KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Yeah, thank you. So I, I quickly say some, some words to myself about myself and spirit, and then I will head over to, to you, Dave.
Basically, my name is yes, Gilks, I'm responsible disparity for our industry solutions and sparity is basically digital wallet provider specialized on, on enterprise solutions using our cloud identity wallet. And for that we built on top of this cloud identity wallet. We built our credentialized solution that we will present today, Dave. So yes.
Thank you, George. So I'm Dave Mason. I sit in the us and I am the supply chain compliance and serialization lead for DSE S a, which is drug supply chain security act, which was passed in 2013 by Congress and signed by president Obama. It's a 10 year rollout and it has different sectors of, of putting serialization and tracing and serial number verification checks in the United States supply chain. It's a little different than European. European is a centralized system.
This is a, a system where it's dispersed. So it's, it's no centralized. Everybody has their own database. So it's just a distributed system. So basically I've been doing this for over 10 years at Novartis and I support the Sandos and Nova sectors of the business in the us and okay, Perfect. Yeah.
Dave, you already started with explaining the regulation. Maybe we pick up there and then we come to the basically why a solution was required. That involves verifiable credentials. Yeah. So basically in the us supply chain as, or the DS C S a in the us supply chain, I, I, I discussed that it's a distributed system, so that basically every entity has their own database and is connected through the, the internet to create a network. The issue here is that in, in DS E S a there's a, there's a statue that says you cannot conduct business unless you're an authorized trading partner.
So what that means is that's a Nova I can't sell and distribute product to wholesalers or distributors in a network that are not authorized trading partners. And what does authorized trading partner mean? It means that my downstream partners must have a valid state license. That's that's it state license, no DEA license, no guns number, nothing like that. It has to be a valid state license. And for a manufacturer, you have to have a FDA federal establishment identity number. So the issue here was we, we have a system called VRS that is a verification router service. And what that system is.
There's another caveat in the law that basically says wholesalers who return product from their customers must verify the four attributes, G 10 CR number lot and batch back to the source of truth, which is the manufacturer. And, and, and because they are not self verifying at this time. So they send us, they are called the requester. It's either dispenser or distributor. And basically I would get a, a message into my system saying, is, are these four attributes, correct? The issue is they were using gons.
And what we found out, a global location numbers, GS one, what we were finding out about gons when we were getting false, the gon was, had no identification. It had the wrong person identifying, or it, it, it, it, it, it just, we couldn't find anything information on the GS one network. So basically what the problem was, the GNS non-compliant, cuz it's easily manipulated. It's not accurate and it's not part of the law. The law says state license. It doesn't say global location number.
Of course, we have to use global location number to transmit the information. So we had a compliance gap, huge compliance gap.
Our, our compliance people said, well, how do you know who they are? They could be a bad actor. They could have got in the network and are trying to verify product that they stole, or they're trying to verify these numbers are true so they can do counterfeiting. So really there was no way to validate the requester or the responder that they are authorized training partner. And one of the things is in a distributed system, you have 70,000 partners in the us supply chain that you have to identify. So that was the complexity in the issue issue.
Thanks, Dave. Thanks. And this is basically where you and together with SAP approached us and described, I mean, you described the problem the way you did before that there is no with the previous, with the existing setup, there is no way to verify or identify and verify authorized trading permit status.
This is where we basically, as an SAP PIO partner, two years ago, presented to Oliver from SAP, the approach to use digital wallets and credentials to identify enterprises in this, in this context, trading partners and to credentialize at the end, they are authorized status in the sense of we credentialize the license status. And here we collaborate today with, for example, with SAP, with trace link, RF, Excel, and other service providers that basically process product verifications that are required by law.
And what we did is we in connect basically digital wallet systems and these digital wallets are based on the w three C standards for decentralized identifiers and verifiable credentials. And basically the planners that every trading partner acting on the us pharmaceutical supply chain has such a wallet and that these trading partners, sorry, these VRS providers like trace link SAP, get access to the wallets of the, the trading partner and get credentials out of their wallet and attach them to their digital business processes.
And this enables them the recipient of such credential to verify with the digital wallet, the authorized status. And here we're talking about interactions that happen under one thing. And basically we did a pilot together basically before we, we, we moved, moved this production. Of course we did a pilot together with SAP, RF Excel. And one important aspect that was this pilot was always supported by the healthcare distribution lines and the GS one. And we lead led basically by Novartis.
We gathered basically other manufacturers like J and J and Bristol, my script, and also one of the biggest wholesalers Amer Berg in this pilot. And we prove basically that this solution works and we can connect digital wallets to systems of this verification routing sales providers. And basically we provided the digital wallets in this ecosystem. And then on the right side, you see is a company that have access to different data.
Basically they screen databases of state, port pharmacies, or the FDA registrations, and have information about the license and authorized status of all trading partners, acting on the us supply chain and this company or organization today's partner of parity and issues, these credentials tools, trading partners. So we have an really independent issuer here in this ecosystem.
And yeah, as a result, basically we proved this system and the, the design, what we designed here in this, and this concept is interoperable. It's working also with other digital wallet providers as we use WC three C standards. And it's basically scalable.
