DSCSA-Compliant Verification of Authorized Trading Partners

SAP, Novartis and Spherity successfully tested the electronic verification of “authorized” US Trading Partners of pharmaceutical products.

Georg Jürgens
Jul 9, 2020 · 5 min read

The US Drug Supply Chain Safety Act of 2013 is transforming the supply chains of global pharmaceutical companies selling medicines in the United States. Besides requiring a full traceability of pharmaceutical products by 2023, the DSCSA requires that pharmaceutical supply chain trading partners only interact with trading partners that are “authorized”.

DSCSA-Compliant Verification of Authorized Trading Partners — Photo by Morning Brew

SAP and Spherity have completed, in collaboration with Novartis, a technical proof-of-concept project to analyze and test the feasibility of a technical solution to verify the authorized status of trading partners. The project demonstrated how the license information of authorized trading partners can circulate in the form of so-called verifiable credentials in the saleable returns verification. Specifically, we proved that the authorized status of business partners can be encoded as a verifiable credential, presented and verified automatically within the existing process to verify product identifiers of saleable returns.

Verification of saleable returns

In any retail supply chain, there are always examples of overstocked or underperforming merchandise, warehouse mix-ups, and other circumstances where products have to be returned to a wholesaler in large or small quantities. In the case of pharmaceuticals, however, these return processes are strictly regulated and auditable to prevent any dangerous, unauthorized, recalled, or misidentified drugs from entering (or re-entering) the market. For these reasons, wholesalers in the US need to verify any returned product and have it confirmed by its respective manufacturer. Hence, the verification of such product identifiers information for saleable returns is one point of interaction between wholesalers and manufacturers or repackagers that fall under DSCSA.

This interaction is unique in that it may occur between trading partners who have yet to form a trade relationship, establish a trusted digital connection and determine each other’s “authorized” status prior to conducting a product verification. One example is the verification of a returned product by a wholesaler who purchased the product from another wholesaler who, in turn, purchased it from the manufacturer. This second wholesaler and the manufacturer currently have no efficient and high-assurance means to authenticate and authorize each other.

One way that the industry is complying with the DSCSA saleable return verification requirements today is by performing product verification through the verification routing service (VRS). VRS providers such as SAP assist trading partners in verifying product identifiers in an efficient way by routing wholesaler requests for a product verification to the respective manufacturer, accessing manufacturer repositories, and formatting a manufacturer’s response to these verification requests. Currently, the VRS providers do not check the “authorized” status of trading partners at the time of an individual verification request. Instead, this is done upfront and reconfirmed on a monthly basis. In order to more efficiently comply with the DSCSA, the industry is looking for an electronic solution.

Proof of concept with SAP and Novartis

Together with SAP and Novartis, we have completed a proof-of-concept project demonstrating clearly that wholesalers and manufacturers can seamlessly exchange through VRS providers license information in the form of W3C Verified Credentials using the Spherity Wallet.

In the proof-of-concept, SAP connected their VRS clients to the Identity Wallets of a wholesaler and a manufacturer, both provided by Spherity. The cloud-based identity wallet is designed for enterprise usage and built on interoperable W3C standards. The existing verification routing service is based on a GS1 industry messaging standard. To avoid any change to the current business process, the credential has been added in the header of the standardized GS1 message, leaving the body unchanged. With that in place, the verification routing request and response messages can transport the specific request, the requisite product information, as well as the Authorized Trading Partner credentials of both parties.

Simplified process by Spherity

The solution allows an Authorized Trading Partner (ATP) license check to be integrated in a low-friction way, allowing all parties to meet their obligations and be sure all communications are taking place between authorized trading partners.

As a result, the proof-of-concept demonstrates the technical viability of attaching one’s ATP status (in the form of a Verifiable Credential) to each product verification message that is routed by VRS providers. SAP successfully performed several test cases showing that there were no technical hurdles to communicating between the VRS providers using Identity Wallets.

Next step: Pilot project with industry consortium

After having successfully proven this concept, the Healthcare Distribution Alliance and the Center for Supply Chain Studies started a pilot project with a group of manufacturers, wholesalers, VRS providers, identity wallet providers like Spherity and credential issuance bodies. Together with leading pharmaceutical manufacturers and wholesalers, the project team fundamentally develops an interoperable industry solution with the goal of enabling all trading partners to meet their respective Authorized Trading Partner requirements under DSCSA.

Feel free to reach out with any question or to set up a demo to see how these tools work. If you just want to stay sphered join Spherity’s Newsletter list or follow us on LinkedIn and Twitter.


Boost Your Compliance and Security with Digital Identities.