What is a Supply Chain

What is the Drug Supply Chain Security Act (DSCSA)?

The U.S. FDA Drug Supply Chain Security Act, often referred to as DSCSA, is a regulation designed to improve and ensure the safety of the U.S pharmaceutical supply chain. 

Signed into law as part of the Drug Quality and Security Act (DQSA) in November of 2013 by Congress, DSCSA aims to address the dangers of counterfeit, contaminated, stolen, or otherwise harmful drugs. Largely created in response to keeping illicit and counterfeit drugs out of the U.S. drug supply chain and protect public health, the act outlines steps for electronically tracking and tracing prescription drugs at the packaging level. It requires manufacturers, wholesalers, healthcare providers, and pharmacies to maintain and share certain prescription drug data in a secure format that can be transmitted between each of their systems.  

FPO

Impact to the Medical Industry

What is the Impact of DSCSA in the Medical Industry?

Maximizing patient safety by protecting patients from receiving incorrect or harmful drugs is the main driver of the regulation, while also enhancing the security of our country’s drug supply. Additionally, this regulation aims to enable a more seamless flow of data between supply chain partners by ‘marrying’ the physical product with its digital twin. In other words, every product will have a dual state—a digital version, represented by the data encoded in the barcode and the product’s transaction event data, and the physical version of the product with the product identifier data in a human readable format on the label. This will help the pharmaceutical industry with inventory accuracy and create many other operational efficiencies.


DSCSA Compliance

exclamation point graphicImportant: All GS1 Standards and solutions are voluntary, not mandatory. It should be noted that use of the words “must” and “require” relate exclusively to technical recommendations for the proper application of the standards to support the integrity of your implementation.

While meeting the DSCSA requirements will help you comply with the law, it will also improve your relationship with trading partners and help your products seamlessly move through the supply chain.

The entire pharmaceutical supply chain could unlock benefits from the increased visibility brought by these regulatory requirements – but only if every stakeholder carries out their responsibility. Due to the requirement that DSCSA requires the electronic exchange of data in an interoperable manner, without the necessary product information or the ability to receive, verify, or share it, obstacles will be created in the pharmaceutical supply chain that may ultimately lead to a patient's inability to receive the medicine they need when they need it, which can harm their safety.

Enforcement and Penalties

Stated as the “Prohibited Act” in section 206 of the law, not meeting DSCSA requirements can have severe impacts on not only your business, but also patient safety across the country. Failure to meet DSCSA requirements could result in penalties, fines, and suspensions from the U.S. FDA.

DSCSA Serialization and Deadlines 

When signed into law, the DSCSA was given a 10-year implementation timeline. Different milestone dates were set with requirements to help stakeholders prepare in a phased approach.

  • Phase 1 - began in January 2015 for manufacturers, wholesalers, and repackagers – and July 2015 for pharmacy dispensers. Known as the Lot-Level Management phase, this phase required supply chain participants to share chain-of-ownership data for transactions at the lot/batch level.
  • Phase 2 - otherwise known as the Item Serialization phase, began on November 27, 2017 and requires manufacturers to mark all lowest sellable units of prescription drugs and pharmaceutical products.
  • The final implementation phase is starting on November 27, 2023 and is known as the Serialized Item-Level Traceability phase. During this phase, all trading partners must share chain-of-ownership data back to the product’s origin in a serialized way.

DSCSA Guidance for Dispensers

Under the DSCSA, the dispenser’s responsibility is to verify that all incoming receipts meet the applicable regulation requirements.

Working with supply chain leaders, GS1 US® developed the below step-by-step guide to aid you and other dispensers in meeting requirements. For additional details on how to implement GS1 Standards, please review our Implementation Guideline: Applying GS1 Standards for DSCSA and Traceability Release 1.3.

Guidance for Dispensers

A GLN is a globally unique identification number that gives you the ability to know who is involved in transactions and where things are located throughout the supply chain. Having and sharing GLNs with your trading partners will help you manage saleable returns and other requirements of the DSCSA.

info hint graphicHelpful Hint: A GLN may have been enumerated for you by your Group Purchasing Organization (GPO) or wholesaler partner. If they have not, you can set up your own GLN(s) for your corporate and site locations. Review our DSCSA quick start guides to learn how to determine if you have a GLN or how you can get your own.

