Arjun Guha Thakurta, Director – Operations, Life Science Consulting, (a Convalgroup Company) gives an insight about the impact of serialisation programmes on pharma companies
Serialisation regulations issued by 20+ countries in a span of last six years has impacted the supply chain of pharmaceutical business in a way which was not foreseen by the industry in the last 200 years of its existence. In the past 12 months, corporate board rooms of small and large pharma companies across the world are abuzz with discussions on serialisation programme across the enterprise and their contract manufacturer organisation (CMOs). Also in the list are mind boggling estimated budget for compliance, tight implementation timelines, lack of skilled resources, a handful of less than 20 track and trace vendors and a laundry list of pain points, risks and issues listed daily on the project risk register. All this being done without any tangible return on investment (RoI) foresee in the near future.
Rarely, had there been an occasion when the industry is at the cross-roads of appropriately justifying the real purpose of the investments and the value addition in further enhancing product quality and patient safety, when the industry actually, had been selling products across the world for centuries. The distribution hubs, external distribution centres, wholesalers and pharmacies who had, so far, been involved in only the physical flow of products, are new to the serialisation data exchange concept. These agencies have already started declaring that they will not live in a hybrid world where there are stocks of non-serialised and serialised products in the supply chain.
The general outcome of parochial management vision results in selection of low-cost track and trace vendors from the local market with little or no experience of the global regulations impacting such electronic data intensive systems. This has further precipitated the issues and risks faced by the industry. Moreover, the serialisation data are being reported in various government data portals (like DAVA, EMVO, US, China, Turkey etc.). These electronic data are also GxP data and therefore becomes open for scrutiny and audits by the FDA and other global regulators.
The theory of track and trace
In distribution and logistics of many types of products, track and trace or tracking and tracing, concerns a process of determining the current and past locations (and other information) of a unique item or property. The arrival or departure of the object is observed followed by its identification, the location where it was observed, with recording of the time and status. Then the task of the system is to collate all the informations obtained at various locations and at different times into a coherent pattern detailing the movement of the object.
It is often said that we track objects forwards, in a proactive manner, while we trace products backwards in a retrospective manner.
Tracking within the supply chain offers:
- Control of distribution channels
- Recall management
- Stock management (expiry date)
- Anti-counterfeit (brand protection)
- Origin of product
- Authentication of product
The suggested code for track and trace is a GS1 Data Matrix code and contains four elements of information i.e. GTIN, batch number, expiry date and unique serial number. The combination of GTIN and Unique Serial Number provides the pack’s unique identity.
In almost all regulations published till now, serialisation of the carton box (secondary packaging level) is a mandate. Only for India Export (DGFT) and the US, serialisation of the primary pack is applicable. The India exports regulation is not obligatory at this moment. However, in the US, as most of the saleable packs are in bottle form, US DSCSA applies to the primary pack which is the bottle.
For Brazil, China, India and Turkey where aggregation or parent-child relationship is a requirement, although no regulation obliges to serialise bundles, bundle serialisation is the option to facilitate aggregation and logistics track and trace. Approximately 50 per cent of the industry also aggregates the pallet and is again found most commonly in the countries mandating aggregation. The key driver for implementing aggregation is National Portal Reporting compliance and/or facilitate operations in the warehouse or downstream supply chain track and trace. The US will request full track and trace by 2023, however, nearly 50 per cent of the US pharma industry already plans to have these capabilities implemented by 2018.
In the EU Directives and EU Delegated Act 2016, there are no requirements for aggregation of products to shipper cases and pallets. Also, for products, there are no traceability requirements in the supply chain, only a verification process at the point of dispensing is sufficient. However, there is one paragraph in the regulation, where many questions:
“The verification by wholesalers of the authenticity of medicinal products at high risk of being falsified would be equally effective whether performed by scanning individual unique identifiers or an aggregated code allowing the simultaneous verification of multiple unique identifiers. In addition, the verification could be performed at any time between the reception of the medicinal product by the wholesaler and its further distribution to equal results. For those reasons, it should be left to the choice of the wholesaler whether to scan individual unique identifiers or aggregated codes, where available, or the timing of the verification, provided that the wholesaler ensures the verification of all unique identifiers of those products at higher risk of falsification in his physical possession, as required by this regulation.”
European Pack Coding Guidelines from EFPIA specifies the requirements for non-deterministic random serial numbers.
- The alphanumeric range shall include the digits 0-9 and the letters of the western alphabet but exclude the following letters: i, j, l, o, q and u. (I J L O Q U) to avoid confusion with similarly shaped characters.
- The serial number character string should only contain either lower case or upper case letters, not a mixture.
- Use of the extended symbols, as defined by the complete GS1 specification should ideally be avoided.
- The serial number will be unique per product code (i.e. not per batch or per product code-batch code pair).
Apart from this, in order to provide a reasonable level of complexity within the serial number, the probability that a valid serial number can be guessed should be less than 1 in 10,000 (i.e. < 0.0001). The randomisation substrings of the serial numbers have to fulfil the following randomisation criteria.
- The randomisation substrings must be equally distributed. e.g. the serial number substring should not contain fixed blocks of fixed digits.
- Any randomisation substring must be independent of other substrings.
- The randomisation substrings must not be built using an algorithm that is easy to find out when knowing the given set of serials or a subset thereof.
- Serial IDs shall not be reused within the longer of a) Exp Date +1 year or b) five years.
Pharma exporters from India can take advantage of following the above-mentioned logic for random serial numbers for exports to all countries having serialisation laws except China.
