The New Realities of DSCSA Compliance

In a recent discussion with Pharmaceutical Commerce, Dan Walles, VP & GM, traceability and compliance solutions, TraceLink, explains that with the Drug Supply Chain Security Act (DSCSA) dispenser deadline fast approaching (Nov. 27), the divide between organizations that have fully operationalized serialized data exchange and those that are only minimally compliant is becoming increasingly clear. The strongest indicator of true readiness, he notes, is the ability to treat DSCSA processes as routine business operations rather than one-off implementation tasks.

Organizations that are well prepared have been working toward compliance for years, building DSCSA requirements directly into their standard workflows. For these companies, serialized data exchange is embedded into daily receiving procedures, supported by documented standard operating procedures (SOPs), robust training programs, and clearly defined exception-management pathways. Rather than treating exceptions as unusual events, these organizations expect them as part of normal operations and have established cross-functional awareness to ensure issues are resolved efficiently.

This level of integration, often referred to as “operationalization,” is the key differentiator. Mature organizations have moved beyond simply establishing system connectivity and instead, have focused on how people, processes, and technology work together to support DSCSA compliance at scale. Their teams are aligned, trained, and prepared for the day-to-day realities of serialized data exchange.

In contrast, companies that are only minimally compliant tend to focus almost exclusively on the technical connections required for DSCSA data transfer. Many of these organizations have only recently begun preparing, leaving little time to build the broader operational infrastructure needed for ongoing compliance. Without established SOPs, cross-functional training, or workflows for exception management, they risk facing significant disruptions when serialized data exchange becomes a daily expectation.

As the deadline draws near, the organizations that will succeed under DSCSA are those that understand compliance is not a checkbox, but rather, a fully integrated operational discipline.

He also shares the lessons he observed across thousands of dispenser go-lives, the definition of “true readiness;” and much more.

A transcript of his conversation with PC can be found below.

PC: What lessons have you observed across thousands of dispenser go-lives, particularly regarding common EPCIS data errors and exception-handling challenges?

Walles: I think it happens in in two steps. There's the first step, which is exceptions that occur just as you're starting up your project and starting up your link or your connection with a supplier. There's obviously going to be some bugs to work out in that. It's usually inherent in things like GLNs and master data, and so that's really kind of the first step. And I would say that's part of the whole integration and setup and configuration process.

But then it's where the real compliance exception handling comes into place, where what we have to recognize is that in the supply chain, issues of overshipments, undershipments, tote labels not being read—these things happen every day and multiple times a day, and have for many, many years. The difference now is these processes now have the additional overhead of DSCSA that requires management. What we see is that once you get over that initial hump of your configuration-related errors and exceptions is, how do you get a good handle on the types of exceptions that you're going to see on a normal basis within your shipments, things like having physical product that's arrived, but not having the DSCSA information with it, having product that you've received the DSCSA information, but the product has yet to arrive, suspect product issues that also occur.

The companies that are doing this well have done a couple of things. One is they have thought about, what are all the exceptions that have occurred in the past, and which of these will continue, and at what scale as we move into DSCSA? And then, based on those, what's the playbook for each exception?

Exceptions cannot be resolved by themselves. A dispenser has to collaborate with their supplier, typically, a wholesaler. In some cases, it might be the manufacturer. What's the playbook? Do they have the right contact information? Do they have the right tools and systems that are in place in order to manage that? That's table stakes, I'd say, for exception handling. Then, we have a number of customers that I would say are best in class in terms of how they're managing it, where they are looking to triangulate the DSCSA information against the purchase order information, against the physical goods that were actually received, and in some cases, looking at the invoices as well.