  • For DSCSA, the PIs are a Global Trade Item Number®, or GTIN®, with the embedded National Drug Code (NDC), Serial Number, Lot/Batch Number, and Expiration Date.
  • Consider how these events will be captured at your Third-Party Logistics providers (3PLs). Work with your 3PLs to arrange for getting the foundational serialized information you need from them to help you assemble the serialized transactional (TI/TS) data you will need.

    info hint graphicHelpful hint: Under the regulation, there are three different types of transactional data:

    Transaction Information (or TI) includes the proprietary or established name/names of the product, the strength and dosage form, the NDCs, the container size, the number of containers, the lot number, the date of the transaction, the date of the shipment (if more than 24 hours after the date of the transaction), the business names and address of the person from whom ownership is being transferred, and the business name and address of the person to whom ownership is being transferred.

    Transaction Statement (or TS) states the partner is authorized, received the product from an entity that is authorized, received the TI and TS from the prior owner of the product, did not knowingly ship a suspect or counterfeit product, had systems and processes in place to comply with verification requirements under section 582, did not knowingly provide false TI data, and did not knowingly alter the TH data.

    Transaction History (or TH) includes the transaction information for each prior transaction going back to the manufacturer of the product and sunsets on November 27, 2023.

  • Engage solution providers for dispensing serialization management.
  • Update standard operating procedures to integrate serialization data quality checks in your receiving processes to ensure physical product and data alignment.
  • At time of receipt, check product identifiers against the Electronic Product Code Information Services (EPCIS) data files received from your supplier and the product’s current status.

    info hint graphicHelpful hint: EPCIS is a data sharing standard that helps provide the “what, when, where, why and how” of products and other asset. The U.S. FDA recommends EPCIS to provide a standard language to express required DSCSA information in an interoperable manner.

  • Collect and record your trading partner’s corporate and site location GLNs in your partner master data.

    info hint graphicHelpful hint: You can utilize tools including GS1 US DataHub or GS1 GEPIR to search and retrieve your trading partner GLNs.

  • Initiate serialized exchange onboarding with each of your trading partners.
  • Identify and establish your communication protocol.
  • Specify the EPCIS endpoints for the trading partner seller and trading partner buyer.
  • Exchange contact information of your trading partner and their serialization solution provider.
  • Exchange serialized EPCIS test file.

 

  • Update standard operating procedures (SOPs) to consider the process for monitoring data exchanges (including map in/map out file failures).
  • For additional products launched and acquired, collect and record the GTINs for package/smallest individual saleable units and higher levels of homogeneous packaging (i.e., bundles, cases) with your trading partners.
  • For additional locations, assign and share GLNs with your trading partners.
  • For new trading partners, collect and record your trading partner’s corporate and site location GLNs in your partner master data.

The GS1 Lightweight Messaging Standard provides a simple, standardized lightweight messaging framework for asking verification questions and receiving actionable information by defining a verification Request message and a corresponding Output Response message. Review our Guideline for Supporting Verification of Product Identifiers for DSCSA to learn more.

  • Understand product identifier verification business scenarios and responses from the product’s manufacturer.
  • Engage a Verification Router Service (VRS) solution provider for help in implementing technical requirements for responding to the verification request.

    info hint graphicHelpful hint: A Verification Router Service (VRS) refers to using a third-party routing system to send product information back and forth between distributors and manufacturers.

  • Work with your VRS solution provider to receive responses and establish SOPs for consideration of the response when evaluating the status of the product.
  • Obtain your Identity and Authorized Trading Partner (ATP) credential.
  • Initiate the process of acquiring verifiable credentials and digital wallet support.
  • Engage your VRS solution provider to present your ATP credentials with your verification responses.
Guidance for Suppliers

DSCSA Guidance for Suppliers

Under DSCSA, Manufacturers, repackagers, and wholesalers are responsible for properly marking products, sharing product information with their trading partners, and helping with verifying the product information when applicable.

Working with supply chain leaders, GS1 US developed the below step-by-step guide to aid you and other suppliers in meeting requirements for DSCSA. For additional details on how to implement GS1 Standards, please review our Implementation Guideline: Applying GS1 Standards for DSCSA and Traceability Release 1.3.

  • Identify and encode your products with appropriate Product Identifiers (PIs) including a Global Trade Item Number, or GTIN, with the embedded National Drug Code (NDC), Serial Number, Lot/Batch Number, and Expiration Date.

