DSCSA-Compliant Verification of Authorized Trading Partners
SAP, Novartis and Spherity successfully tested the electronic verification of “authorized” US Trading Partners of pharmaceutical products.
The US Drug Supply Chain Safety Act of 2013 is transforming the supply chains of global pharmaceutical companies selling medicines in the United States. Besides requiring a full traceability of pharmaceutical products by 2023, the DSCSA requires that pharmaceutical supply chain trading partners only interact with trading partners that are “authorized”.
SAP and Spherity have completed, in collaboration with Novartis, a technical proof-of-concept project to analyze and test the feasibility of a technical solution to verify the authorized status of trading partners. The project demonstrated how the license information of authorized trading partners can circulate in the form of so-called verifiable credentials in the saleable returns verification. Specifically, we proved that the authorized status of business partners can be encoded as a verifiable credential, presented and verified automatically within the existing process to verify product identifiers of saleable returns.
“Based on our successful collaboration with Spherity, the industry agreed to further investigate the usage of W3C Decentralized Identifiers and Verifiable Credentials technology to electronically verify Authorized Trading Partners in the saleable returns verification process in an industry-wide pilot. Spherity’s deep know-how in this technology helped us to quickly integrate these capabilities into SAP’s solution offering and their integration-friendly identity wallet APIs will be fundamental to building a solid solution to comply with US DSCSA requirements.”
—Dr. Oliver Nuernberg, Chief Product Owner, SAP Life Sciences
Verification of saleable returns
In any retail supply chain, there are always examples of overstocked or underperforming merchandise, warehouse mix-ups, and other circumstances where products have to be returned to a wholesaler in large or small quantities. In the case of pharmaceuticals, however, these return processes are strictly regulated and auditable to prevent any dangerous, unauthorized, recalled, or misidentified drugs from entering (or re-entering) the market. For these reasons, wholesalers in the US need to verify any returned product and have it confirmed by its respective manufacturer. Hence, the verification of such product identifiers information for saleable returns is one point of interaction between wholesalers and manufacturers or repackagers that fall under DSCSA.
This interaction is unique in that it may occur between trading partners who have yet to form a trade relationship, establish a trusted digital connection and determine each other’s “authorized” status prior to conducting a product verification. One example is the verification of a returned product by a wholesaler who purchased the product from another wholesaler who, in turn, purchased it from the manufacturer. This second wholesaler and the manufacturer currently have no efficient and high-assurance means to authenticate and authorize each other.
One way that the industry is complying with the DSCSA saleable return verification requirements today is by performing product verification through the verification routing service (VRS). VRS providers such as SAP assist trading partners in verifying product identifiers in an efficient way by routing wholesaler requests for a product verification to the respective manufacturer, accessing manufacturer repositories, and formatting a manufacturer’s response to these verification requests. Currently, the VRS providers do not check the “authorized” status of trading partners at the time of an individual verification request. Instead, this is done upfront and reconfirmed on a monthly basis. In order to more efficiently comply with the DSCSA, the industry is looking for an electronic solution.
Proof of concept with SAP and Novartis
Together with SAP and Novartis, we have completed a proof-of-concept project demonstrating clearly that wholesalers and manufacturers can seamlessly exchange through VRS providers license information in the form of W3C Verified Credentials using the Spherity Wallet.
In the proof-of-concept, SAP connected their VRS clients to the Identity Wallets of a wholesaler and a manufacturer, both provided by Spherity. The cloud-based identity wallet is designed for enterprise usage and built on interoperable W3C standards. The existing verification routing service is based on a GS1 industry messaging standard. To avoid any change to the current business process, the credential has been added in the header of the standardized GS1 message, leaving the body unchanged. With that in place, the verification routing request and response messages can transport the specific request, the requisite product information, as well as the Authorized Trading Partner credentials of both parties.
The solution allows an Authorized Trading Partner (ATP) license check to be integrated in a low-friction way, allowing all parties to meet their obligations and be sure all communications are taking place between authorized trading partners.
“We successfully demonstrated that supply chain actors can use their Spherity Wallets to authenticate trading partners in digital interactions. This opens the window of opportunity to use secure and verifiable enterprise identifiers in further verification processes required under DSCSA.”
— Dr. Michael Rüther, COO/CFO, Spherity
As a result, the proof-of-concept demonstrates the technical viability of attaching one’s ATP status (in the form of a Verifiable Credential) to each product verification message that is routed by VRS providers. SAP successfully performed several test cases showing that there were no technical hurdles to communicating between the VRS providers using Identity Wallets.
Next step: Pilot project with industry consortium
After having successfully proven this concept, the Healthcare Distribution Alliance and the Center for Supply Chain Studies started a pilot project with a group of manufacturers, wholesalers, VRS providers, identity wallet providers like Spherity and credential issuance bodies. Together with leading pharmaceutical manufacturers and wholesalers, the project team fundamentally develops an interoperable industry solution with the goal of enabling all trading partners to meet their respective Authorized Trading Partner requirements under DSCSA.
Feel free to reach out with any question or to set up a demo to see how these tools work. If you just want to stay sphered join Spherity’s Newsletter list or follow us on LinkedIn and Twitter.
