Serialization remains the pharma industry’s biggest challenge, it is a complex creature with a vast number of stakeholders, regulatory requirements and investment needs, however, many industry players are failing to see the forest for the trees. While fast-approaching (and recently passed in some instances) deadlines are driving many of the decisions being made, it is easy to forget that the need for high quality data that demonstrates product legitimacy is what has driven the development of serialization mandates in more than 50 countries.

Since 2016, a number of the world’s leading regulatory agencies including; the TGA in Australia, FDA in the U.S., MHRA in the UK; European Medicines Agency (EMA); World Health Organization (WHO) and the Pharmaceutical Inspection Co-operation Scheme have issued guidance documents that detail GxP data integrity and governance expectations. All the agencies highlight the importance of a holistic approach to ensuring data integrity irrespective of internal processes; if they guarantee complete and accurate records then the internal process is deemed compliant.

This article explores the role of data integrity in serialization programs and the key considerations for pharmaceutical companies in identifying data integrity inefficiencies. It will also offer some guidance on how these challenges can be overcome through effective planning and implementation.

The role of data integrity in serialization
Data integrity is essentially a constant effort to prevent errors in data management that hide test failures, logistical errors and/or manufacturing deviations because of; errors in recording destruction, omission, changes and deletions. 

Given the current climate where global serialization mandates are so high on the agenda, it is imperative that pharma businesses pay close attention to their data integrity processes.
The entire serialization effort and its principles assume that data is being recorded, stored and transferred correctly—if the data isn’t correct in its most fundamental form then serialization efforts are in vain. 

Data management requirements from DSCSA
The FDA has set very broad parameters when it comes to current good manufacturing practice (cGMP) data management requirements:
“FDA expects that data be reliable and regulations and guidance allow for flexible and risk-based strategies to prevent and detect data integrity issues. Firms should implement meaningful and effective strategies to manage their data integrity risks based upon their process understanding and knowledge management of technologies and business models.”

The guidance offers little in the way of specifics, giving the pharma industry quite a bit of autonomy to implement its own standards and processes—importantly, these could quite easily exceed the FDA’s expectations. At this point in the implementation of the Drug Supply Chain Security Act (DSCSA), a standard data format has not been decided by the FDA, but it will be essential on a practical level if data is to be easily shared among numerous supply chain partners. Also, there is no agreement in place on how the data and databases will be managed. In the distributed U.S. model, each organization stores and transmits its own data as required.

What the industry does know however is what it will need to do with data to meet the DSCSA regulations. Pharma businesses through the entire supply chain will need to manage serial number requests and responses with the different packaging line systems they and their supply partners work with. Commissioning events must be captured, and data exchanges managed as a product travels from a packing line through to the final dispensing environment. Downstream, businesses will have to develop a means of sending aggregation data and responding to verification inquiries from anyone that has a product in their possession.

Challenges in sustaining data integrity
The end-to-end serialization approach in the U.S. has created a network where data travels seamlessly between every stakeholder within a supply chain and creates a comprehensive record (or data chain) for the medicine throughout the process. In principle, it’s a very robust approach that aims to prevent counterfeiting by identifying perpetrators and weak links in the supply chain, however the challenge in sustaining data integrity is very much a human one. As the U.S. has adopted a full track and trace system, whenever there is change in ownership of a medicine at each point in the supply chain, the product and its certificate of authenticity must be verified alongside a certificate of sale, all of which is held in a repository system. While data records are digitized, their creation and input are still performed by people, leaving room for error that can only be partially resolved with comprehensive plans, training and regular self-inspection to ensure staff compliance and understanding of the requirements.

The problem caused by the earlier mentioned lack of concrete guidance from the FDA when it comes to data format is that each link in the supply chain will potentially have their own preferences, capabilities or interpretations of the requirements which can impact how the serialization system is designed. At each data transfer point, there is a real risk of data being lost if the two systems don’t interface. While end-to-end cloud platform providers can provide a unified approach to their entire network, there is little chance that manufacturers et al. will exclusively deal with businesses within these networks.