    Helpful Hint: You can create a GTIN using your GS1 Company Prefix. Don’t have a GS1 Company Prefix? You can license one corresponding to your FDA labeler code. Remember to assign, assemble, and share the list of your GTINs for your packages.

  • Engage your artwork team and packaging line vendors to implement packaging changes for encoding your products with GS1 identifiers.
  • Before product distribution, assess the barcode quality by engaging in a barcode assessment to ensure scanability and correct population of data fields.
  • Consider building, aggregating, capturing, and maintaining parent-child relationships between different packaging levels of product (Each->Case->Pallet), in your packaging to optimize serialized shipment.
  • Implement a software system that is capable of provisioning, commissioning, and storing serial numbers as well as receiving, reporting, and sending DSCSA data to trading partners in Electronic Product Information Services (EPCIS) format.

    Helpful hint: EPCIS is a data sharing standard that helps provide the “what, when, where, why, and how” of products and other asset. The U.S. FDA recommends EPCIS to provide a standard language to express required DSCSA information in an interoperable manner.

Helpful Hint: Review our DSCSA quick start guides to learn how to determine if you have a GLN or how you can get your own.

  • Consider how these events will be captured at your third-party agents, including your Contract Manufacturing Organization (CMO), Contract Packaging Organization (CPO), or Third-Party Logistics providers (3PLs). Work with them to arrange for getting the foundational serialized information you need to assemble the serialized transaction data you will subsequently need.
  • Aggregation will be necessary to avoid scanning every single unit (child) when shipping a higher-level homogenous unit (parent) as in the situation of a case, bundle, or pallet.
  • Engage solution providers for warehouse and serialization management.
  • Update standard operating procedures to integrate serialization data quality checks in your packaging and distribution processes to ensure physical product and data alignment.
  • During packaging, check commissioned serial numbers with your batch quantity.
  • At the time of shipment, check product identifiers against the EPCIS data files received from your supplier and the product’s current status.

  • Construct EPCIS events to capture and share your TI and TS data using EPCIS.
  • Engage serialized solution providers for implementing your EPCIS serialized exchanges with your trading partners.

  • Collect and record your trading partner’s corporate and site location GLNs in your partner master data.

    Helpful hint: You can utilize tools including GS1 US DataHub or GS1 GEPIR to search and retrieve your trading partner GLNs.

  • Provide a complete list of GTINs down to the lowest saleable unit, which would be included in an EPCIS file.
  • Initiate serialized exchange onboarding with each of your trading partners.
  • Identify and establish your communication protocol.
  • Specify the EPCIS endpoints for the trading partner seller and trading partner buyer.
  • Exchange the contact information of your trading partner and their serialization solution provider.
  • Exchange the serialized EPCIS test file.

  • Update standard operating procedures to consider the process for monitoring data exchanges (including map in/map out file failures).
  • Develop systems and processes to manage and resolve data misalignment/clerical error exceptions (data no product and product/no data scenarios) in a timely fashion.
  • Consider developing a single email point of contact for DSCSA related inquiries (e.g., DSCSA@XYZ.com).
  • For additional products launched and acquired, assign and share the GTINs for package/smallest individual saleable units and higher levels of homogeneous packaging (i.e., bundles, cases) with your trading partners.
  • For additional locations, assign and share GLNs with your trading partners.
  • For new FDA labeler codes, obtain a license for the GS1 Company Prefix for the new FDA labeler code before assigning and sharing GTINs under the new GS1 Company Prefix.
  • For new trading partners, collect and record your trading partner’s corporate and site location GLNs in your partner master data.

Review our Guideline for Supporting Verification of Product Identifiers for DSCSA to learn how to implement the GS1 Lightweight Messaging Standard for a simple, standardized lightweight messaging framework for asking verification questions and receiving actionable information.

  • Understand PI verification business scenarios and technical requirements for responding to verification requests from your direct and indirect trading partners.
  • Engage a Verification Router Service (VRS) solution provider for help in implementing technical requirements for responding to the verification requests.
  • Work with your VRS solution provider to receive responses and establish standard operating procedures for considering the response when evaluating the status of the product.
  • Ensure your GTIN and Connectivity Information is recorded and maintained in a Lookup Directory.
  • Configure your verification responses based on U.S. pharmaceutical business scenarios.
  • Obtain your Identity and Authorized Trading Partner (ATP) credential.
  • Initiate the process of acquiring verifiable credentials and digital wallet support.
  • Engage your VRS solution provider to present your ATP credentials with your verification responses.
  • Update your standard operating procedures to monitor and manage verification response exceptions.

