Beyond The Packaging Line: Recognizing, Meeting, And Benefiting From The End-To-End Requirements Of The DQSA

By Jamie Hintlian, Principal, and Ryan Kelly, Manager, Advisory Services, Ernst & Young LLP

Ryan Kelly, Ernst & Young LLP

Jamie Hintlian,  Ernst & Young LLP

By now, readers of Pharmaceutical Online are likely quite familiar with the requirements of the Drug Quality Security Act (DQSA). Particularly, Title II of the act, the Drug Supply Chain Security Act (DSCSA), which aims to protect consumers by detecting products that could be counterfeit, stolen, or contaminated. The DSCSA, the first US law of its kind requiring authentication using product serial numbers, is also the first time the FDA became active in coordinating supply chain security and operational activities. 

Maintaining safe, secure, and high-performing supply chains requires trading partners to coordinate systems and processes. This coordination will run the gamut, from product commissioning during packaging, to coordination and standardization in data transmission among third-party packagers and third-party logistics providers (3PLs); even to product movement and continued authentication at the distributors where product will be broken down from pallets into cases and units before ultimately being shipped to pharmaceutical dispensaries and pharmacies.

Much of the focus of meeting this federal requirement has been on establishing compliant packaging lines needed to produce serialized product. However, this is merely the first step in a long line of processes in the value chain. The most complex and difficult challenges rest in the necessary systems, processes, and distribution coordination across trading partners needed to maintain the products' supply chain security beyond the packaging line.

Authentication: Consider Incorporating Requirements Into System And Process Designs

The first step in the process, where the industry still has much of its focus, is the production and packaging of serialized product, where a unique serialized numerical identifier (SNI) is affixed to the product. It is at this point when the FDA published its first major DSCSA guidance—the requirement to authenticate product.

While the guidance is still ambiguous, it is clear that it will require manufacturers and trading partners to both initiate and provide notifications to the FDA, investigate issues, and, when applicable, close notifications with the FDA within 24 hours of product being identified as "suspect." Following that, within another 24 hours of that notification, a response about product integrity is required from the original manufacturer that applied the SNI to the product. The DSCSA does not specify mode or systems requirements for how to authenticate. Authentication could come via methods such as email, phone, or fax.

With no formal system capability specified to meet this regulatory requirement, the potential exists that, similar to industry experiences with recalls, a lack of process capability or automation could lead to recall management issues impacting operations throughout the organization. A mass influx of suspect product could cause severe process bottlenecks in processing returns and delays, in processing refunds resulting in backlogs, and impacts to operational continuity and customer dissatisfaction.  Despite no specific requirement for an electronic system, companies would be wise to consider and incorporate these requirements into their process and systems design, as part of their holistic traceability and inquiry response programs.

1. Establish clear business requirements necessary to authenticate product across organizational functions and supply chain partners. Establish clear roles and responsibilities within standard operating procedures, including, but not limited to, packaging, purchasing, warehousing, and distribution; information technology (IT); and within service-level agreements across third-party packagers, 3PLs and reverse logistics providers.
2. Establish clear points and methods of communication within and between supply chain organizations and regulatory authorities. Establish identified methods and points of contact to receive notifications, coordinate data requests, manage investigations, close notifications, and document activities in accordance with GDP standards.
3. Incorporate business requirements and procedures into technical and systems requirements as part of the holistic corporate traceability program. A well-managed and integrated recalls management program may provide a useful template for authentication management.

Prepare For Systems And Integration Challenges Across Supply Chain Partners

Once serialized product is produced with a verifiable SNI that can be authenticated at the packager level, the complexity grows as manufacturers will not only need to coordinate within their own processes and systems, but also integrate with systems across their external manufacturing partners, packaging partners, and 3PLs. This isn't simply about a serialized unit, case, or pallet. Having a clear understanding of both the process and systems, along with documentation requirements, across all supply chain partners is essential.  The multiple 3PLs commonly utilized for packaging, storage, and distribution likely use disparate systems. And each 3PL typically is utilizing different hardware, systems, and system releases in operations where they may be serving multiple customers.

With this complexity, manufacturers and all parties within the supply chain need to be prepared for the necessary personnel, development timelines, projects, and resources required to meet their requirements.  There will be high levels of coordination and testing required to manage and integrate processes, master data, systems, and validations across various business units, organizations, and competing business priorities. This complexity is further magnified across disparate corporate and third-party enterprise resource planning (ERP) systems, line packaging systems, quality systems, logistics/warehouse systems, traceability servers, and the growing cloud solutions space.

Be aware that many of these third parties will also likely incur significant start-up costs and resource support to meet changing regulatory requirements. So while much of the focus in the industry has been on internal and third-party packaging lines, the risk, complexity, and scope of integration requirements among supply chain partners only increase as the product moves further downstream toward the patient.

To integrate and manage systems, data and business processes both within the organization and across supply chain partners, take the following action steps:

1. Establish clear communication of requirements and maintain continuous partner/project oversight, project analysis, and periodic audits, both within the organization and among supply chain partners.
2. Complete comprehensive reviews of systems and technology, both internally and across supply chain partners. Identify gaps and risks to developing comprehensive project plans, testing schedules, and timelines.  Document:
   • Master data
   • Electronic data interchange (EDI)/systems integration requirements
   • Hardware and equipment requirements
3. Complete a periodic review of supply chain partner capabilities to check that the following programs are in place:
   • A comprehensive quality system
   • Continuous quality improvement
   • Resources and technology required to effectively manage supply chain requirements
   • Clear corporate serialization strategy and plan
   • A risk assessment program
   • Storage facilities are licensed and qualified
   • Transportation providers are licensed and qualified
   • Comprehensive employee training and learning management program
   • At-risk product identification and regulatory notification reporting program
4. Review the following with 3PLs, storage providers, and carriers:
   • Understanding of product characteristics and risk profiles
   • Routes and modes of transport
   • Transit times
   • Product audit trail
   • Number of drop-off points in the delivery chain
   • Packaging requirements and labeling requirements
   • Documentation requirements
5. Make sure the project plan accounts for adequate time, consistent personnel, and the financial resources required to establish and execute business requirements, business processes and systems infrastructure, as well as design, build and test solutions and coordinate pilots within intra-supply chain and trading partners.

