between core plans and local market versions, as well as additional risk measures required in certain markets.
• Inefficient processes: Manual approaches to authoring, maintaining, and tracking multiple risk management documents across teams and local markets limit visibility into document lifecycle status and make collaboration difficult.
• Non-compliant solutions: Solutions that aren’t purpose-built to handle risk management documentation put the organization at risk and limit responsiveness to audits and inspection findings.

These challenges make it difficult to quickly find the right RMP version while maintaining oversight of local RMPs and aRMMs. It is also challenging to keep RMPs, aRMMs, and other required documentation up-to-date and audit-ready, especially when a product is being approved in multiple markets with different requirements.

Improving risk management oversight, efficiency, and compliance

By moving away from manual trackers and disconnected systems, PV organizations can more easily demonstrate that they have an effective and comprehensive risk management process in place. Here are four ways a cloud-based system can improve oversight, efficiency, and compliance:

1. Always find the right RMP: Easily identify which RMPs are applicable for which products and markets. This improves visibility and collaboration, as global and regional teams can see the RMP’s lifecycle state, updates to the document, and associated content, such as additional risk measures.
2. Speed up local RMPs: Reusing the core RMP in local versions greatly speeds up the process, creating efficiency and ensuring that local teams always have the most up-to-date version. In Veeva SafetyDocs, when the core RMP is updated, it creates a new local version where an RMP submission is required.
3. Manage aRMMs effectively: Implement, track status, manage, and measure aRMMs for each market where they are required. Connected processes and content make it easy to see what is valid in what region and what tools are in use in each market.
4. Monitor local compliance: A cloud-based system improves audit and inspection readiness by making it easier to monitor risk management processes and documents, eliminating the need for highly manual upkeep across markets and teams.

Veeva SafetyDocs improves efficiency, collaboration, and compliance with regulatory authorities for risk management plans, additional risk minimization measures, and other safety content. Clear relationships between core and local RMPs and aRMMs enable collaboration and visibility across teams, improving inspection readiness and responsiveness to risk management-related inspection findings.

See how Veeva SafetyDocs streamlines risk management for PV teams.