Blog
6 MIN READ

Four Steps to DSCSA Stabilization: Plan out your compliance effort for 2024

December 8, 2023
By

Four Steps to DSCSA Stabilization: What does the next year look like?

This week’s “Four Steps to DSCSA Stabilization” webinar included an in-depth panel discussion on major questions surrounding DSCSA compliance in 2024, featuring compliance expert Tish Pahl, LSPedia VP of Services Rose Campasano, and LSPedia CEO Riya Cao. (If you missed the first part, where Pahl reviewed the compliance expectations for pharmaceutical trading partners, read it here, or watch the recorded webinar!) The panel discussion is below (lightly edited).

It’s December 5, 2023, and my business is not receiving EPCIS data. What now?

Riya Cao: First, I’d say you came to the right place! Our earlier survey showed that one in four attendees actually don’t have a system, and about 5% of attendees don’t know. So if you belong to those groups, you should send an email to DSCSA@lspedia.com. You heard from Tish: It is a requirement that you actually have a system. Having a system and then implementing to its full capacity is the main thing to focus on in the next 12 months.

Rose Campasano: Don’t panic. There are still a number of manufacturers that aren’t sending EPCIS yet. If you’re a wholesaler or dispenser and not seeing these events, you will see it this year. What you need to do now is to make sure you’re telling your trading partners that you still need to get the ASNs. The FDA was very clear in saying it understood that you might not be getting the data yet, so you need to be sure you’re at least processing lot-level data. So, as Riya said, come see us!

Tish Pahl: One caution for dispensers in particular: If you’re not receiving EPCIS data, it’s possible that your supplier isn’t – they can’t begin to provide that serialized data until they are receiving it. So, don’t panic, but also, keep up the pressure. Everybody up the supply chain from you needs to know that you need that data to be in compliance.

Why is it so important to have policies and Standard Operating Procedures (SOPs)?

Riya Cao: I get this question a lot. Some companies just don’t expand their SOPs to include DSCSA. In your warehouse operations, in your supplier agreement or customer agreement – there are tons of places where DSCSA clauses are incorporated. Just because you know the operations, maybe YOU can perform compliance operations, have Excel spreadsheets or paper forms, but not every one of your employees know that. The FDA is looking for that consistent outcome every single time – you need policies and SOPs to pass audits successfully.

Rose Campasano: I’ve been in this space for a long time, and I’ve always looked at things from a people, process, and technology standpoint. The SOPs are how you’re going to train your staff today, and how you’re going to keep them trained over time, with understanding of everything Tish told us earlier. When the FDA or auditors come in, they’re going to ask, “How do you know you’re doing this correctly?" and what you want to be able to do is say, “Here! It’s easy. We have this DSCSA policy, we have these SOPs and work instructions, and here’s how we know we’re following them.”

Tish Pahl: The law requires it. That’s really it. The law is very systems- and process-oriented. A trading partner – whether it’s a manufacturer, wholesale distributor, dispensers – must have systems and processes or you are out of compliance.

What should I focus on in the next 12 months?

At this point, the presentation showed off a four-step progression toward full DSCSA compliance to support the conversation:

Go Live With DSCSA System: November 2023 to February 2024

  1. GTINs
  1. GLNs
  1. EPCIS Data Exchange
  1. EPCIS Exceptions Management
  1. Product Verification
  1. ATP and License Validation
  1. Suspect & Illegitimate Product Management & 3911

DSCSA Compliance and Quality Management Systems: March 2024 to May 2024

Complete Step 1, and:

  1. DSCSA Policy
  1. Audit Policy
  1. Supplier SLA DSCSA Clause
  1. Customer SLA DSCSA Clause
  1. Warehouse SOP
  1. Suspect and Illegitimate Product Management

Employees & Trading Partners: June 2024 to August 2024

Complete Step 2, and:  

  1. Employee DSCSA compliance Training
  1. Employee role based DSCSA operations training
  1. Supplier communications
  1. Customer communications

All Data, All Accurate: September 2024 to November 2024

Complete Step 3, and:

  1. 100% Inbound and Outbound Serialization
  1. Transition Inventory
  1. Product WEE – Waivers, Exceptions, and Exemption
  1. Manage exceptions at receiving
  1. Manage exceptions as a sender
  1. 3911 reporting

Riya Cao: Step number one, you need to go live with your DSCSA system. If you’re starting at zero, then getting a system in place is critically important.

