Wednesday, March 27, 2024

It's time to get honest about VRS (in its current form)


The recent events-   a large volume of verification requests were sent out originating from a GLN that doesn’t resolve to a known entity (Per GS1’s ‘Verified by GS1’) nor provided any other identifiable means to determine who the requestor was- not even a company name was provided.  

The compliance gap centers on the DSCSA requirement that entities are to only respond to verification requests from ‘authorized’ partners.   Here are the relevant clauses

For companies who DON’T have VRS they may have received these verification requests via email or other means- which allowed them to (hopefully) act per SOPs and NOT respond as there was no feasible way to ensure the requestor’s ‘authorized’ status as required by DSCSA.

For companies who DO have VRS, most (if not all) automatically responded to the requests- Putting them directly out of compliance with DSCSA for the reasons noted above.

Again you read that correctly-  companies who received these requests and DIDN’T have VRS had more control to ensure their compliance with DSCSA compared to companies who DID have VRS.

What the recent experiences highlight is the lack of control within the VRS framework and within VRS vendor solutions to guarantee that responses are returned to ‘authorized’ requestors .   In this situation an organization simply had access to a VRS interface and was able to enter serial numbers which triggered the requests. Even worse is the current understanding is that this organization didn’t even have physical possession of the items.    Thank goodness it doesn’t appear this was a ‘rogue’ organization or bad actor- but what’s stopping that from happening in the future?   

Having access to a ‘system’ that can tell me what serial numbers are legitimate and which are not is a counterfeiters utopia and undermines the entire concept of VRS and DSCSA

“…But Scott credentialing solves all of this”   Eh not so fast-   Credentialing ‘could’ solve all of this … but only if credentialing becomes a requirement across the whole industry- which is a pipedream unless congress wants to amend that into DSCSA.

I’ve covered this topic before- we can’t even get every entity to pay $30 for a GLN, there is no chance that every entity goes out and gets credentials unless they are forced to.   Until then- credentialing has limited benefit.     If I’m a manufacturer and could flip a switch in my VRS solution that says only respond to credentialed requests- I’d be blocking nearly every verification request that comes in.  Which brings us back full circle to my original statement-  Why even have VRS enabled at this point?

Make no mistake- I’m the technology guy.  I’m the one harping that the only way serialization/traceability works in pharma is if we build and implement better technology compared to what we have today.  I’m not saying automated verification requests should go away-  we just have to find a way that actually benefits the industry and not just solution provider’s checkbooks.

Put VRS in its current form out to pasture, go back to the drawing board and realize that automated verifications is just another use case that requires true collaboration networks to be implemented in this space.

Thursday, October 5, 2023

The email every company should send to their serialization vendor today

[Serialization Vendor]-

We are planning out serialization activities for 2024 and had a few questions to help us put some estimates in place.  Appreciate your help.

  1. What is [vendor]’s involvement in ongoing initiatives to improve interoperability across the industry- such as the NABP Pulse partner program?
  2. We are hoping to automate serialization testing activities where possible so that we can reduce our dependency on partners being involved (in every case) and/or having to manually create test data ourselves.   What options can you provide for automating testing activities?
  3. Per the recent EDDS Guidance, the FDA recommends trading partners have reconciliation processes to ensure T2 data matches physical shipments. To facilitate reconciliations, we would like to know how we can systematically access the T2s which are generated in [vendor].  We assume there must be APIs or an SFTP site where we can access our T2s.

Thank you again.  The above will be very helpful in planning out our strategic initiatives for next year.

Monday, September 11, 2023

Jennason DSCSA Trading Partner Directory

Jennason is releasing the DSCSA Trading Partner directory to alleviate the inefficient processes currently required to exchange basic trading partner information as part of establishing DSCSA connectivity.

The Trading Partner Directory is accessible to all users and relies on voluntarily submitted information from industry entities (Manufacturers, wholesalers, dispensers).

The directory allows users to search by partner name, GLN or address and returns trading partner information including name, GLN, address and location type (Sold From, Sold To, Ship From, Ship To).

When information is submitted by an entity it is reviewed by Jennason and requires a secondary verification from the submitting organization before being viewable in the directory.   All verified information is indicated by a green icon.

