No leniency for Wholesale: start preparing now to meet the DSCSA VRS Deadline

The DSCSA VRS deadline is one of the most important milestones the pharmaceutical industry needs to meet. The Drug Quality and Security Act (DQSA) was enacted by Congress on November 27, 2013, in doing so amending the Federal Food, Drug, and Cosmetic Act to grant the Food and Drug Administration more authority to regulate and monitor the manufacturing of compounded drugs.

Title II of the bill, the Drug Supply Chain Security Act (DSCSA) is designed to establish requirements to facilitate the tracing of prescription drug products through the pharmaceutical supply distribution chain. It outlines steps to build an electronic, interoperable system to identify and trace certain prescription drugs as they are distributed. This will enhance the FDA’s ability to help protect consumers from exposure to drugs that may be counterfeit, stolen, contaminated, or otherwise harmful. The system will also improve detection and removal of potentially dangerous drugs from the drug supply chain to protect consumers.

Adopting a phased approach, there are two key deadlines for different stakeholders: November 26th 2018 is the widely acknowledged deadline for pharmaceutical manufacturers and repackagers; however, given that the FDA has already pushed this deadline back once by a year (from November 2017), the second deadline is unlikely to be met with similar lenience.

On November 27th 2019, the DSCSA VRS deadline is enacted.  The wholesale industries must be compliant and only accept products that contain a serial number or product identifier, and they must verify this product identifier before they can go on to resell these goods. They must also be able to complete a validatable returns process.

To complete this process in specific regard to returned products that are saleable, the Verification Router Service (VRS) initiative was highlighted by the Healthcare Distribution Alliance (HDA) in its efforts to lead the industry in implementing the act. Essentially the VRS community consists of a third-party routing service, comprising requestors, responders, VRS providers, and a governance body to help manufacturers and distributors work together.

Under the proposals, the responders – ie. the manufacturers –  are responsible for providing repository connectivity information to the VRS and providing appropriate responses to the requesters’ (ie. the wholesale distributors) verification requests by matching the product identifier received from the requester with the product identifier in their repositories.

This level of collaborations requires tools for manufacturers and distributors need to work together. And these tools require testing – in minutiae.

Today, various solution providers, including rfxcel are in the process of providing a VRS. By the end of Q2 2018, industry testing is expected to start. The industry testing will consist of two rounds of testing, where there will be updates and modifications to the VRS specification to accommodate learning’s from the first test. Final revisions and refinements of the VRS will go in place with the final report published by the end of Q4 2018. Therefore, the VRS is expected to be available in early 2019, in readiness for the November deadline.

Lessons learned

However, as mentioned, it’s unlikely that the FDA will be lenient with this second deadline. It is therefore important to be aware that the duration of the testing depends on a lot of different things. It is going to be dependent on the readiness of your trading partners to start testing, and be determined by the quality of the data you received. You will need to expect some problems and be able to account for that within your schedule.

Analysing the recent HDA meeting back in February, we have put together our top tips to ensure you meet the upcoming DSCSA deadline:

  • Start talking with your providers, NOW! If you haven’t started implementing solutions yet or looking into your options, this is the perfect time to start.
  • If you are selecting vendors, make sure you understand the level of service provided by these providers. Everyone has a different way of managing the implementation process, so it’s not all the same.
  • Understand the total cost of ownership or the total cost of implementation. Make sure you have resources in the budget for that so you’re not surprised when the project starts.
  • We recommend that engage your trading partners to mutually understand the impact of your plans. This is probably the most important phase that you’ll need to go through. Your trade partners have different schedules, they may have different commitments to other customers that they are exchanging information with. So as part of this, make sure you understand the proximity exchange and make sure you reach out to your key suppliers in time.
  • Finally, the HDA does require continued testing implementation regarding serialized items. Make sure that you schedule ample time to test the implementation. Run through the proper test cases with your trade partners as part of the on-boarding process.

To learn more about the DSCSA VRS deadline and rfxcel’s VRS pilot project please contact us.


Legal Note *We are very familiar with the DSCSA requirements and the DSCSA implementation we are not familiar specific trading partners or contracts or business requirements. As a result we do recommend that you have the mall reviewed by your legal team to make sure that DSCSA law and DSCSA VRS deadline might apply for your specific situation.

DSCSA VRS deadline

European Union Falsified Medicines Directive is nearing

The European Union Falsified Medicines Directive (FMD) is close to taking full effect. On February 9th, 2019, all regulations regarding serialization and traceability become enforced. Failure to comply with these regulations will inevitably cause product launch delays. No serial number means no sale.

Serialization will be a necessity for sale of virtually all prescription only medications in Europe. But it is not enough to just print a serial number onto every batch.

Each individual unit must contain a 2D data matrix barcode that contains a unique Global Trade Item Number (GTIN) that refers to a specific stock-keeping unit, a unique serial number, the batch number, and the product’s expiry date. Some countries require even more information.