Key considerations for pharmaceutical companies
While the FDA is yet to impose a standardized approach to data format, storage and management, it may do so in the future. This creates an extra pressure on pharma businesses in their push towards serialization as they not only need to implement a solution that meets currently understood regulatory requirements for data storage and exchange, but one that offers scalability and flexibility to meet these likely, new requirements at some time in the coming years.

Importantly, this concern should be mooted by pharma’s globalization and the inherent need for flexibility when it comes to implementing serialization solutions that meet the requirements of other regulatory bodies and governments. While the ALCOA principles for data management have transcended borders, a lack of global standards when it comes to serialization muddies the waters and means that companies implementing serialization projects across multiple countries face growing complexity and cost.

Meeting the challenges
While the challenges are many, substantial and constantly evolving, they can be met. A full serialization set-up considers everything from site-level hardware, software and data storage to national and even global data transfer technology. It requires a comprehensive strategy that is tailored to individual needs. Businesses throughout the pharma industry should be adopting a clear data management plan and a solution that acknowledges and accommodates for diverse and mutable requirements as part of a global network. 
The strategy requirements can be segmented in line with each level of serialization. If data management and transfer requirements aren’t met at every stage, then the entire process is flawed:

• Level 1. Devices on packing lines that print, inspect, reject and handle materials must be able to perform the fundamental first step of serialization. It may mean that businesses need to invest in packing line hardware, but printing and ensuring codes are readable and accurate is a must as it underpins every step through the rest of the supply chain.
• Level 2. Picking and packing line software that manages level 1 devices and supports device integration with site systems for conducting warehouse operations.
• Level 3. Site level serialization software that allocates serial numbers to lines, verifies the integrity of information submitted to the enterprise system and performs changes to aggregation hierarchies and processing of shipments. This has traditionally been provided by individual line management system (LMS) vendors to work with their specific equipment, but LMS-agnostic site servers that can work with different line systems are beginning to emerge and are worth exploring.
• Level 4. A global enterprise system enables management of all serialization and regulatory data and business processes. Provided by a serialization solution vendor, this is necessary to manage and verify the data that must accompany each serial number. When you begin serialization on the packaging line (Levels 1-3), you must at the same time determine how you will use and integrate the lines with your enterprise architecture.
• Level 5. A global network enables management of all serialization and regulatory data between partners, customers, and regulatory authorities. This is provided by a serialization solution vendor with a global supply chain network. It’s vital that businesses consider their geographical reach and review the entire supply chain that their product flows through. It is important that businesses consider all the markets they operate in or might want to enter in the future and ensure they understand the various regulations to maintain compliance.

To ensure continuous compliance and that the data is being managed effectively through each level, businesses must take a proactive approach and continuously test their processes by conducting self-inspections and audits.

Staff at each level and at every stage of the supply chain must be trained to not only deliver their respective manufacturing, logistical or transactional role, they must also understand how their role fits into the wider supply chain and be able to identify problems with system interfaces and data transfer.

Final thought
Data integrity practices are the foundations of serialization success, they are also one of the longest standing problems in any industry that engages with and or manages the flow of information. The combined effect has meant that the serialization challenge has exponentially developed layers of complexity as businesses work towards meeting the DSCSA requirements, unearthing new system failings as they do.

There is great solace however for pharma businesses as successful data integrity practices, and the wider serialization implementation, can be achieved through comprehensive planning and strategy development, supported by industry expertise from third-party vendors and underpinned by staff training and dedicated self-assessment.

Data integrity and serialization will be discussed at FutureLink Munich, 5-7 June 2018, the annual global gathering of commercial and operational executives from the pharmaceutical and healthcare industries to discuss regulatory compliance with track and trace requirements and the future of digital drug supply with information sharing networks. For more information, please visit FutureLink Munich (www.tracelink.com/futurelink-munich/about). 

---

Rachna Mohanka heads the global solutions consulting group at TraceLink and has been working on serialization and track and trace for over 4 years. In addition to pharma serialization and track and trace, her experience includes logistics, supply chain management, retail and ecommerce. Rachna has a master’s degree in supply chain from MIT and undergraduate in engineering from IIT Kanpur (India).