If you are interested in submitting your entity’s details to the directory please visit and complete the brief survey.

Once your information is published in the directory, all future location master data requests from partner's can be directed to your dedicated repository URL which provides an exportable report of your location master data records.

Jennason is currently gathering a baseline of trading partner information and plans to release the directory to the public no later than September 22.

To learn more about the importance of a centralized DSCSA Trading Partner directory listen to Episode 4 of the 'Saying The Quiet Things Out Loud' Podcast  (Minute 32:40)

Please direct any questions regarding the DSCSA Trading Partner Directory to

Thank you for your collaboration.  With your support we can help close this simple, yet significantly impactful gap in DSCSA interoperability.

Monday, August 7, 2023

"Saying The Quiet Things Out Loud" Episode 1: A New Approach, In More Ways Than One Full Transcript


Listen to the "Saying the Quiet Things Out Loud" Podcast:" Episode 1


Hi everyone, this is Scott Pugh, principal of Jennason, LLC. I'm excited today to welcome everybody to the first official installment of the “Saying the Quiet Things Out Loud” podcast.

I'm calling this a podcast, but I will say upfront that what I hope to do through this audio approach is really a continuation of what I've done for many years through my writings and other posts on my blog at and other channels such as LinkedIn, which is to focus on the pharmaceutical serialization space, but more importantly, use this as a platform to bring attention to specific topics and areas that I feel are not really getting enough attention, yet are often things that can lead to challenges, risks, issues that companies might encounter as we're all marching towards compliance, whether it be with DSCSA or other regulations.

So, I look forward to using this platform to further discussions and conversations in those areas. I hope this is a much more interactive way to connect with people in the industry. I certainly encourage everyone to provide feedback and comments. Again, my goal at the end of the day is to make sure that everybody is being educated with good information. I think it's something that's long been a challenge in this space. A lot of times what you might gather from conferences, from marketing materials and other advertisements, can paint quite a different picture than if you're actually in the depths of going through these implementations, understanding the systems and the processes and just the general capabilities that are being put in place.

I'm going to try to keep these segments rather short just so everyone doesn't need to set aside thirty minutes or an hour to listen to an episode. Hopefully we'll try to keep them more towards five or ten minutes or so. And again, each one will really focus on a specific issue.

Today in particular, I want to focus on the topic that's at the top of most people's minds, which are these recent letters that have come out from a variety of groups addressed to the FDA in regards to the upcoming November DSCSA deadline.

We've had at least three of these letters in the past few weeks. We had a letter from the HDA. We had a letter from the NABP and then we had a letter from a group of House Representatives. Again, all of these letters addressed to the FDA, and all of them, I would say, basically had the common theme of asking the FDA for more time to ensure that the industry would be ready to meet the requirements that are set to go into effect this November.

What I really want to focus on today, though, is not to dive into each of these letters and dissect the finer points of what they were proposing and highlighting some of the challenges that the industry has faced up to this point. But I really want to use these letters as the backdrop or foundation for what I think should be the critical questions that we as an industry should be asking at this stage of our DSCSA and serialization compliance journey. Because I think, right off the top, the fact that there's significant efforts and proposals being pushed towards the FDA that all revolve around asking for more time, I think nobody's going to disagree with that, right? I think anybody who's in this space is very aware that the industry has a long way to go before we could say that the full industry is truly ready to comply with DSCSA.

And I think it is important to highlight that the responsibility (of being ready) across the industry really is spread across all segments. There are many manufacturers that are not ready. There are many wholesale distributors that are not ready. There are many dispensers that are not ready. And the nature of DSCSA being a regulation that sits over a supply chain inherently requires that all segments and all entities within those segments are ready to comply, right? You have one link in the chain, so to speak, that's not ready, and it basically breaks down for everybody else in that chain.

So, I think that is an important thing to highlight. And I say that somewhat specifically because having read primarily the HDA letter, sometimes you read the HDA letter and you might come away thinking, man, this seems like it's all manufacturers' fault, right? Seems like wholesale distributors are ready to go, but manufacturers have really been dragging their feet. And again, there are plenty of manufacturers that are not ready. But at the same time, there are just as many, if not more distributors and dispensers, that are also not ready. So, this is equally shared across all the segments.

