Spherity Credentialing Service supports DSCSA compliance by 2023
Spherity’s solution enables pharmaceutical supply chain actors to identify and verify authorized trading partners, supporting the U.S. congress objective to assure patient safety
In November 2013, the U.S. congress enacted the Drug Supply Chain Security Act (DSCSA) in order to protect patients’ health. To achieve this, a part of this legislation will require U.S. pharmaceutical trading partners to establish that they only interact with other trading partners who have been properly authorized. This means each trading partner must hold a valid state-issued license or a current registration with the Food and Drug Administration (FDA). Consequently, all verified trading partners are considered legitimate actors within the supply chain.
With more than 60,000 active trading partners involved in the U.S. Life Sciences Industry and an FDA recommendation to respond to data requests in under one minute, there is a pressing need for a powerful solution that facilitates DSCSA compliance by 2023. Yet, only two years before the deadline U.S. pharmaceutical supply chain actors still have no interoperable, electronic mechanism to validate each others’ authorized status.
What is an authorized trading partner, and why do we care?
In the pharmaceutical supply chain, many entities are involved in the manufacture, distribution and dispensing of prescription drugs. As they trade with each other, unscrupulous actors may attempt to infiltrate the supply chain for financial or other reasons. Hence, it is essential to know for patient safety that only trusted and authorized entities touch a drug.
To enforce assurance over pharmaceutical drug distribution from manufacturers all the way to patients, the Drug Supply Chain Security Act was signed into law in 2013. It postulates new requirements to enhance drug distribution security by fall 2023. This is to be achieved by:
- Preventing harmful drugs from entering the supply chain
- Detecting harmful drugs that have entered the supply chain
- Responding rapidly when harmful drugs are found
Aside from product verification, tracing, and serialization requirements, each supply chain actor needs to ensure that their trading partners are authorized. The latter requirement aims to ensure that only trustworthy entities participate in the supply chain. Unscrupulous actors who may try to sneak in fake or tempered products need to be identified swiftly by electronic mechanisms which ensure that only Authorized Trading Partners (ATP) interact with each other.
‘Authorized’ is every trading partner holding a valid state-issued license or a current registration with the Food and Drug Administration (FDA). When trading partners interact, they must check whether the other party is authorized. They are permitted to proceed only if both sides meet the relevant criteria (see figure).
A needed upgrade to product verification processes
To ensure that only legitimate products are in the supply chain, the DSCSA requires trading partners to perform verifications on returned or suspicious products. These product verifications are processed and routed by so called Verification Routing Service (VRS) providers. Spherity’s partners SAP and rfxcel offer such solutions.
“When using VRS initially, we utilized the Global Location Number (GLN) to identify a trading partner. We discovered GLNs that were not active or not associated with the requesting entity. GLNs also do not inform about authorized status. Additionally, we had no proof that the provided GLN actually came from the trading partner. This was a compliance gap we had to close.”
Dave Mason, Supply Chain Compliance and Serialization Lead at Novartis
Spherity’s Credentialing Service is underway to close this gap.
What does Spherity’s Credentialing Service offer?
FDA guidance for enhanced verification expects a trading partner to provide a response to a product verification request within one minute of receipt of the request. As over 60,000 trading partners will be required to send product verifications in accordance with the DSCSA by fall 2023, Spherity has set out to build together with industry partners an electronic, interoperable system.
To provide pharmaceutical supply chain participants a solution to verify previously unknown trading partners, Spherity has introduced the concept of decentralized identity management in combination with verifiable credentials. We have found a trusted partner in Legisym who specializes in identity and license verification services.
“Legisym is thrilled to be working alongside Spherity to bring the first production level ATP credentialing solution to the industry. With the successful completion of the ATP Credentialing Pilot in 2020 and the joint founding of the Open Credentialing Initiative in early 2021, the Spherity-Legisym partnership is already proving successful in collaboration and forward thinking.”
David Kessler, President & Co-Owner at Legisym
To use credentialing for Authorized Trading Partner requirements under DSCSA, trading partners need to go through a one-time due diligence onboarding process with Legisym. Legisym then issues verifiable credentials that represent the authorized status of trading partners. Once issued, verifiable credentials are stored in a secure digital wallet embedded within the Credentialing Service provided by Spherity. The digital wallet is under the control of the respective trading partners and allows each entity to store, present and verify ATP credentials. Using this technology enables trading partners to interact with digital trust, as they can now digitally verify the ATP status effortlessly in every interaction.
Novartis has engaged Spherity’s Credentialing Service and SAP’s Verification Routing Service to respond to product verification requests from indirect and direct trading partners. Both combined services enable Novartis to meet the DSCSA key requirements for Product Verifications and Authorized Trading Partners.
Dave Mason says, “Using the Spherity Credentialing Service in combination with SAP’s VRS, we have an electronic mechanism in place to verify each trading partner. There was no technical integration required to get started. All I had to do was to sign up with Spherity and tell my VRS that I want to use credentialing. I encourage all trading partners under DSCSA to add credentialing to their roadmap for 2023.”
A smooth process for VRS
Information standards organization GS1 has recognized OCI’s credential-based architecture and is working on updating their guidelines regarding the exchange of product verification messages between VRS. This update allows all interacting VRS providers to attach a verifiable presentation of the ATP credential seamlessly to each message that is exchanged between trading partners. For VRS providers, the integration with their customers’ digital wallets is fully API-based.
”As a VRS solution provider, all we had to do was a simple API call to the digital wallet to either retrieve or verify credentials and some small changes to handle the response from the wallet. All in all, this technology allows us to implement the ATP check to the existing — and established — processes without disruption.”
Oliver Nürnberg, Chief Product Owner at SAP Life Sciences
Join the ecosystem to foster interoperability
Legisym and Spherity founded along with other adopters the Open Credentialing Initiative (OCI) in April 2021. This newly formed organization incubates and standardizes the architecture using digital wallets and verifiable credentials for DSCSA compliance with Authorized Trading Partner requirements.
Besides U.S. pharmaceutical manufacturers, wholesalers and dispensers, the OCI is also open for other solution providers integrating the ATP solution. Collaboration within the OCI ensures that all service providers offering an ATP solution are interoperable. Both industry and regulators have recognized interoperability as paramount.
Act now to meet the 2023 deadline
Following successful proof-of-concept and pilot projects, a group of VRS providers, wholesalers and manufacturers under coordination by the OCI has started a testing phase of using ATP credentials in product verification interactions. The entry into production environments is scheduled for Q1 2022. This will leave the industry around 18 months until fall 2023 to adopt credentialing.
Currently, there is no other solution for electronic ATP verification available. Hence, leading trading partners, standard organizations and industry associations emphasize the importance of starting adoption now.
Contact Spherity under atp@spherity.com or visit our website to learn more about the Spherity Credentialing Service.
For more detailed information, download Spherity Credentialing Service Guidebook and peruse the OCI’s proposal for Credential Issuer Conformance Criteria here.
