Axway introduces its cloud-based serialization service for DSCSA compliance

Emphasis placed on high-level security in data transfers

A new round of IT platform development is gradually taking shape for enabling pharma manufacturers and distributors to comply with the dictates of the Drug Supply Chain Security Act (DSCSA), passed 10 months ago and specifying compliance deadlines as soon as January 1. The newest entrant is Axway (Phoenix)—a longtime player in pharma track-and-trace issues, and one with a significant installed base already among manufacturers and wholesalers. The new Axway Cloud Global Traceability and Compliance Service (let’s call it Axway GTCS) joins other longtime players in this field, such as TraceLink (Woburn, MA) and rfXcel (San Ramon, CA), in providing a cloud-based system for acquiring serialization data coming off packaging lines, aggregating it at the enterprise level, and then making it available for reporting out to trading partners and regulators.

“We thought long and hard about cloud services with the necessary safety and security, because DSCSA includes highly sensitive transaction data between trading partners that could be leveraged for unfair competitive advantage,” says Atif Chaughtai, director, healthcare solutions, at Axway. GTCS is in the process of being implemented at Amneal Pharmaceuticals, whose co-CEO, Chirag Patel, touts the benefits of avoiding the cost and complexity of an on-premises IT implementation that cloud-based services provide. “With Axway Cloud Global Traceability and Compliance Service, we not only have the peace of mind that we’re going to be compliant with the progressive regulations that are being put in place, but also that we’ll be able to do so while saving time, money and resources,” he said, in a statement. (Even so, for clients who desire it, Axway will offer an on-premises version.)

According to Chaughtai, Axway is making several specific distinctions in how it’s providing its service. Like TraceLink, Axway is using Amazon Web Services (AWS), but in a private-cloud version (AWS offers multiple levels of service and security). GTCS is being set up as a single-tenant version, which means that each client gets its own version of the software service that will be maintained by Axway. In addition, Axway is applying its own API Gateway service, which is an added security measure to ensure that applications are protected from intrusion. GTCS is both EPCIS-certified (the communications standard established by the GS1 organization) and compliant with 21 CFR Part 11, an FDA requirement for data integrity and digital signatures. “We worked closely with clients to define the service,” says Chaughtai, “and were told that while cloud-level security is important, Part 11 data integrity is even more so.”