My main focus as I read all of these letters was really on what I didn't see. What I didn't see in terms of the questions being raised or the proposals being put forward. Because in my position, I think the thing that we all should be pushing for is if we're going to go to the FDA and collectively say, “hey, the industry needs more time”, which again, I don't think anybody's going to disagree with, then what are we to do with that additional time that's given to us?

And I think this is where I really start to differ a bit from what we see generally having been put forward in the letters thus far. Because in my opinion, the answer to that question is we shouldn't be asking for more time to simply do the same thing we've been doing for the past 10 years at this point.

The way I like to describe it is if I were to have the opportunity to basically sit and down with a blank piece of paper in front of me and be tasked with designing the most efficient, most cost-effective way to facilitate interoperability between supply chain entities, in this case to support product traceability, I'm confident, I'm extremely confident that myself and most people especially those who have been involved in this space, but I think even people who have been outside the space, but at least understand supply chains, I don't think anybody would draw a picture that anywhere resembles what we've, as an industry, have tried to put in place today.

These efforts, especially over the past, let's call it, a year, 18 months, maybe two years, where many in the industry have been going off to establish all of these connections between all of their trading partners. There is no possible way that is the best way for us to go about this. I recognize on one hand, as an industry, we have to leverage the capabilities and the systems that are available to us. And for that reason, we maybe didn't have many other choices or options, but to go down this path of establishing point-to-point connections to each other. But I think if we've reached this kind of stage that we're at now, which is where we are all desperately looking to have the FDA take action to essentially provide us with more time, then the first question we should all be asking is, are we even going about this the right way? Are we even on the right path?

That's really what I'm going to be interested to watch and look for as these discussions progress forward. And it could be discussions that come about because of the letters that have been authored or undoubtedly, there's going to be additional letters coming from other organizations and other key members within the supply chain. What I'm going to be looking for is, as part of those future proposals, does it not just ask for more time, but does it recommend an approach that says as a first thing we should do once you give us more time is we should all take a step back and just determine and evaluate have we really been going about this the right way.

I do think it's important to clarify that when I say and when I give my opinion that I don't believe the industry has gone about this the right way for many reasons, that's not the same as saying I think we should all basically start from scratch again, right? That's not me saying that people should be ripping out packaging equipment systems, other serialization systems. That's not at all what is going to feasibly or realistically or should be done in this case. I think that there has been significant learnings and maturing and evolving of systems and processes related to serialization from the packaging line level through site level. Basically, everything that we've been focusing on for the past 10 years, which is managing serialization within the four walls.

I think it's once you get outside the four walls that we've completely missed the boat. Again, going back to this approach that we've adopted of creating all these connections to our partners. There's no possible way that is the best and correct way and right way to go about this. And I think unfortunately, and sort of going back to an earlier point I made I think this is also one of the prime areas where there is a complete misperception across the industry around this notion of connecting partners and how that's actually done and the different systems and capabilities that are out there to do that.

To be very, very clear, right, regardless of what any marketing material or any presentation you might hear at a conference, we don't have today in the pharma industry, the concept or something that would represent the concept of what I consider to be a true network. And probably the better term is really a true collaboration network. We have a lot of different players that are trying to position themselves as such. But the reality is we do not have that kind of capability in its truest sense in any way, shape, or form across the industry.

That would be the first place I would be recommending an evaluation, a sort of a reflection to start, right? If we are going to be granted more time from the FDA, why don't we take a step back and really say to ourselves, look, there's got to be a better way to facilitate these exchanges of data between all these entities. Because what we have today, it's just it's not there and it's not working, right? It's not a feasible, scalable, efficient, cost-effective approach to essentially put in the foundation- which is the critical foundation to really be able to achieve true end-to-end supply chain traceability.

So again, I'm really going to be interested to look for groups that take that sort of mindset, maybe make similar proposals that as part of asking for more time, we think the first step needs to be to really do that self-reflection, that self-evaluation as an industry to determine are we even on the right path.

