Implementing Supply-Chain Security

Published on: 
Pharmaceutical Technology, Pharmaceutical Technology-08-02-2014, Volume 37, Issue 8

The US federal Drug Quality and Security Act (DQSA) and more specifically the Drug Supply Chain Security Act (DSCSA), referring to Title II of the law, requires phase-in of requirements to prevent counterfeiting. An expert discusses how companies should be preparing to meet the requirements of the DSCSA.

Counterfeit drugs, which include cancer treatments, lifestyle drugs, and common prescriptions, such as painkillers and antibiotics, are an insidious, global public health threat (1, 2). “Counterfeiters come in where controls are weak and where they can find value,” notes Bill Fletcher, managing partner at Pharma Logic Solutions. “Typically they produce counterfeit drugs and then exit before they are found; we only find out later from investigations. Brand owners, however, need to focus in on this problem now because it can have a huge cost. We’re one situation away from having a real backlash.”

Various packaging technologies, such as tamper-evident closures and authenticity identifiers (e.g., holograms, taggants, security inks), are available to help combat counterfeiting (see sidebar). Packaging alone, however, doesn’t stop counterfeiters, says Fletcher, “Counterfeiters are adept at making authentic-looking packaging. Authentication technologies, such as holograms or marks on the package, are not effective at the consumer level because consumers typically don’t know what the authentic package or medicine should look like or if a change was made by the manufacturer.”

Advertisement

Governments around the world have been stepping up to create legislation and systems designed to protect their drug supply chains. Most of these systems attach a serial number to a package and use a central database to verify that drugs being bought and sold match up. Serialization is already in effect in Turkey, Argentina, and for some drugs in China. In Brazil, new requirements begin in 2016. In the European Union (EU), the Falsified Medicines Directive was instituted to combat counterfeiting through various measures, including a requirement for pack serialization beginning in 2017.  

In the United States, the federal Drug Quality and Security Act (DQSA) and more specifically the Drug Supply Chain Security Act (DSCSA), referring to Title II of the law, was signed into law Nov. 27, 2013 (3). This federal law preempts a California state law, which would have required phase-in of a serialization and pedigree system for pharmaceutical packages in the state beginning in 2015. Under the DSCSA, companies in the supply chain will be required to have transaction records and verify that all trading partners are authorized distributors by Jan. 1, 2015. The law also provides specific requirements to quarantine and investigate suspect product based on packaging lot number or serial number. In June 2014, FDA released draft guidance on identifying and investigating suspect product (4). Serialization of saleable units and cases will be required by Nov. 27, 2017. A full pedigree system, which involves a unit-level track-and-trace system to document whenever a product changes ownership, must be implemented over the next 10 years, by Nov. 27, 2023. Pharmaceutical Technology spoke with Fletcher about how companies should be preparing to meet the requirements of the DSCSA.

Complying with the DSCSAPharmTech: What do drug supply-chain companies need to understand about how the law applies to their activities?

Fletcher: The law defines manufacturer, exclusive distributor, wholesaler, and other supply-chain participants, and companies can fall into multiple categories with different responsibilities under the law. As a company develops a list of requirements and a solution for serialization, these categories should be considered. For example, wholesalers are defined as someone other than the manufacturer, but a company could be a manufacturer for one drug and a wholesaler for another.  There are a number of exemptions under the law for distributors, dispensers, and wholesalers, and companies need to understand what applies to them.