The universal issue identified with most manufacturing sites is the lack of adequate space for installation of serialisation system. A change in the facility layout of the packaging hall is a major setback, as this means production stoppage, civil work, replacement of HVAC system, re-qualification of the area and subsequently implementation of the track and trace system. In India more than 50 per cent+ manufacturing plants requires an expansion in their packaging hall to include a serialisation and aggregation workstation unit. Additionally, the warehouses, logistics facilities and distribution centres also perform re-packing activities and will require re-aggregation setups within these facilities.
When looking at the project bottlenecks of today, a large number of business executives have indicated to have issues with vendor resources, project resourcing and with line level Software (HMI) and Site Server system. From a very small online carton serialisation unit to a highly sophisticated system including online check-weigher, print and verify unit integrated with tamper evident labellers, the line systems contributes initially to 80 per cent of the cost of the overall project.
The Indian supplier market is fragmented with a host of small and medium local suppliers who claim compliance via a 2D printer, a scanner and a laptop loaded with a software. The more sophisticated vendors provide a fully functional serialisation unit with automatic and manual aggregation stations. The global vendors carries a vast implementation history with multi-country, multi-regulation compliance experience. However, the cost of equipment of a global supplier is generally 30–40 per cent higher than the local supplier, making the initial equation simple for the pharma company’s procurement department as to whom to award the contract. However, in the past year alone productivity losses as high as 30 per cent was reported from many Indian companies due to issue faced with the serialisation equipment. Most of the issues and risks reported generally came from the small and medium local suppliers who did not have pharma validation experience and their custom software were not capable of aggregation. The lack of proper software development quality assurance and software code testing resulted in bugs which were either overlooked or once released, almost impossible to remediate. Most of these small and medium local suppliers lacked clear understanding of the GxP data integrity compliance mandates of US and EU.
The initial hype and loud-speak of ‘We are Ready with Serialisation’, having almost died down in the past few months, many pharma companies are now faced with the uphill task of meeting the US DSCSA mandate on or before November 2017 and later-on the EU Delegated Act target of Feb. 2019. India’s DGFT mandate of DAVA Reporting has also demanded a host of upgrades of the existing lines and additional investment into aggregation lines and reporting software. The key differences between India DGFT requirement and US DSCSA and EU FMD serialisation requirement are
a. EU FMD mandates tamper evident packaging feature to ensure that the secondary carton is not tampered with till the point of sales at pharmacies.
b. Compliance of the software with 21 CFR Part 11, 21 CFR 211.68, EC Annex 11 etc.
The key tamper evident feature label is made of fragile material and by tampering or opening or tearing off the label, it becomes irreversibly torn or broken and impossible to re-use. The application of these labels on the box takes place after the serialisation printing and verification operation subject to the inkjet ink being already dried and that the application should not result in air bubbles between the label and the carton. In case of small boxes, these labels can cover the printed matter and may impact the scanability of the data matrix. Apart from this, transportation rattles, type of transport (air or sea), kind of storage conditions (temperature, humidity, etc.) may impact the adhesion of the label over the shelf life of the product. The interaction of the label glue and inkjet ink and patient handling (ease of opening of the label) needs format risk assessment, stability studies and design of appropriate test procedures.
First time in the history of Indian pharma industry, serialisation cloud solution providers are actively scouting for managing the data and reporting requirements to various government portals across the globe with optimised on-demand solutions. However, there is no way to audit the cloud hosting providers as the actual facilities are housed outside India and the customers are left with little choice in accepting the glass screen reports. Validation of cloud solutions is always a pain point for the QA as this topic is relatively new and risky. Mostly there is no formal process laid out for cloud qualification and validation. However, a closer look of the regulations as below will help the QA to evaluate the cloud hosting vendor according to the regulations.
21 CFR Part 11.10a – Control of closed systems – Provide documented, traceable, attributable evidence to demonstrate that data integrity requirements are met.
21 CFR Part 11.10c – Protection of Records – Physical and logical security, appropriate HVAC and fire protection controls, validated backup and disaster recovery.
21 CFR Part 11.10(d) – Limiting system access to authorised individuals – rigorous, multi-tiered physical security, facility access logs, logical access controls, system monitoring, virus and malware protection, system access logs, physical and logical controls to ensure separation of data, as applicable and SLA clearly defining how provider will and will not access the system and its content.
Serialisation implementation across various small, medium and large Indian pharma exporters are currently in progress or under completion. However, thorough validation and extensive training had been one of the most neglected topics during the implementation. This is clearly evident by the large number of serialisation lines being commercialised within a very short span of time. This also does not mean that those who thoroughly validated their systems will never face any issues in future. The very nature of a mechanical hybrid system is subject to extreme wear and tear and rough handling which is not part of any validation exercise. These serialisation units have to be maintained in pristine conditions with regular preventive maintenance for both mechanical as well as data cleanup from time to time and therefore it is the best interest of the pharma company to build a Center of Best Practices (CBP) and a select super team who assumes the oversight responsibility and ensures that these serialisation systems are maintained in the perpetual – compliant state.
1. Public Notice No. 52/2015-2020, Directorate General of Foreign Trade, Department of Commerce, Ministry of Commerce and Industries, Government of India.
2. European Medicines Verification System (EMVS) European Pack Coding Guidelines
3. European Commission Delegated Regulation (EU) 2016/161
4. EU Directive 2011/62/EU
5. GS1 General Specifications
6. The Drug Quality and Security Act of 2013
7. DSCSA Implementation: Product Tracing Requirements — Compliance Policy 2014