I don't think we can ignore the fact that there's been some pretty major pharmaceutical entities, manufacturers to be specific, that have done exactly that over the past couple of years, where they basically said, look, we've been serializing now for a long time. Let's take all of this information, all of this learning, all of this experience that we've had over that time and really make some decisions about what is going to be the best way for us to move forward.  It's been widely known, you've seen some pretty significant changes be made, some of the major manufacturers across the industry in terms of how they are approaching serialization. So, if we have the major players in the industry doing that kind of reflection and coming to the conclusion that, yeah, we needed to make some changes, why wouldn't we do that same kind of activity as an industry as a whole? It just seems like logical sense.

It would be very challenging to eventually get to a place where we've asked the FDA for more time and the end result is we continue down the same path as we have been because again, my opinion, all that's going to do is we're going to get a year or two years from now, however much additional time is granted, and we're going to basically be in the same spot as we are today. We might have more companies that are “ready”, right? They've established their connections. But that's not going to have addressed the underlying concerns and issues that are already present as people have started to create these connections, right? Which are things like the quality of data is just absolutely terrible, right? The data integrity issues across the industry are extreme, to say the least. And those types of things don't just magically go away just because everyone is now “ready”. In fact, those types of issues only get more magnified as more and more people are connected and as more and more of these data exchanges start to occur. And most importantly, more and more people actually start paying attention to that data that's being exchanged. That is by far the biggest difference of what we are just now starting to enter versus really what we've had for the past 10 years. which is we did all of the work to physically serialize the goods. We did all the work to capture that information within our four walls. But at the end of the day, because the regulations up to this point have never required us to ensure that data has to be 100% correct when I now ship product to my next supply chain partner, if there ever were issues found in the data, nine times out of ten, that product is still going out the door. Right? That product, that shipment is not going to be stopped up to this point because of a serialization data issue. Post November or whenever this final milestone of DSCSA goes into effects, again, if the industry follows the regulations and if the FDA enforces the regulations, we don't have that luxury of allowing data to be incorrect, yet still allowing that product to flow in the supply chain.

And so, it's really only going to be at that point when people actually have to start paying attention and caring about this serialization data that many, many companies are going to realize, Oh my goodness, this data by and large has been wrong for a long time. That's going to be the reality for a lot of people. And that's not a prediction of what I think is going to happen. It's because that's already happening today, right? The data exchanges you see today, being just flat out wrong, information being incorrect, whether it's master data, whether it's other associated data, things being formatted incorrectly, I mean, all of these types of things- But the end result is it can lead to a data exchange either not occurring or occurring but not being correct, which again, if we all follow the law, means that product should stop at that point. That's the big concern that I have that again has nothing to do with the readiness of people being connected, but simply paying attention, even if you're one of those companies who are already connected to your partners, really starting to pay attention to the data that you're receiving or sending, whatever it might be, depending on your function. Because that's going to be the real fundamental challenges that will lead to disruptions, which can lead to drug shortages.

And which is again, the big reason why I think the very first step we should all do as an industry if we are given more time is to really do that self-reflection and try to come up with what has to be the much better way to go about enabling interoperability across the industry.

It's a fascinating topic- obviously it's going to be a topic that's clearly something top of mind for all of us, even over the next weeks and months. I'm interested to see what kind of response comes from the FDA. Clearly there will have to be a response of some sort at some point. And so, there's not going to be any shortage of topics for us to continue to dive into. And that's really why I wanted to start this podcast, if you will, because I think it's just going to be a lot of topics that I'm going to definitely want to provide my opinions, my advice, my guidance, my recommendations out to the industry, and hopefully this more audio approach will allow me to do that in an efficient manner and really get, what I think are, some key points out there to the industry as fast as possible. So, again, I appreciate everyone for listening. I look forward to taking this ride with everyone, and we'll catch you in the next episode. Thank you.

Monday, June 12, 2023

The Current State of Testing for DSCSA 2023

Next DSCSA 2023 Observation-   The resource crunch is officially on.   