Further, each individual product needs to be able to be traced from manufacturer all the way to the pharmacist’s point of sale. For the pharmacist to be able to reference this information, each unique barcode will be logged with the European Medicines Verification Organization (EMVO) hub.

The process for becoming compliant is not short, and putting off starting the serialization journey is dangerous, especially as the EMVO on-boarding queue starts to bottleneck as more and more companies enter that stage in their serialization process. Acting fast can save months of time and ensure compliance by the February 2019 deadline.

But choosing the right partner with the right serialization solutions can help this otherwise onerous process, as well as help with compliance in other regions, as deadlines for serialization in other countries are also fast approaching.

With our 60 day implementation plan, rfxcel provides a quick on-boarding plan for all of your serialization needs. rfxcel’s solutions are secure as well as comprehensive, providing compliance for a multitude of regions, including the EU.

For more information on the European Union Falsified Medicines Directive and compliance needs, rfxcel provides a number of resources, including a comprehensive whitepaper found here

European Union Falsified Medicines Directive

rfxcel Covers the Cost of EMVO On-boarding Fees

rfxcel Corporation, a technically certified Gateway Provider for the European Medicines Verification Organisation (EMVO) announced today that it will pay the cost of statutory fees payable to EMVO* (EMVO On-boarding Fees) for all manufacturers (Marketing Authorisation Holders, MAHs) which select rfxcel as their Gateway Provider before June 15th 2018.

Manufacturers who wish to participate in this great opportunity should contact rfxcel ( for details of the solution and terms of the offer. They then simply need to name rfxcel as their Gateway Provider when registering on the EMVO portal ( before June 15th 2018. When we conclude a software contract, the cost of the EMVO fee will be absorbed by rfxcel as a discount.

With EMVO onboarding fees increasing by 50% after June 15th 2018, rfxcel is taking a significant step in helping EMVO to accelerate its onboarding programme and MAHs to meet their requirements under the Falsified Medicines Directive in a timely manner.

rfxcel provides a full-service, fixed price approach that gets MAHs ready to exchange data with EMVO quickly and efficiently. We manage the end to end process from EMVO on-boarding to connection, reporting and interaction with business partners such as contract manufacturers (CMOs). This enables even very small MAH companies to comply with FMD obligations with minimum resource and cost impact.

“Our initiative to cover the cost of the EMVO on-boarding fees, paired with our rapid, full-service implementation, provides a great opportunity to MAHs who need move quickly.  With rfxcel they also avoid the hidden costs and additional resources required by other solution providers to onboard their trading partners”, said Mark Davison, rfxcel Senior Director of Operations Europe.

To learn more about the requirements surrounding the European Union’s Falsified Medicines Directive (FMD) or rfxcel’s solutions to meet these needs, please contact us.

*The offer relates to EMVO (one-time) onboarding fees only. It does not include any initial or annual fees that may be payable to national medicine verification organisations (NMVOs).

For more information about your EMVO On-boarding Fees contact us:


emvo on-boarding fees

HDA roundup from the FDA Public Meetings

HDA round up from the FDA Public Meetings on: FMD, DSCSA and Compliance

With the Falsified Medicines Directive (FMD), the Drug Supply Chain Security Act (DSCSA) and serialization compliance being the hot topics within the pharma industry, we wanted to roundup the latest news and opinions across the market today and from FDA Public Meetings.

On March 26th, The Healthcare Distribution Alliance (HDA) submitted written public comments to the FDA.  The comment was in response to the third and final FDA Public Meetings  held on February 28th 2018, to explore the enhanced drug distribution security provisions under the Drug Supply Chain Security Act (DSCSA).

HDA summarised its views with three separate takeaways:

  1. Deeper insight into areas of the industry consensus and confusion

With consensus on a distributed data architecture and the operational importance of aggregation and inference, there remains confusion on the details around terms or phrases in the law (e.g., “facilitate the gathering”) and interoperability.

Whilst the system is standards based and some foundational work will be done in 2019, many specifics still need to be developed — including further details around the system(s) FDA and the supply chain envision in 2023.

  1. The initial expectations for the 2023 system

There is a clear need for continued work to resolve issues related to expectations, technology and processes – and what the industry feels it can achieve within the current milestones.

Whilst the shared goals of patient safety and access are clear, there is an industry concern that certain analytics and interoperability functionality might not be currently possible based on a distributed architecture with today’s technology.

  1. The differing perspectives and challenges of FDA and trading partners

The HDA welcomed the participation from a larger industry group, including regulators and distributors, regarding concerns and to understand thinking and current approaches and challenges to achieving DSCSA compliance. Reaching 2023 must be a highly collaborative endeavour and the FDA meetings provided a unique forum to discuss these across sectors.