PharmTech: What do companies need to do now to comply with the DSCSA?
Fletcher: Beginning Jan. 1, 2015, companies must verify that all trading partners are authorized distributors of record (ADR). Most companies already have a standard operating procedure for verification, but it may not meet the requirements of the new law. The verification process must include quarantine and investigation of suspect products, which may impact a company’s ability to effectively distribute goods.
Also beginning Jan. 1, 2015, each entity in the supply chain must pass along a document that contains 10 transaction details for each item and packaging-lot number combination, the transaction history of the product, as well as seven statements related to the authenticity of the product (e.g., a statement acknowledging that you have not knowingly shipped suspect product). An exception to the transaction requirement is that the wholesaler, in certain situations, does not have to pass the original transaction history from the manufacturer but can start the history with their own data. All companies must capture, record, and maintain this information for six years, and companies must be able to readily provide data upon request from federal or state officials. Many companies already have transaction data but are not currently storing it in a manner that can be used later. The initial transaction from the manufacturer to the wholesaler is likely to come in the form of an electronic data interchange (EDI), and companies must be sure they are storing this EDI message in a useful way.  

Companies should work now towards building systems that can produce transaction statements and store data for use. The final FDA guidance detailing what the transaction statements should look like may not be released until as late as Nov. 27, 2014, but companies will need to comply by Jan. 1, 2015.

Serialization requirementsPharmTech: What are the serialization requirements under DSCSA?

Fletcher: Serialization requirements will be phased in over several years, depending on where you fit in the supply chain, beginning Nov. 27, 2017. A unique identifier will be required on saleable units and cases. There is an exclusion for products that require a unique device identifier rather than the standardized numeric identifier (SNI) used for drug and biologic products; you need to make sure you understand which category your product falls into. The SNI for serialization under the DSCSA includes the national drug code (NDC), which encodes the manufacturer identity, drug identity, and package configuration into a 10- or 11-digit number. The law requires both a printed human-readable code and a two-dimensional data-matrix symbol containing the NDC and the serial number that can be scanned using a barcode reader. If desired, companies can also include other data, such as lot and expiration date, in the data-matrix symbol. Many companies have decided to follow the GS1 standard, and they are not precluded from this under the law; they can encode the NDC in a GS1 global trade item number. Companies are also looking at identifiers that can be used with other technologies, such as radio-frequency identification (RFID), which are already being used in some cold-chain solutions. Warehousing is often overlooked; companies should consider material handling requirements for serialized goods at the warehouse level.  

Companies are currently focused on these 2015 and 2017 deadlines. This year, they are preparing for transaction statement requirements. In 2015 and 2016, they will build serialization readiness and flush inventory so that by 2017, all inventory will be serialized.

Within the next 10 years, FDA will work toward a true pedigree system, but companies realize that technology is changing too quickly to take action on 2023 requirements today. The way products are identified, perhaps with RFID or near-field tags, might be vastly different in 10 years.

PharmTech: What else should companies consider in developing a serialization solution?
Fletcher: You need to include variability and flexibility into your solution. Laws can change. Companies were focused on upcoming California regulations, for example, then along came new regulations from Turkey, and they had to change their solution. There are variations in how packages are identified or coded around the world. China has unique requirements because it is a non-GS1 standard, and Brazil has a different spin on how they allocate serial numbers. These issues need to be considered during planning for a serialization program, whether you currently trade in these areas or not, because business leaders may decide to trade products there in the future.  Ensuring solutions support all world requirements is possible and has been accomplished by several companies.

Each person needs to align with a strategy so everyone knows what is going on and what their role is. Companies should put together a roadmap and clearly define their requirements specific to their business systems and practices. Each company, for example, has different versions of enterprise software (e.g., SAP), different packaging practices, and different warehouse practices. After defining this plan, a company can decide what vendor will meet their requirements.

Today, companies should establish work streams today for packaging serialization, warehouse handling, distribution and transaction documentation, and suspect product verification.

References
1. World Health Organization, “Medicines: spurious/falsely-labelled/ falsified/counterfeit (SFFC) medicines,” Fact Sheet No. 275, May 2012.  
2. M. Kitamura, “ Fake Antibiotics Feed Growing Worldwide Superbugs Threat,” accessed June 17, 2014.
3. FDA, “Drug Supply Chain Security Act,” accessed June 23, 2014.
4. FDA, “FDA issues draft guidance on identifying suspect drug products in the supply chain,” Press Release, June 10, 2014. PT