A clear impact this is having on ongoing connectivity efforts- availability and support for testing

Specific observations:

  • Vendors/partners foregoing testing all together and focus instead on monitoring initial data exchanges in production
  • Resource availability across all parties (manufacturers, vendors, CMOs, 3PLs) is extremely limited or non-existent.  This is especially apparent within the 3PL segment which is critical for most manufacturers to perform DSCSA T2 data exchange with customers

The risks:

  • I understand the intention of foregoing testing- typically in scenarios where the sending and receiving vendor systems have already connected previously.    This *should* be acceptable from a technical point of view- but what gets missed completely is the range of functional testing that is needed- especially that which focuses on the exception scenarios which will be the greatest cause of supply chain distribution post November.    Manufacturers, wholesalers, dispensers are creating their own problems if they accept to forego testing.
  • We recently saw how much of a disaster master data is.  Now we are looking at the full scope of data included in these exchanges- master data, transactional data and serialization data.  The latter of which is exponentially more complex than master data-  I, for one, have no belief this is all going to magically ‘work’ without testing.   

What to do:

  • Common theme-  don’t rely solely on your vendor saying everything with partner connectivity is good because a single test was run that shows a technical exchange was completed.  This nonsense that you can ‘flip a switch’ on connectivity simply doesn’t exist.   Moreover, “my vendor told me so” isn’t going to hold up when you’re explaining to your CXO why a shipment is stopped or when an auditor asks you to demonstrate ‘control’ of your GxP serialization system.
  • Test-  Currently there are too many barriers for companies to execute efficient testing because too many companies have put themselves in a position where they are wholly reliant on their partners/vendors.  For example, some 3PLs are now quoting anywhere from 2 to 10 weeks for testing support and charging thousands of dollars per test.  That simply isn’t sustainable for now until November.   You have to be able to perform testing yourself- even without support from partners.    
  • The Jennason Serialization Test Tool ( is the only solution in the industry that allows you to simulate the interactions of your partners and allows you to perform testing without reliance on vendors or partners.   For example, you can simulate outbound shipment messages from your 3PL which in turn triggers the serialized T2 to customers. All EPCIS varieties used by the major 3PLs (Eversana, ICS, McKesson 3PL/rXCrossroads, Cardinal 3PL, etc.) are supported in the tool.   

Of all the implementation phases, testing is NOT the one to try hitting the ‘easy button’.   When you don’t test, you have no excuses when issues start to occur.  Put yourself in a position to be able to do SOMETHING which is always better than doing NOTHING.

Sunday, December 4, 2022

Data Integrity and DSCSA

November 2023 marks the final implementation milestone of the Drug Supply Chain Security Act.  This final phase of DSCSA represents, arguably, the most complex aspects of the regulation- requiring the end-to-end traceability of serialized items from manufacturer through to dispenser.  

Central to ensuring the industry can meet these requirements is the ability to capture traceability data and exchange between partners as product moves through the supply chain.  This same data is also the foundation for verification processes which help the industry root out illegally diverted and counterfeit products.

Effectively then- with the implementation of DSCSA 2023- serialization and traceability data becomes as important as the physical items themselves to ensuring uninterrupted product flow and a secure supply chain. And that level of importance places a significant emphasis on ensuring data is accurate and availability- a concept the FDA refers to as data integrity.

Even putting the criticality of DSCSA data aside for a moment, the FDA has made its position on data integrity explicitly clear with the release of the ‘Data Integrity and Compliance in Drug CGMP’ guidance in 2018.  The guidance defines the ALCOA principle which requires data be “attributable, legible, contemporaneously recorded, original or true copy and accurate.” (We’ll come back to this)

In the past week we crossed a major milestone in the industry’s march towards DSCSA’s November 2023 deadline- we are officially under one year to go.  The final chapter in a 10+ year journey to build out serialization capabilities across the industry.  Understanding the importance of data, a casual observer outside of pharma would reasonably assume the industry, by this point, has expended significant resources on systems and processes to ensure the ‘ALCOA’ of DSCSA data.  Certainly the industry wants to avoid the scenario where perfectly legitimate product can’t reach patients because data is not accurate or data can’t be exchanged.   Seems like a no-brainer, right?

So how is it then, with less than 365 days to go (255 working days for those keeping track) that I can write a blog post about a data integrity issue that is so fundamental it affects most (possibly all?) customers using the supposed ‘leading’ DSCSA serialization L4/L5 system?   A data integrity issue so basic that it raises the potential of supply chain disruption and exposes impacted customers to a clear audit risk under the FDA’s 2018 guidance.