In addition, in late March rfxcel hosted a webinar alongside the Belgian-based, non-profit European Medicines Verification Organisation (EMVO) to discuss the on-boarding of partners to the European Medicines Verification System (EMVS). The EMVS was set up in response to the 2011 Falsified Medicines Directive (FMD) and designed to help Europeans identify and prevent consumption of falsified medicines.

With 100+ attendees, rfxcel and EMVO outlined the EU FMD/ Delegated Regulation, discussed exactly how to on-board your organisation and how to choose a gateway provider (IT Partner).  Both Fanny Trenteseaux of EMVO and Mark Davison of rfxcel, took the audience through a step-by-step guide to on-boarding.

From both the webinar and the recent HDA public submission, rfxcel’s main recommendations for successful serialization include:

1: Get executive buy-in: do not underestimate the significance of serialization

2: Assemble a multi-disciplinary team: include representatives from manufacturing, supply chain, IT, legal/regulatory and partner/contract management to understand how serialization can be applied across multiple organisational boundaries

3: Establish long-term user requirements to ensure you’re ‘future ready’: create a design template that is flexible enough to be interoperable and implementable between national systems and provides the flexibility to adapt to change as it happens.

4: Understand the data implications of FMD & DSCSA – and where the datasets reside across your organization

5: Choose the right software, and consider quality; data validation and network connectivity carefully

6: Choose the right partner – find a vendor that can partner with you to design responsive solutions that go beyond technology, and who is committed to your success

7: Act now: With the biggest price of non-compliance being your inability to ship product, is it worth the risk?

For more information contact us here


FDA Public Meetings



rfxcel Responds to Fake News

Recently, a vendor posted a story about a troubled implementation and named rfxcel as the source of the problem.  Although the tactic struck me as unprofessional, it also indicated that our continued wins were clearly impacting this vendor’s expansion plans.  Since rfxcel does not engage in this type of “mud-slinging”, I decided to not rebut the posting and chose to continue to compete on our merits.

Unfortunately, the vendor has taken this to a new level and they are now emailing this story to our customers in an attempt to discredit rfxcel.  This new marketing campaign crosses the line of professional behavior.  In light of the vendor’s new marketing effort, I feel that it is important for rfxcel to set the record straight.

No customer is named in the vendor’s posting, and we have no idea who that customer could be as none of our customers experienced all of the problems cited in the posting.  As such, I cannot provide a rebuttal regarding all the points raised in the post, except to clarify a glaring issue; inference of security issues in our infrastructure is false.  rfxcel’s cloud solution has always been secure and remains secure today.  We maintain the highest industry recommended security measures and perform continuous 3rd party audits of our systems.  As a result, our systems have remained secured and we have never experienced a breach.

In addition to new customers that we have won when competing against this vendor, more than 10 customers have recently switched from this vendor to rfxcel.  These customers include global manufacturers, distributors and dispensers of various sizes.  The most common reasons these companies give for switching over are:  The vendor’s frequent updates kept “breaking” the system; Inability to get the vendor’s attention to help configure & integrate with partners; Hidden costs in terms of additional company resources and upcharges for services/features.

Among this growing list of switched customers is one of the largest US pharmacies who switched because the vendor’s solution could not process the large volumes required by this pharmacy.  This list also includes a manufacturing customer who switched from rfxcel to this vendor because of the vendor’s promise of lower prices – this customer recently re-signed with rfxcel after realizing that the lower prices came with lower levels of service and hidden upcharges.

Finally, I am reminded of a humorous twist to the Golden Rule that best illustrates the differences between our two companies, “Whoever makes the gold, makes the rules.”

Unlike this vendor, our growth is fueled by our customers and not by investment bankers.  rfxcel has developed and run a profitable business for over 10 years now.  Even with our recent investment, customers are the primary source of our cash flow.  This places customers at the center of our growth strategy.  rfxcel’s priorities and focus have always been based on our customer needs and not on the needs of investors who are driven by quick returns.  This is an important distinction that results in two very different business models.

PRIORITIES – our focus on customers permeates everything we do.  It guides how we reinvest our revenue; more than 50% is reinvested into our Engineering and Customer Success organizations which directly impact our customers.  We do not prioritize our spending on large Sales/Marketing teams and glitzy, self-promoting events.

CONTROL – our solution provides our customers with their own private instance of our software instead of a common copy that is shared with other companies.  We frankly don’t understand how a system could be validated and stay validated with any other approach. Our customers decide to upgrade when it is convenient for them instead of getting continuous upgrades based on the vendor’s schedule which can be destabilizing, especially in a validated manufacturing environment.

SERVICE – rfxcel provides a full service implementation.  We do the heavy lifting for our customer and ensure a consistent end-to-end experience.  We ensure that our customers are connected to their partners and we run a series of data validations based on our customers’ requirements to ensure that everything works properly.  Our services are fixed price to shift financial risk away from our customers.  In contrast, this vendor likes to tout their connections but leave their customers with a portal to complete the partner integration work themselves.

rfxcel is a fast growing company in a rapidly evolving business environment.  We understand that problems will occur but we remain fully committed to the success or our customers.  We live by the old fashioned motto, “The customer is king.”  It is not a cliché or convenient tag line.  It is how we conduct business.

