In November 2023, the Drug Supply Chain Security Act (DSCSA) entered a new phase, focusing on system capabilities ensuring interoperable, electronic tracing of pharmaceutical products at the package level. These new tracing requirements ensure that supply chain partners will not receive or supply pharmaceutical products without first receiving the matching serialized compliance data in the standard EPCIS (a GS1 standard) format.  

As the main regulatory body for the pharmaceutical supply chain in the U.S., the FDA published guidance documents in August 2023 and September 2023 aiming to help clarify the DSCSA regulations and provide industry recommendations to trading partners, including manufacturers, wholesale distributors, dispensers, and repackagers.  

With a particular focus on clarifying drug distribution security, the FDA covered key system attributes and physical security features, the use of aggregation and inference, and the best data architecture models to allow for the handling of aggregation errors and other discrepancies. Below, we break down those areas in detail: 

System Attributes and Physical Security Features 

The FDA defines system attributes as “properties or capabilities that promote enhanced drug distribution security.” These attributes should aim to securely and electronically exchange transaction information (TI) and transaction statements (TS) between trade partners, enable verification of products at the package level, and allow for prompt response to FDA or other regulatory bodies’ requests for information related to recalls and investigations, within one business day.  

Additionally, in cases where pharmaceutical companies accept saleable product returns, appropriate systems and processes should be in place to verify any returns, including association with the applicable TI and TS. The FDA also recommends the use of physical security features such as tamper-evident tape and physical-chemical identifiers (PCIDs) to further ensure the safety and security of product as it makes its way to patients. 

Data Aggregation 

Aggregation is already an essential part of many trading partners’ systems and processes, as it allows for relationship-building between higher and lower levels of packaging in a parent-child grouping. The FDA supports the use of data aggregation for the secure and efficient exchange of data between partners’ systems as product makes its way through the supply chain. Use of aggregation also allows for the utilization of inference to associate information regarding lower levels of packaging to the next level of packaging. This expedites the processes for the physical handling, for example, of both cases/shippers and pallets. However, the FDA only recommends the use of inference when the integrity of the shipping unit is intact (i.e., any physical security features have not been altered) to ensure the safety of the drug product and to avoid subsequent sales of suspect or illegitimate product. 

Data Architecture Models 

While there are three main data architecture models that meet the FDA’s requirements on data governance, the use of a distributed or semi-distributed model is recommended, as both allow each partner to maintain control over their own data while also allowing for prompt data retrieval upon request by a regulatory body. The FDA reiterates that the deployment of systems and processes to meet these requirements isn’t a simple task and has provided recommendations on the best practices for handling aggregation errors and other discrepancies that are sent between trading partners. There’s guidance to help set standards for the timing and method for resolution of discrepancies or clerical errors. Additionally, the FDA reiterates again its strong recommendation for the use of EPCIS in data capture and exchange as it complies with DSCSA requirements while still allowing flexibility and compatibility with various technologies pharmaceutical companies employ.  

Preparing for DSCSA 

Working within the DSCSA regulations has specific legal requirements clarified by the FDA in this subsequent guidance, and there’s ongoing clarity and industry agreement on how to meet the requirements and traverse the technical details. If your organization needs assistance with employing solutions to DSCSA requirements, our team of serialization experts are here to help. 

Contributions from Zachary Fisher