So what is the issue?  When processing critical traceability events- specifically shipping and receiving events- the aforementioned system is setting the event date/time equal to when the data was processed rather than the actual date/time of when the event happened.  In other words, this system is changing your DSCSA data based on an activity (processing in their system) that has no correlation to when the actual supply chain event happened- meaning 100% of your impacted shipping and receiving events are wrong.

Here’s an example:   Your 3PL ships a serialized order to your customer on June 4.  The 3PL sends you a data file which correctly indicates the shipment went out on June 4.      Due to [enter any one of a million reasons here] the data is received and processed in your system on June 5.  Astoundingly, your serialization system now reflects the shipment occurred on June 5. 

But Scott it’s only a day off- who cares?  If you’re focusing on how inaccurate the data is, rather than why the data is inaccurate then you’re missing the point.  A serialization system does not get to arbitrarily choose the date/time when an event happens.  It must record the date/time as provided by the source system.  Otherwise it not only fails the ‘Accurate’ principle of FDA's guidance but it also fails any measure of being a validated system and subsequently fails one of the most basic operations of any serialization system.  Moreover, the system further propagates the issue by including the incorrect date/times in data exchanges with partners which, in turn, diminishes the validity and effectiveness of DSCSA verification processes which so vitaly rely on this data.  In short, this fundamental data integrity issue endangers the core aspects of DSCSA and a flaw such as this immediately calls into question the integrity of all other data managed within the system.  

Since identifying this current issue I’ve struggled to decide which scenario is worse:

  • That an issue of this nature is truly just being discovered now- when hundreds of companies have been using the system, in most cases, for multiple years


  • That the issue has been known for some period of time, hasn’t yet been fixed and hasn’t received any publicity across the industry

Either way the outcome is worrisome- either this shows a clear sign that the industry has been asleep-at-the-wheel when it comes to understanding and reviewing serialization data OR we are setting a reckless and irreversible precedent by considering this type of data integrity issue as acceptable.   

If I am a customer impacted by this issue, I am dropping everything immediately and:

  • Determining the extent of damage this has on my data
  • Determining my data integrity audit exposure risk
  • Evaluating my compliance approach to DSCSA

After doing so I would be making rapid decisions, while I still have time, to ensure my systems are capable of the core concepts of serialization and traceability data management.  And for those who feel a sense of comfort that many others in the industry are impacted by this same issue, that may not be a responsible position to take because, keep in mind, regulations and auditors don’t care if you’re 1 of 1 or 1 of a million.

As always, feel free to reach out to learn more about this issue. 

Tuesday, October 11, 2022

A new suite of Jennason Implementation Tools

Jennason Serialization Total Cost of Ownership Model-  Quickly evaluate Total Cost of Ownership across multiple vendors and multiple future scope scenarios.   The Jennason Serialization TCO model provides reporting/charting of total serialization spend on an annual basis as well as aggregated spend over a configurable period of time.   The tool also allows companies to calculate costs for future scope scenarios, such as the addition of new markets, partners and solution capabilities.  All reporting and graphs can be easily exported for inclusion in senior management presentations.  Additionally, the TCO model can be used to estimate serialization budget needs by expanding the cost items tracked to include non-system fees such as CMO/3PL partner costs and internal/external resource costs.

Jennason Data Migration Manager- For companies switching serialization providers, the Jennason Data Migration Manager is used to oversee the end-to-end data migration process- including definition of scope, source data details, data conversion and target data import details.  Additionally, the solution can automatically generate Data Migration Plans, conversion specifications and data verification protocols.     The Data Migration Manager can also be combined with the Jennason Translation Tool which has pre-built data converters allowing companies to quickly migrate serialization data from legacy systems into their new serialization platform (for example: CSV à EPCIS conversion)

Jennason DSCSA Implementation Manager- Consolidate serialization system implementation, vendor switches and DSCSA 2023 compliance efforts into a centralized, web-accessible dashboard and project management tools including integrated project plans, DSCSA resources and issues/risk management.   The DSCSA Implementation Manager can be extended directly to partners (CMOs/3PLs/Customers) to provide real-time visibility into project status, open action items and upcoming milestones.

Contact Jennason for more information and to schedule a demo.

Popular Posts