For organizations that need a serialization, traceability or compliance solutions, I look forward to the opportunity to present our solution to you in the future.  For our existing customers, I want to extend a huge “Thank YOU”.  rfxcel remains fully committed to your success.  We are accountable to you, not the investment bankers.  Without you, there would be no rfxcel.

Glenn Abood
CEO and founder

To learn more contact us here.


FAQ from Wholesale Distributors

These questions were asked at our Certification Course in collaboration with Life Science Training Institute:
LSTI Course: Key Elements of Pharmaceutical Serialization and Implementation 


FAQ from Wholesale Distributors:

Listed are all pending compliance requirements, including the Salable Returns.


  1. How does DSCSA apply for distributors?
Nov. 27, 2019 Accept only serialized product Wholesalers may engage only in transactions of products encoded with unique product identifiers, which will be used to verify a drug’s legitimacy and enable product tracing in the event of a recall or the identification of a suspect product.
Nov. 27, 2019 Match original transaction information with returned products that will be resold. Wholesalers may accept returned products for resale only if they can associate the returned product with the original transaction information and transaction statement for that product.
Nov. 27, 2019 Verify unique product identifier of suspect products at package level. Wholesalers must verify the product identifier, which includes the standardized numerical identifier, or SNI, for products they suspect are potentially counterfeit, diverted, or otherwise unsafe.
Nov. 27, 2019 Verify the unique product identifier of returned products intended for resale. Wholesalers must verify the product identifier, including SNI, of returned products intended for resale.
Nov. 27, 2023 Participate in electronic package-level traceability system Wholesalers must exchange transaction information and statements in an interoperable electronic manner, and the transaction information must include product identifiers. Wholesalers must put in place systems and processes for electronic package-level verification and provide traceability information to regulators to permit access to a drug’s full distribution history when investigating a suspect.

product or during a recall.



  1. Explain grandfathered products: Can they be sold? What do they mean?RELATIONSHIP TO “GRANDFATHERED” PRODUCTS UNDER SECTION 291 582(a)(5) OF THE FD&C ACTThis compliance policy addresses products a manufacturer introduces in a transaction into commerce without product identifiers between November 27, 2017, and November 26, 2018. In the future, FDA intends to issue additional guidance that will outline FDA’s current thinking on the “grandfathering product” provision of section 582(a)(5)(A) of the FD&C Act regarding products not labeled with a product identifier that are in the pharmaceutical distribution supply 298 chain at the time of the effective date of the requirements of section 582. In that guidance, FDA intends to address the relationship of the compliance policy set forth in this guidance with “grandfathered” products.DSCSA non-enforcement draft guidance

The full compliance policy still hasn’t been published, as it’s going through review as a draft to accept challenges, recommendations and a critique (the comment period closed in January). The primary reason for seeking further guidance dealt with enforcement of DSCSA, specifically with regards to manufacturers applying serialization to products. The deadline for compliance here remains Nov. 27 of 2017, but in the draft the FDA states they will not enforce the manufacturers’ product identifier requirements under the DSCSA for another full year. While this buys some manufacturers, wholesalers, and repackagers some more time, it begged the question about what “introduced in a transaction into commerce before Nov. 26, 2018” meant.

Specifically, from lines 37-41 of the draft guidance:

‘In brief, FDA does not intend to take action against manufacturers who do not affix or imprint a product identifier to each package and homogeneous case of products intended to be introduced in a transaction into commerce before Nov. 26, 2018. This represents a one year delay in enforcement of the requirement for manufacturers to affix or imprint product identifiers.’

What does that mean? A less conservative approach might assume that as long as the batch is released before Nov. 27, 2018, then there is no requirement for compliance, even if shipping that product after the deadline. The more conservative approach would have meant to consider each and every product individually. Fortunately, the November 2017 Grandfathering draft guidance clears this up.

The Grandfathering draft guidance specifically states (from lines 122-124):

‘For the purposes of this guidance, a package or homogenous case of product is “in the pharmaceutical distribution supply chain” if it was packaged by the product’s manufacturer before November 27, 2018.’

The key word is “packaged”. Any product “packaged by the product’s manufacturer” before the deferred compliance enforcement date (November 27, 2018) will be exempt from enforcement of DSCSA requirements for affixing a Product Identifier. Subsequently, this draft guidance exempts any trading partner requirements relating to Product Identifier as it relates to product supplied by a manufacturer if that product was packaged by the manufacturer before November 27, 2018 without affixing a Product Identifier to that package or homogenous case. This includes the following:


Exemptions for Product Packaged by a Manufacturer without a Product Identifier before 11/27/18:

  • The investigation of suspect product, that is verifying product at the product level using the Product Identifier (this applies to manufacturers, as well as their downstream trading partners).
  • Wholesaler requirements that they engage in transactions involving only product encoded with a Product Identifier beginning November 27, 2019.
  • Dispenser requirements that they engage in transactions involving only product encoded with a Product Identifier beginning November 27, 2020.
  • Repackager requirements that they accept ownership of product encoded with a Product Identifier beginning November 27, 2018.

