Focus DSCSA- Business Risks linked to Serialization Mandates

Dave Harty Written by Dave Harty

Change equates to risk. The greater the impact, the higher the level of risk. The Drug Supply Chain Security Act (DSCSA) will require many changes for your business and some of them will be highly complex.

Change equates to risk. The greater the change and the complexity of it the higher the level of risk. The Drug Supply Chain Security Act (DSCSA), like most serialization mandates, includes many changes and some of them are highly complex in nature. In our previous blog post “DSCSA  – The Final Countdown“, we have outlined some milestone dates for the major areas of functionality to be implemented. Now, we can look at some risk factors in each area.

System connectivity and data exchange as risk factors

The first issue that come to notice is systems connectivity. Currently many packaging lines are isolated “closed” systems that are not connected to anything and have very little exposure from a security standpoint. That all changes now that we need to serialize things. At absolute minimum, we need to get the serial numbers off the line level and stored somewhere to report against for the next six years if the FDA requests the data. In many cases, some if not all the serial numbers are coming from a higher-level system: either plant level, enterprise level, or inter-enterprise from our customer’s systems. This level of connectivity requires planning and consideration. The lines can now be a problem that shuts down the enterprise. Equally, if there is a problem on enterprise level it can result in a complete shut-down of the lines.  Learn more on how to tackle systems security  concerns.

DSCSA impact on Standard Operating Procedures (SOPs)

Looking at the changes from a process perspective all the Standard Operating Procedures (SOPs), training documents, etc. will need to be updated. This factor alone has led to the decision of many companies to aggregate ahead of schedule. They try to gain time by training the operators one time on a new SOP and new documentation for the future instead of implementing a non-aggregation solution now and then having to redo all the SOPs, operator training, etc. in 2019.

System availability and mission-critical impact on line-level installations

As you evaluate the inherent risks of serialization programs a greatly overlooked area is in the full lifecycle impact of these programs to your business. This is mission-critical, you cannot sell product without meeting legal requirements and therefore your solution must be available all the time as there is no manual workaround available. We can leverage some well thought out IT concepts here. We need to consider what our RTO and RPO should be. RTO, recovery time objective, can be simply stated as how long will it take to get back up and running once something breaks. Can we take a device off another non-RX line or from some distributor’s on-hand stock and get back up in 2 hours or will we be down for several days? A good example for mission-critical equipment are print-and-verify modules.

The RPO, recovery point objective, can be stated as what point from a data perspective will we recover to. Will the last lot being worked on have to be repackaged as a new lot? Can we finish were we experienced the failure? Many system implementation options will affect this particular question. Make sure you understand the ramification of your design choices in this area as it is too late once something fails to change it.

Serialization affects all aspects of an organization

The amount of resources needed for a serialization and aggregation program across its lifecycle is the most underestimated area of all. Many people will be directly affected to different degrees through the lifespan of the solution. Many of which are not obvious upfront. This can be summed up nicely in the following quote from the IT Director of a Major Global Generics Manufacturer:

“Serialization affects all aspects of an organization, and if you think it doesn’t, you haven’t thought about it enough yet.”

With the right serialization strategy and a solution that is best adapted to your business, you can even turn serialization compliance into opportunities to optimize your supply chain, improve order fulfillment and enhance your marketing.

Dave Harty
Dave Harty

With over 20 years of experience, Dave has held various Software Development, Product Management and Program Management positions. He has implemented serialization systems at a large number of Pharmaceutical Manufacturers and Distributors, Chemical Processing facilities, Automotive and Consumer Products companies for supply chain traceability. At Adents, he holds the position of Vice President, Professional Services, Americas.


Serialization of medicines in Russia: Deadline is officially extended!
Serialization of medicines in Russia: Deadline is officially extended!
Just before New Year, the federal law No. 346344-7 amending Government Decree 1556 "On approval of the Regulations on the system of monitoring the movement of medicines for medical use" was officially signed and published
EU FMD: new FAQ document gives guidance on safety features for medicinal products
EU FMD: new FAQ document gives guidance on safety features for medicinal products
The EU commission has released version 16 of the FAQS related to the EU Falsified Medicines Directive including recommendations on coding requirements and serial number generation.