New GLN Lookup Tool Available!

Find basic information on a trading partner’s location identified with a Global Location Number (GLN). Search by GLN, location name, or physical address. With more accurate location data, you can facilitate efficient business practices and help meet healthcare regulations.

Warehouse checklist

Common DSCSA Questions

To help you better understand DSCSA requirements, here are some common questions. For more questions and answers, download our Frequently Asked Questions guide.

Waivers, exceptions, or exemptions may be requested for certain requirements. To learn more about what can be requested and the process, please visit the U.S. FDA website.

DSCSA is not applicable to all drugs in the U.S. Supply Chain; it does not govern nonprescription drugs, animal drugs, blood or blood components intended for transfusion, radioactive drugs or biologic products, imaging drugs, certain intravenous (IV) products, medical gases, certain homeopathic drugs, or compounded drugs

All trading partners, including dispensers who had ownership of the product need to keep that product's data for six years. This includes the Transaction Information (TI) and Transaction Statement (TS) data. Transaction History (TH) sunsets on November 27, 2023.

A GLN is the globally unique GS1 Identification Number that can be used to identify the “Who” and “Where” of product movement transactions. It can be used to identify a legal entity, a functional entity, or a physical location.

If your company already licenses a GS1 Company Prefix, you have access to an entity GLN. If you are a dispenser, a GLN may have been enumerated for you by your Group Purchasing Organization (GPO) or wholesaler partner. Review our quick start guides to learn how to determine if you have a GLN or how you can get your own.

To translate a GLN that was assigned from a GS1 Company Prefix, you will need to follow this specific data structure: urn:epc:id:sgln:CompanyPrefix.LocationReference.Extension

An example of GLN assigned from a GCP with a value of 1234567 for the GCP and the GLN value of 1234567890128, the corresponding EPC URN without GLN extension is as follows: urn:epc:id:sgln:1234567.89012.0

In this example the last digit of 8 is the check digit and when translating the 13 digit GLN into SGLN format, it is dropped.

To translate a single GLN or a GLN enumerated on your behalf, you will need to follow this specific data structure: urn:epc:id:sgln:CompanyPrefixComponent..Extension

An example of single GLN with no GCP and the GLN value of 1200567890128, the corresponding EPC URN without GLN extension is as follows: urn:epc:id:sgln:120056789012..0

In this example the last digit of 8 is the check digit and when translating the 13 digit GLN into SGLN format, it is dropped.


DSCSA Resources

To help you implement the GS1 Standards to meet the requirements of DSCSA, we have worked with industry leaders to develop the below resources.

ResourceWhat It Will Help With
Frequently Asked Questions in Preparing for the U.S. DSCSAAnswering frequently asked questions about identifying, capturing and sharing information to help meet DSCSA requirements.
GS1 US DSCSA Implementation GuidelinesUnderstanding technical requirements for encoding your product with GS1 Identifiers and how to capture GS1 product identifiers when receiving shipments.
Applying Lightweight Messaging Standard for Verification of Product IdentifiersConfiguring PI verification business scenarios and technical requirements for responding to verification requests from your direct and indirect trading partners.
How to Identify your Location for DSCSA RequirementsIdentifying your locations with a Global Location Number to share information related to Transaction Information (TI) and Transaction Statements (TS) and verify product information through a third-party routing system.
GS1 US Implementation Guideline for Pharmaceutical Chain of CustodyCapturing GS1 product identifiers when packing and shipping when working with 3rd party agents (CMOs, CPOs, and 3PLs).
How to Translate a GLN into a SGLNTranslating a GLN into a SGLN if it is enumerated from a GS1 Company Prefix, Individually Licensed GLN, or Assigned by a Group Purchasing Organization (GPO)/Wholesale Distributor. 
Best Practice Guidance for Associating EPCs When There are Multiple Business Transaction TypesShipping objects that belong to two or more business transactions of the same type such as two or more purchase orders or two or more invoices.
Best Practice Guidance for Transition Inventory for November 2023 DSCSA RequirementsPresenting Transition Inventory to outbound shipments with serialized data that was not received at the time of receipt due to the current regulatory requirements at that time.