However, it is important to understand what is not exempted.


Not Exempted (for any manufacturer or downstream trading partner):

  • There is no extension of compliance dates for the requirements for investigation/verification of product at the package level using the Product Identifier Product packaged by a manufacturer (or repackager) prior to November 27, 2018 that has had a Product Identifier affixed to its labeling.
  • There is no exemption from the requirement to validate any applicable transaction history and transaction information in their possession and otherwise investigate any suspect product to determine if it is illegitimate.


And specifically, for repackagers:

  • If a repackager wishes to transfer ownership of a package or homogenous case of product without a product identifier on or after November 27, 2018, it must first add a product identifier to the package or homogenous case of product. Basically this is saying that all product packaged after November 27, 2018 must be serialized (have a Product Identifier), regardless if it is packaged by a manufacturer or a repackager.
  1. What are the penalties if you don’t follow DSCSA?

As of this moment FDA didn’t announce any penalties.

  1. What products don’t need to comply with DSCSA? 
  • Blood or blood components intended for transfusion
  • Radioactive drugs or biologics
  • Imaging drugs
  • Certain IV products
  • Medical gas
  • Homeopathic drugs
  • Lawfully compounded drugs


We appreciate your feedback and would like to know how else we can help. Please send your questions or comments about “FAQ from Wholesale Distributors” here.


About Life Science Training Institute (LSTI)

FAQ from EU Falsified Medicines Directive Webinar

14 Questions/Answers from the EU Falsified Medicines Directive Webinar with rfxcel serialization expert Mark Davison.


What is the role of a Wholesale Distributor in the EU Falsified Medicines Directive (FMD)? How does Falsified Medicines Directive require Wholesale Distributor to function? Do Wholesale Distributor need to integrate to HUB / National Systems?

A: Wholesalers integrate to National Medicines Verification System (NMVSs).
Only Good Manufacturing Practice (GMP) licensed parallel traders, who need to change the box and hence the code, would use the central EU Hub.


For products in Phase 3 research, when do you recommend getting ready for serialization for Falsified Medicines Directive ?

A: It is worth having the conversation with your CMO early. If CMOs have already equipped production lines, then the Marketing Authorization Holders (MAH) software part will take around six to nine months. Work backwards from planned launch date by at least a year to be safe.


Below what level of annual turnover do you think that corporations will not engage in this process and drop their Rx-bound activity?

A: We have seen some very small companies contemplate that step. Below about 50,000 annual units produced, it is hard to amortize costs – except for high value products.


What happens when MAH issues serial numbers in bulk to CMO, is it possible to track the reconciliation?

A: The rfxcel track and trace software automatically manages the issuing, reconciliation etc. between your software and the CMO, even if they ask for a buffer stock of numbers in advance.


Is decommissioning accepted at packing line level?

A: Yes. Until product data is uploaded to European Medicines Verification System (EMVO) (which must be at or before QP release of the product) any data manipulations are fine as long as they are tracked and auditable.


Is there any penalty foreseen in case a corporation or country is not ready on time?

A: Apart from reputation and embarrassment, I don’t see how a country could be penalized. For corporations, it is simple. No codes, no sales.


Where is the legislation in regards to NMVO contracting?

A: The countries of the EU are at different states of readiness. Some NMVOs are running pilots and getting people connected, others are not yet fully set up. The fee and contracts for those connecting to them are not specified in the FMD and are at the discretion of the NMVO.


How ready are pharmacies?

A: Not very, in most countries.


Does MAH Level-4 system needs to exchange the data with CMO Level-4 or Level-3?

A: In the case of rfxcel, both are possible. Typically, it would be between Level 4 systems.


For the EMVO on-boarding process:

What title/function is generally seen and/or expected as the Single Point of Contact (SPOC) within an organization?

A: Can be anyone but should be the person able to answer and deal with queries etc.

What role/function generally handles the registration/on-boarding within an organization—Regulatory, Supply Chain, Commercial? Is this is the same as the SPOC? 

A: Varies by company. Someone must sign as a legal designate of the corporate entity (i.e. senior person) but the onboarding can be done by anyone.


Where can I go to get more information on the on-going/annual fees associated with MAH per country? 



I’m getting management pushback backed by external counsel, that there is no legal foundation to join NMVOs. Do you have one example in national legislation of stated requirements?