Understanding The End-To-End Supply Chain Operations Impact 

As already seen in other global markets going live with their own supply chain security requirements (e.g., Turkey and Brazil), traceability in the storage and distribution of pharmaceutical products will present significant challenges and start-up costs. Manufacturer-owned facilities, 3PLs, and distributors will likely need significant updates to storage and distribution facility equipment, hardware, master data, software, EDI and processes to meet the regulatory requirements of the DSCSA, while also maintaining operational processing speed.

Updates are already being made to EDI/data transmission requirements to meet the requirements provided by the wholesalers. As serialized product comes online, there will need to be coordinated inventory control strategies to manage the serialized and non-serialized national drug code (NDC) inventories active in the marketplace, particularly in facilities where serialized and non-serialized inventory of similar NDCs are present.

Processes and data, from receiving to re-labeling, storage, picking, packing, and shipping will all need to be closely considered. Complex facilities with higher levels of material handling equipment (MHE) and automation, such as high-speed conveyor, scan tunnels, and print and apply may require costly and time-consuming updates to distribution systems and MHE to maintain product traceability throughout product handling, sortation, and outbound processing.  Careful consideration should also be given to managing rework during exception handling, as any issues with item master data or unforeseen item changes could cause exponential errors and rework requirements within the operation. 

With this technological and operational impact, there will be greater dependencies on network and systems connectivity. Business continuity risks related to serialization and operational updates to maintain compliance and performance standards should be integrated into corporate risk management and business continuity programs.

Organizations will need to account for their own operational updates as well as that of their third-party partners in their operational and budgetary plans. Third parties may indicate that they have traceability experience, but the requirements on products such as appliances or electronics is quite different. Third parties will likely look to their primary partners, driving this requirement for knowledge, resources and capital to meet the necessary changes to their operation. Careful consideration of capabilities and qualifications also should be given to touch points within sourcing, service-level agreements, and contract management as industry requirements develop.  All of these changing processes and moving parts are certain to require additional capital projects and increased budgets as they increase the project management scope and resource constraints.

To maintain supply continuity and manage the product distribution requirements of the DSCSA across supply chain partners, the following action steps should be taken:

1. Coordinate end-to-end audits of process and technology capabilities across logistics capabilities, both within the organization and at external providers. Develop a comprehensive, end-to-end understanding of the current-state process and technology capabilities, dependencies and risks. Complete gap assessments and develop requirements to meet both regulatory and business requirements.
2. Identify budgetary requirements and capital required to meet compliance and business requirements for intra-organization operations and external providers, including:
   • Hardware and equipment requirements
   • Network infrastructure
   • IT systems and infrastructure
   • Material handling equipment capabilities
3. Put inventory process and change management strategies in place to manage and adapt to evolving regulatory requirements.
4. With increased dependencies on equipment and technology, particularly in highly-automated environments, conduct process, and scenario audits to update and certify that organizational risk mitigation and disaster recovery plans are established within the organization and at supply chain partners.
5. Document and validate communication and coordination of necessary serialization capabilities to help suppliers meet necessary qualifications, service-level agreements, and contract management.

Turning Challenges Into Opportunities

Adequately preparing your organization and partners must be a high priority, and the challenges in getting it right are very important. Nevertheless, these changes provide a benefit to the consumer, patient and industry alike, with opportunities for business and process improvement to deliver value far beyond compliance. On top of the obvious benefits to patient security, brand protection, regulatory visibility, adverse event management, and the reduction in lost revenue due to counterfeit, diversion and fraud, there are many additional benefits and operational opportunities to consider that could be obtained through robust traceability programs. Even prior to any aggregation requirements, there will be a large increase in valuable supply chain data and opportunities for analytics and improved operational efficiencies throughout the entire pharmaceutical value chain:

• A comprehensive serialization program will provide inventory transparency. Real-time data from production through distribution, integrated into ERP, supply chain, and quality systems will provide enhanced reporting and visibility to improve operational efficiencies and get the right product get to the right customer at the right time.

• Integration to ERP and order management systems will provide visibility to specific product sales prices and associated returns, providing financial benefit through improved return and recall processes. Recognizing returned product at its actual sales price improves the effectiveness of refunds, rebates, charge-backs, and customer contract management.

• Integrating serialization into clinical trials will increase inventory visibility during product pre-approval, supporting improved management of clinical trials. This improved supply management can prevent stock outs and delays, and potentially reduce the time required for trial completion, increasing speed to market.

• Product serialization labeling and data can improve patient adherence and product performance when used as a standard of care. The ability to scan the barcode with a smart phone can enable further integration with the patient, from reminders to take the product to alerting patients of potential quality issues.
• Companies developing global traceability programs can use this opportunity to improve the performance of their operating model to recognize both operational efficiencies while also potentially allowing for restructuring and more advantageous transfer pricing. This will provide the capability to recognize more effective tax benefits that lower a company's effective tax rate.

The views expressed herein are those of the authors and do not necessarily reflect the views of Ernst & Young LLP.