Depending on its relationships, the SDEA may include the attribution of responsibility for the EU QPPV, the PSUR letter, literary research, reporting to regulatory authorities, answering questions from regulators, processing product claims, signal recognition, hosting the security database and continuous assessment of profit-related risks. Where some or all of the pharmacovigilance activities are outsourced, including medical information, call centres, treatment of undesirable undesirables, the ADES must be complete and specify which parties are responsible for which activities, although the ultimate responsibility lies with the MAH. None of the above lists are exhaustive – the types of data and activities regulated by the ADES differ from company to company and from product to product. There are specific considerations to be made depending on the uniqueness of the business relationship that the partners could maintain. To list a few, there could be a scenario whereby there is a «zero VPA» for the business relationship that does not justify sharing security information. In such cases, POC cannot ignore the full mention of the clause; on the contrary, it should be clearly justified in the trade agreement and/or stand-alone VPA clause (sometimes for other activities). Sometimes the original owner of the product has to take a step backwards because of his own restrictions or regulatory constraints in that particular area to get the MA in his own name. In such scenarios, the MAH would be in the name of the counterparty, which would act as the face of the product only when it comes to submitting legislation and all other activities are carried out by the former party. This situation is delicate and should not be confused with a scenario for regular service providers. Other specific considerations include merger/transfer and piggyback scenarios, which must be treated with the utmost care, taking into account all factors of influence. The DS/PV team should constantly inform the rest of the company of the presence of SDEAs in order to protect the company and public health.
A written programming or procedural document must be signed at the highest level, which requires all divisions that may see security problems to have mechanisms for ADES and the obtaining and handling of security issues. To this end, companies must enter into written agreements with all parties, businesses, individuals, investigators, CROs, patient support organizations, toxin control centres (when used for AEs registration), telephone call centres and other business partners who receive the security data a company needs. This also applies to all companies listed on labelling, such as distributors, manufacturers, partners, etc. These agreements are referred to as «security data exchange agreements» (SDEAs). They are requested and verified by the FDA and other health authorities during inspections. These MA holders may have to establish different business relationships with other pharmaceutical companies or cros or other service providers in order to obtain the necessary authorization and market their manufacturing forms. These commercial relationships vary according to the requirements/consents/commitments/interests of both counterparties. These relationships are governed by master service agreements/trade agreements.
There is no «One Size fits all» SDEA, although they are generally similar.