A: EU Directive 2001/83/EC, Article 54a/2/e (as amended by the provisions of Directive 2011/62/EU, commonly known as the Falsified Medicines Directive) says that the cost of the repositories system shall be borne by the manufacturers. In the UK, the Falsified Medicines Directive is transposed as-is through the Human Medicines (Amendment) Regulations 2013 [SI 2013/1855] which came into force on 20 August 2013.


Will Brexit make any difference?

A: In my opinion, no – for a couple of reasons.

The immediate timing of the FMD will be before Brexit, and with the 20-month transition time that is built in, this will allow the UK to carry on with any rules which are to be enforced during that period. So, for at least 2 years after the FMD, Brexit will have no effect, by law, on FMD enforcement.

The UK is such a large manufacturing country; I would be astonished if they diverge away from the rules that apply to the rest of the EU Union.


Do you think that the FMD could be delayed, similar to the DSCSA delay by the FDA?
A: No one knows the true answer to that. However, it could be quite possible if we are nearing the 2019 deadline and a sufficient number of organizations are not ready. With that said, I would not want to be the guy who has to explain to his superiors that we chose not to prepare ourselves, as we were counting on a delay that did not occur. We now cannot sell product for 6 months and need to take that time to catch up. My suggestion would be to not bank on it.


Will everyone be ready on 2/9/19?

This is the largest IT project in recent years; nearly 30 countries and the entire pharmaceutical supply chain is involved here. The chances of absolutely everyone being ready on day 1 are nil, but we all need to make our best effort to do everything we can to help this process be the best it can. It won’t be perfect, but it will be a whole lot better than what we have today.


Listen to the full webinar here.

Or copy/paste this link in your browser:

DSCSA Compliance

The United States has been taking initiatives to discourage the introduction and distribution of counterfeit drugs. With that goal in mind during November 2013, the Drug Quality and Security Act (DQSA) was introduced. DQSA is a federal framework to address supply chain security. The Drug Supply Chain Security Act (DSCSA) outlines critical steps to build an electronic, interoperable system to identify and trace certain prescription drugs as they are distributed in the U.S.

The DSCSA compliance laws aim to facilitate the exchange of information at the individual package level about where a drug has been in the supply chain to:

  • Enable verification of the legitimacy of the drug product identifier down to the package level
  • Enhance detection and notification of illegitimate products in the drug supply chain
  • Facilitate more efficient recalls of drug products

Serialization for the US is centered on the Standardized Numerical Identifier (SNI). The SNI is a national registration and serial number for the medicinal product and each pack. Each unit must also carry the lot number and expiry date as a mandatory requirement. All data is a 2D data matrix code and printed on the pack. The serialization data are reported to the parties involved so that the flow of goods in the supply chain can be re-traced.
rfxcel Traceability Platform is designed according to the internationally accepted ANSI/ISA S95 standard. Meaning, an efficient track-and-trace solution should integrate with the packaging equipment, line controllers, and Central Repository via standard interfaces for seamless communication. This architecture ensures seamless information exchange in both directions. It is flexible enough to catch errors before unacceptable product accrue. For example, production can be stopped in instances of missing or inconsistent data to avoid manufacturing unusable (i.e. incorrectly serialized) products.

The DQSA affects:

  • Manufactures
  • Wholesale distributors
  • Repackagers
  • Third-party logistics
  • Pharmacies

DSCSA compliance implementation phases
Lot-level management
Started on January 1, 2015, for manufacturers, wholesalers, and repackagers, and July 1, 2015, for pharmacy (hospitals and retail): Share the 3T’s: Transaction Information (TI), History (TH), and Statements (TS) at the Lot (or Batch) level of identification.

Item serialization
Mid-term (2017–2019): Manufacturer/repackagers serialize packages of drug products using a product identifier (GS1 Global Trade Item Number® (GTIN®) or NDC), serial number, lot number, and expiration date.

Serialized item-level traceability
By November (2023), make available information that would allow supply chain partners to trace the ownership back to the initial manufacturer or repackager.

The DSCSA compliance transactions or changes in ownership includes the following elements:

1. Transaction information (TI)‐includes the name of the product, strength and dosage form, NDC, container size, number of containers, lot number,
transaction date, shipment date and the name and address of the businesses previous and subsequent owner.
2. Transaction history (TH)‐ an electronic statement that includes the transaction information for each prior transaction back to the manufacturer.
3. Transaction statement (TS)‐electronic confirmation by the entity transferring ownership of the product.

Each business is required to provide the TI, TH, and TS to the subsequent owner for each transaction. Each party, buyer or seller, must capture and maintain the TI, TH, and TS for each transaction for six years.

Transaction statement confirms that the product is authorized under the DSCSA compliance laws and received the product from an authorized party.

