Takeaways from the webinar — The Implementers Guide: PDG Blueprint on Credentialing
The PDG Blueprint is a functional design recommendation for the pharmaceutical industry to meet DSCSA compliance. But what does it mean for my DSCSA project? That’s what Georg Jürgens, Spherity, and David Kessler, Legisym, discussed in our co-hosted webinar.
As co-chairs of the Open Credentialing Initiative’s Steering Committee, Georg and David explained the PDG Blueprint chapter “Credentialing and User Authentication” and demonstrated how using OCI-specified credentials can positively impact a trading partner’s DSCSA project. They also shared their practical experience and knowledge acquired over the years to solve the challenge for Trading Partners to authenticate and authorize their counterparties in DSCSA-related Product Verifications.
We’ve put together a few key takeaways from the webinar.
#1: A network of systems requires interoperability.
Each participant in the supply chain has the choice between a multitude of systems and solution providers. These must be able to communicate with each other to meet DSCSA requirements. We need to ensure that all the participants are interoperable with each other, from pharmacies to manufacturers to protect healthcare supply chain security. This is why PDG collaborated with various stakeholders on the ‘Foundational Blueprint for DSCSA 2023 Interoperability’ to address TI/TS data exchange, product verification and tracing, authorized trading partner authentication and other key DSCSA requirements.
#2: Credentialing as a security and authentication layer in electronic interactions.
While GLNs are re-usable enterprise identifiers, they are publicly available and, thus, cannot sufficiently identify trading partners in electronic interactions on their own, nor do they prove “authorized” status. That’s where OCI-aligned credentialing comes into play and closes the compliance gap. Credentialing adds a layer of security without changing current standards and provides digital evidence of who the interacting trading partner is and that they have the proper license or registration to be considered an Authorized Trading Partner (ATP) as defined by DSCSA.
#3: Compliance decision: Automated or manual ATP checks?
If you opt for manual checks, you should understand that these are not compatible with VRS-based interactions. That means, the response can’t go back through the VRS process and turns into a manual process for both sides, requiring emails, phone calls, or other methods to facilitate the line of questioning: Who is the Trading Partner? Is the Trading Partner authorized? Is it really the Trading Partner who’s interacting with me at this very moment? It can turn into a very labor-intensive method. In contrast, if you have a credentialing process in place, the verification happens within far less than a minute. The decision to choose between these compliance options is up to each trading partner.
If you made it this far and would like to get more guidance on OCI-specified credentials in the context of DSCSA, you might want to watch the webinar recording for more insights.
If you’re curious to see how the OCI-aligned credentialing works in action, get access to our demo now!
Further reading
If you’re already familiar with the Open Credentialing Initiative (OCI), Verification Router Services (VRS), PDG Blueprint, Spherity, or Legisym, this article is valuable for you to learn more about ATP checks.
