By now, everyone in the pharmaceutical industry should be thinking about serialisation. November 2017 will be here sooner than we think and, by then, everyone manufacturing drugs in — or exporting medicines to — the United States needs to be ready for the Drug Supply Chain Security Act (DSCSA).
Pharmaceutical companies and other supply chain stakeholders need to prepare, check and provide a variety of compliance data as drug products are shipped, received or analysed by operating facilities. This can create significant technical challenges for compliance systems, which need to not only manage massive amounts of data, but also be ready to respond (at operational speeds) to queries from a diverse set of business systems.
Serialised product return verification under FDA’s DSCSA is one example of an emerging challenge wherein operational processes from one industry stakeholder (the wholesale distributors) can be tightly coupled with the compliance system of another stakeholder (pharmaceutical company).
Whereas current serialisation requirements are limited to marking the unit of sale with a unique data carrier, by 2023 the process will require a product to be traceable through the entirety of its journey — from the individual package through the carton/pallet to its final point of distribution.
Level 3 systems shine when no human interaction in the serialisation or track and trace process is expected
In the United States, the Healthcare Distribution Alliance (HDA) is suggesting that pharmaceutical companies begin to support this level of serialisation, called aggregation, now. Around the world — in Europe and Asia in particular — disparate track and trace practices are incrementally moving toward a global standard that will, undoubtedly and inevitably, be more stringent than today’s differing benchmarks.
In the global pharmaceutical marketplace, serialisation has been an unsettled buzzword for the better part of a decade. Differing mandates, legislative delays and a variety of other factors have coalesced to create confusion and uncertainty regarding precisely what is expected of pharmaceutical manufacturers in terms of securing their supply chains and sharing data both within their own sphere of jurisdiction and beyond.
So how can companies manage this transformation with the greatest degree of success while also minimising business disruption? The key to creating an optimal implementation strategy is to select a serialisation solution that has strong capabilities at all levels of technology. It’s also important to choose a solution that enables multiphase implementation.
International standards
ISA-95.00.01-2010 is an international standard for the development, by global manufacturers, of an automated interface between enterprise and control systems (Levels 3 and 4). It is meant to be applied in all industries and all sorts of processes, such as batch, continuous and repetitive processes. The goals of the standard are to increase uniformity and consistency of interface terminology, and to reduce the effort associated with implementing new product offerings so that enterprise and control systems can easily integrate and smoothly interoperate. Although there are no definitions for serialisation in ISA-95 for objects, attributes, interfaces, etc., the overall architecture and concepts can be applied to designing and implementing serialisation systems.
As defined by ISA-99.01.01, implementation of a Level 3 system above all Level 2 (packaging line) systems is a critical element in securing corporate infrastructure through a conduit and zoning model, whereby a zone is defined as a grouping of logical or physical assets that share common security requirements, and conduits are defined as a logical grouping of communication channels connecting two or more zones. As most serialisation systems are implemented in response to counterfeiting or brand protection programmes, it should seem obvious that following best practice security guidelines would be a basic requirement.
One of the primary goals of Level 3 applications is the provision of critical isolation of automation and production devices from enterprise applications at Level 4. This separation provides
- governance
- network traffic management and security
- system access management and control
- data domain establishment at the site level.
Level 3, in its most basic construct, is an element of an architectural design pattern that does not cover capabilities, functionality, capacity, implementation methodologies or any metrics that could be applied to an application to create some sort of baseline. In simple terms, if you stick a PC with a hard drive at the plant level and make a Windows share or FTP mount point on it, you could technically classify it as a Level 3 architectural system. Simply put, an ISA-95.00.01 Level 3 model only defines its architectural level — but nothing about the functionality of the application itself.
The best approach to uncertainty?
Today’s serialisation solutions must be outfitted to meet tomorrow’s demands — a rolling set of new rules that, though unspecific in their totality, will certainly require more exacting track and trace practices, documentation and data sharing capabilities. A Level 3 serialisation solution that leaves room for these inevitable, near-future must-haves is the keystone to being prepared to meet track and trace challenges for decades to come.
Level 3 systems typically provide a great deal of functionality by processing, organising and storing data received from lower levels within the serialisation topology. Level 3 systems shine when no human interaction in the serialisation or track and trace process is expected, such as when data are forwarded to external partners. Such is the case when a manufacturer, contractor or otherwise sends EPCIS data directly to a distributor.
A comprehensive Level 3 system will provide the manufacturer with all manner of facilities, such as configuration and centralised management, to meet the requirement of automatically sending appropriate data to the distributor. In these types of scenarios, a given serialisation architecture could stop at the Level 3 implementation. However, if you want to go beyond compliance (for the pharma industry) and actually leverage the potential of your serialisation data, you will need a powerful Level 4 solution that offers data analysis and business intelligence applications.
Level 4 systems, by the strictest of definitions, are intended to handle the business-related processes of an organisation (Figure 1). For example, an ERP system would fit squarely in the Level 4 row. However, having just an ERP will only provide a portion of what we need to know and do within a serialisation/track and trace system. Hence the various choices for dedicated Level 4 systems.
Level 4 systems are software products, usually hosted in the cloud, that leverage data from various other systems, including — but not limited to — Level 3 systems. These Level 4 systems, sometimes referred to as Level 5 or Edge systems to distinguish them further, provide a host of functionality including hooks for business processes, such as those found in the GS1 Core Business Vocabulary. This type of in-depth reporting provides a truly discerning look into track and trace concerns such as aggregation, locations and dispositions.
Level 4 systems are designed to provide all parties concerned a way in which to interact with — and, when needed, make adjustments to — items such as dispositions, serial numbers and other aspects of serialisation. Level 4 systems can provide functionality covering anything from basic rework and simple reporting to the ability to adjust serial number ranges, print and reprint labels, manage and monitor OEE, or provide comprehensive reporting about product and batches of products and key performance indicators (KPIs) for senior managers.
The key to selecting a useful Level 4 system is flexibility. This is true of everything in the serialisation/track and trace world. Investigate Level 4 systems in great detail. Ensure your selection is solving problems that you have or can reasonably expect to have. Never select any systems, Level 4 or otherwise, that purport to solve problems that you do not have.