  • TI and TS from the previous seller are received
  • Shipping only legitimate product
  • Systems and processes to perform verification
  • Did not knowingly provide false transaction information
  • Did not alter the transaction history

How can rfxcel help?
With over 14 years in the traceability business, rfxcel understands the need to fulfill these regulatory requirements. Pharmaceutical and biopharmaceutical companies need a reliable track-and-trace solution to have a strong process workflow.

rfxcel provides the following solution requirements:

  • DSCSA compliance with international anti-counterfeiting requirements
  • Support of GS1 labeling information
  • Management and randomization of serialization numbers in operations
  • Management of modular aggregation for item, bundle, pallets
  • Integration with centralized track-and-trace repositories
  • Verified product that is EPCIS certified
  • Handling of packaging orders and batch information
  • Dialogs to create, discard, aggregate, and disaggregate units and hierarchies
  • User management, including rights management & audit trail
  • Recording and reconciliation of used and unused serialization numbers

The industry trusts rfxcel Traceability Platform for its scalability and reliability. rfxcel meets the needs of serialization, DQSA compliance requirements, business value and competitive advantage.

rfxcel Traceability Platform offers:

      • rfxcel Integration Server – an integration engine to merge external systems with rfxcel products. These external systems can include ERP Systems (e.g. SAP, Oracle, IBS), Packaging Systems and Edgeware (e.g. Optel), Country-specific Drug Data Repositories and more
      • rfxchange – the ecosystem that connects formatted and mapped data to DQSA hub and any other global repository
      • Data processing and validation ensures no bad data gets into the hubs
      • Scan: scanning capabilities, shipping, receiving
      • Seamlessly data exchange and formatting for DSCSA requirements
      • Collaboration and integration with all partners, customers, and other solution providers
      • Works with multiple file formats (XML, SAP iDoc, PML, EDI, or any custom data types and file formats)

Contact us for a 20-30 minute demo.

Complete Understanding of the EU Falsified Medicines Directive

The EU Falsified Medicines Directive and What It Means

Europe’s Falsified Medicines Directive (FMD) comes into full force in little over a year, on 9th February 2019. Far-reaching, mandatory requirements for product coding, traceability and tamper-evidence will be enforced in over thirty countries.

What is the Requirement?

The FMD requires that all unit-of-sale packs of prescription medicines (with potential exceptions for perceived low-risk products) must carry a “safety feature” comprising a Data Matrix code and human readable data, and must be tamper-evident.

The code must contain a minimum of four pieces of information: batch number, expiry date, global trade item number (GTIN) and a randomized serial number. Some countries require a fifth data string for national use. The data must also be printed in human readable form, ideally adjacent to the code. Manufacturers (and licensed parallel traders) will code their products and report data to a central EU Hub run by the European Medicines Verification Organisation (EMVO). This will push data down to appropriate national data repositories run by corresponding National Medicines Verification Organisations (NMVOs). Pharmacists (or other authorized persons) will scan the codes during the dispensing process and these codes will be checked against those local databases.

Who Must Report FMD Data?

The task of reporting accurate data to EMVO is the responsibility of the Marketing Authorisation Holder (MAH) and cannot be delegated to a contract manufacturer (CMO). This means that every MAH company, however small or virtual, needs a software solution to generate, manage and report serial numbers in a highly accurate, controlled and validated way. This comes as a surprise to some companies, who are used to outsourcing everything, but it needn’t be a major burden given the right solution choices.

How Should Companies Report Their Data?

However the serialisation data is generated, whether by in-house software or by an outsourcing partner, the data will need to be collated and uploaded by each MAH. All serialisation data from such license holders will go through EMVO and their hub system. This means that early engagement with EMVO is important. The administration procedure to register with EMVO as a MAH involves a number of documentation steps and verification checks. It is not a quick process and can take months. Over two thousand MAH entities will need to be on-boarded to EMVO in 2018, which is likely to lead to a bottleneck. We recommend that MAHs start the process now rather than wait until later in the year.

What Tools Are Needed for Reporting?

This challenge cannot be addressed with an Excel spreadsheet and the IT equivalent of duct tape. Too much is at stake. The FMD should be seen as a significant business continuity risk, albeit with upside potential. The law is very clear: no data or wrong data means no sale. This means that license holders can’t afford to delay or to choose the wrong solution.

Production lines need to be modified with code printers, vision systems to check printing, ejection mechanisms to remove miscoded packs, perhaps more-stable conveyors, tamper-evidence stations etc. These are controlled with software, classified as Levels 1-3 on the ISA-95 scale. They pass data to Level 4 (enterprise-level) and Level 5 (external reporting interface) software. These last two are sometimes combined into the same solution, as with rfxcel, and provide the gateway to the outside world.

Only a small number of gateway solution providers, including rfxcel, are currently Technically Certified to provide access to EMVO. This certification is a critical minimum requirement, which indicates that the software solution has been rigorously tested and shown to do what EMVO requires. But that doesn’t mean it has been optimized for data quality. Don’t assume that all certified vendors take a proactive approach to data integrity. In most cases, the system is validated but not the data flow within it. The old adage of “garbage in, garbage out” still applies. Look for a vendor that actively checks the data fields for accuracy. Not just one-time validation of data connections but checking every piece of incoming data for errors. Also beware of systems that require frequent re-validation due to external changes beyond your control.