Rose Campasano: Your baseline should be that your suppliers are providing you with mandatory data via ASN, so you get the T3 information that you can receive against until you get EPCIS data from them. That’s the business and technical piece of it. And you need to work with your providers to make sure you’re getting master data, which you need to receive DSCSA files. Finally, get your DSCSA policies defined now. If you’re already started, make sure it covers your requirements. If not, come see us; at present, we’re implementing production systems for customers in about 30 days.

Tish Pahl: The key thing to know is that you shouldn’t be waiting. This is hard and complicated, and it’s very nuanced, so you need to be working on it now.

Riya Cao: The first step seems like the goal of trading partners for the last ten years – let’s get a system to go-live. So, congratulations, you’re 25% there! There’s a lot more. Even larger Fortune 10 companies are still working on these steps. The end goal is not one supplier sending you one EPCIS file: it’s all your suppliers sending you 100% EPCIS data, and knowing how to deal with variances. For example, how do you even get the list of exemptions? That’s all part of stabilization. There’s no magic wand, we just have to roll up our sleeves and do it, and we’d love to partner with you to get this done.

I want to add that, from system go-live, it’s a process to get to 100% DSCSA data with your trading partners. That’s why the stabilization period is so important. We want to get you up the ladder, and you need to look at how your operations are changing. When we’re implementing systems, our customers always ask us: Who is doing this? Who is looking at the data? Who is managing exceptions? Also, their trading partners – who do they know in their supplier base that they need to contact? So, there’s definitely a lot of process-related questions that you need to walk through. Partnering with LSPedia gives you that advantage; we’ve done this hundreds of times and we can give you a template. We can show you how to do this, do a gap analysis to show what’s missing in your current process, and if you have questions, we know how to answer them.

Rose Campasano: November 27, 2023 was not just a point in time, but part of the journey – and the journey is how you operate from now on. That’s why it’s important to lay the groundwork for how you’re going to go forward.

How do I know that I’m fully compliant?

Riya Cao: My customers ask me often, how do we get prepared? We feel like we’re good, we’ve been working hard, been onboarding trading partners – but are we ready for an audit? To know if you’re ready for an audit, ask yourself a few simple (or not so simple) questions.

First, take a look at your purchasing. From the get-go, can you pull your purchase orders from your system right away? If you have 3PLs and contract manufacturers, can you pull those purchase orders? When you do, is that supplier an authorized trading partner? Is their license up to date? Do you have an agreement with the supplier; what’s in it, and does it have a DSCSA section, and does that govern both you and the supplier on DSCSA requirements?

From there on, can you produce inventory reports for the items in a purchase order – and can you back up inventory reports with serial numbers? You may not be able to do that now, but going into November 2024, that’s going to be the requirement. If your items are covered by DSCSA, are you getting EPCIS data? Do you have SOPs for receiving DSCSA data? Do you perform reconciliation, where you match the product to data?

Are you notifying your supplier of exceptions and performing quality checks? If there are questions about authenticity, did you verify these products? Can you produce a verification log? Do you have a quarantine SOP for products that fail verification? If you have no verification logs, an auditor may have additional questions.

There’s a lot to think about. If you know you’d have trouble answering these questions or producing these as reports, it’s a good idea to consider improvements to your processes and systems. As you can see, each question leads to another, and if you have an auditor in your facility, this is what they’re going to ask. Again, LSPedia is happy to do a gap analysis – this is what we go through, these are the questions we ask. It’s better if we ask the tough questions and then help you through the process, than if you get them from auditors who will not. With the correct system, though, this is all taken care of in a few clicks. You can attach all the relevant information and click “send.” Otherwise, it’s going to be very difficult.

Cao also provided an example of the question flow that be at work for buying and selling DSCSA products. (Where a topic applies to both buyers and sellers, their differing viewpoints appear in the same sentence, divided by buyer/seller.)

Can I pull a PO that I just received/shipped)?  

  • Do I have a supplier/customer agreement?
  • Does this supplier/customer have a valid license?
  • Do I have accurate inventory reports for the items I purchased/sold?

Receipt/Outbound Exceptions

  • Did I notify the supplier? / Did I receive notice from the customer?
  • Is the order/shipment under quarantine?  
  • Do I have a suspect and Illegitimate product handling SOP?
  • Do I need to correct and resend EPCIS data?

Illegitimate & Suspect Product Handling  

  • Do I have a suspect and Illegitimate product handling SOP?
  • Do I need to investigate suspect and illegitimate products?
  • Do I need to file a 3911? / Should my customer file a 3911?
  • Who should file the 3911? When, and how?

That covers the panel discussion! Our final post on the topic will cover the lengthy Q&A session that closed the webinar.