What About Distributors and Dispensers?

When manufacturers upload their data via the EMVO hub, it is then pushed down to national repositories run by national medicines verification organizations (NMVOs). This is done based on the master data attributes and specifically the global trade item number (GTIN). For example, data for products destined to be sold in France will be pushed to the French NMVO. Any downstream checks by distributors and dispensers are made against the national repository in their jurisdiction.

Unlike the equivalent US law (the Drug Supply Chain Security Act) the FMD doesn’t require codes to be checked between manufacturer and pharmacist except on a risk basis (e.g. for returned product). However, pharma logistics in the real world is complicated and bi-directional. The FMD is likely to increase the flow of returned product, at least until the system stabilises. In the same way that implementing serialization causes an overall equipment effectiveness (OEE) impact on production lines, the FMD will cause a macro-scale “OEE” dip in the European supply chain.

Is Aggregation Mandatory?

Aggregation is a production process that builds a hierarchy of traceability data from pack to case to pallet. One master code on the outside of a container is linked via a database with the identities of all the unit packs inside. This means that one scan can verify multiple codes in a sealed container – very useful for distributors and for managing internal hub and spoke logistics. Aggregation is not mandatory under the FMD, but avoiding unpacking, checking and re-packing coded product during verification is one of the key reasons that many MAHs are implementing aggregation.


If you have internal production lines and have not yet started converting them for serialization, my advice is to transfer production to a CMO or arrange post-production coding. You probably don’t have time to complete a production line conversion before February 2019.

Every MAH (even a virtual one) needs at least the Level 4/5 software discussed above, since they have the responsibility to report their own data in a reliable and validated way. They must show the regulators that they are in control of their serialization system at all times, so choice of vendor is critical.

If your company already outsources finished goods production, you still have time to procure, install and validate a L4/5 software solution but you need to start now. Call us today for a more detailed discussion and let us help you to get ready for February 2019.



Understandably, this presents a challenge to your company to implement. It is crucial that your company acquires a working knowledge of the law in order to understand your risk. Most companies outsource this work to a solution provider such as rfxcel. rfxcel is a EU FMD compliance software provider that addresses all compliance management and requirements, serialization processes and connectivity to a global network. With hundreds of customers and over 14 years of experience, rfxcel has been the leader in the track and trace industry for pharma. A company focusing on the success of its customer, it ensures a designated team for your implementation, support and quality control.


Private Cloud for Compliance Requirements

Understand how to meet compliance requirements with a private cloud module.


So you’re thinking of buying a cloud-based serialization L4/L5 solution. You’ve read some marketing materials and maybe the idea of a shared network appeals, because you know another company who’s using that system. Before you write the purchase order, read on.

Who will validate your cloud-based serialization system?

Under the rules such as 21 CFR Part 11 and EU GMP Annex 11, YOU are responsible.  You can use vendor tools, templates and widgets but no-one else can sign-off on the quality for you. Therefore, whenever the vendor system changes you need to react.  You remain responsible for your own data quality so every change is a risk. Think about what risk assessment and validation burden you are prepared to accept, before you choose your vendor.

How often do you need to re-validate?

That depends on your tolerance for risk. Shared cloud, multi-tenant systems inherently change much more frequently than private cloud, single-tenant solutions. They have to adjust to continuous demands from all the companies using the shared system. If a change made by your shared cloud service provider could impact your business processes and data quality, you must conduct a risk assessment process.  Colleagues tell us that running that process every week or two gets tedious. If there are major changes then you may need to fully re-validate some or all of your data connections more often than you’d like. Furthermore, on a shared cloud, this will not happen at a time of your choosing but will be driven by the vendor’s considerations.


Is there an easier way?

Private cloud solutions, like those provided by rfxcel, don’t have the same issues.  We give you your own software instance, within our secure cloud environment.  In our model, your validated system remains locked down until you decide you want to update it.  You can roll multiple patches and updates into one change event, and schedule any IT resources you need well in advance. Private cloud architecture doesn’t mean you’re not linked to the outside world. We provide a cloud-based exchange server which is used by hundreds of entities. We routinely exchange data with all of the major system providers on a daily basis, so you’re not locked out of your CMOs or logistics partners, even if they made a different choice.


Data integrity means checking not assuming

Don’t forget that mistakes happen, even in validated systems. It may surprise you that some of our competitors don’t check data. They assume that what comes in is correct, and pass it on. We make over fifty checks on data fields to ensure that even if something goes wrong you’ll spot it before an error becomes an incident. The cost of a recall is usually more than a million dollars, so make sure you give yourself every chance of avoiding one caused by a serialisation error.


Contact us today to see how rfxcel can help you to be compliant without unseen validation burdens and data quality risks.