And that we, and what is also key is that still that after the pilot also H D and G, so just one supported supporting this and GS one is also now integrating this approach as a technical architecture into their guideline for a standard that is used by thes providers, appears SAP, and as example, and having done the pilot, the next step was to how do the question was, okay, now, now we have this, this small group of, of, of basically service providers and industry players.
How do we get now this standardized and, and industrialized, so that basically can provide for basically the remaining 70,000 trading partners with digital wallet and credentials. And for that we launched the open credentialing initiative, basically in order to, to standardize and to drive adoption in this, in the industry there, if you want to say some words to the, about the OCI as well. Yeah. So OCI is a great initiative, what it has done. It has brought together service providers, wholesalers, dispensers, and, and manufacturers, as you can see on this slide.
And what's great about it is we had four service providers kind of with disparity. Of course, we're an SAP customer.
We, we gravitated to this credentialing very quickly, but what we notice is our customers have other service providers and they had different ways of, of verifying authorized trading partner. So what, what was great about OCI what's done is it's taking the, a xtp.me and, and disparity and with, with Legon, and it is now worked together to make all these systems inoperable.
So instead of me having to, I gotta, I gotta now contract with.me, Insparity and X a T for I now only had to, to, to contract with my partners, SAP Insperity, and, and then my customers contract with them and they manage one system. So this is what's great about OCI.
We, we are open architecture, we're a trusted architecture, and we're always willing to bring in new partners to make, to make it inoperable because in D S C S a, it talks a lot about inoperability and that's the key and a distributed system. We have to have inoperability. So we all work together. So this is what's great about the OCI initiative. It's really the only credentialing or identifying authorized training partners is a request from responder that actually has been tested, proven, and works.
And what's great about it is we've had compliance people into this initiative who have basically helped us to, to even increase the type of architecture and, and supporting documentation or supporting documents to, to credential a request or a responder. So even you have a state license, we do other things to say, yep, you are who you say you are. So this is what's great about OCI. And it's probably one of the best organizations within the us. That's actually making progress and actually working towards 2023. Thank you, Dave. And what's what all these companies have on this, on those patient.
Common is that they all commit to use decentralized identity and verify the credentials for, for authorized trading partner status verification. And this is basically a big leverage, also tool, the technology that is basically quite new and in the process of being standardized further by w three C, but this, this, this organization having adopting this technology give basically we can learn a lot from this and work towards first under ation industrialization. And what we also can say is that by now also the FDA recognized credentialing as an feasible way to, to check ITP.
They're just based on this, based on the pilot and the collaboration with, with our partners here, we build our, our service offering, which is available now for, for the us trading partners, us pharma companies that fall under DSCSA requirements. And this service basically is backend connected to the respective verification routing service providers and the credential issue. So that the end, the enterprise or the company using the credentialing service or the authorized rating partner in this perspective only needs to work with in front end and to work through non onboarding process.
So there's no technical integration required. And what is also very interesting is that that every interaction with an, with other trading partners are documented and stored in a dashboard. So when there's an order by, for example, FDA, they want to know if the, with basically in the past wasn't, if, if there was an interaction with trading partner, if they want to know if the ATP check was performed, we have basically proof for that in our application.
And now that you see that there's basically actually a real application, we have an onboarding video, basically video, where you can see how a trading partner gets onboarded to the service, because at the end, it's, it's streamlined together with our partners, ledges them in a way that this onboarding process, when every, every data is available can be done within minutes. And this process is required to ensure that basically there's an identity check on what who's basically the enterprise or the company that is requesting a credential.
And then there's also a check on the ADP there just by verifying the license that is submitted. So I will play the video if you're interested. This is also available on our website, and I hope here's a lot Today. We're going to show you how to onboard disparity's credentialing service using our live in production application. Start by pressing the button at new enterprise in the top right hand corner. And this will begin the process of onboarding with our partners.
M next, you need to input your company information, such as your company, name, address, city, state, and zip code followed by your contact information, your contact name, contact, email, address, contact phone number. You need to choose your company type wholesaler, manufacturer, or retailer, and select how you want to verify yourself, either using notarized company documentation or a DEA science certificate. If you choose your DEA science certificate, you'll need to provide a DEA number, the certificate itself, as well as your DEA science certificate password.
Once you click submit ledgers and will perform due diligence to prove both the legitimacy of the corporation and the authority of the representative acting on behalf of that corporation, and you'll be issued an identity credential as a wholesaler, you'll then need to input your board of pharmacy license number and state ledgers, and will then perform additional due diligence to proof of validity and ownership of the license of the legitimate corporation. And you'll receive your ATP credential.
And it's as easy as that, you are now a verified, authorized trading partner and of a way to prove your ATP status. You can check the contents and information of both your credentials in the enterprise identity credentials tab, or you can go to monitor your credentials and interactions in the ATP monitoring dashboard. Within this dashboard, you're able to see the credentials you've sent as well as the credentials you've received by other industry participants.
You can check that both the credentials you send and both that you receive are verified, giving interactions, absolute trust, and the ability to comply with DSCSA requirements in a few clicks Through Severity's credentialing service, DSCSA compliance is made intuitive and simple. Yeah, that's basically our, our service that we designed or build for the in partnership with, with Novartis and all our, our members of D OCI to support basically the industry and complying with the, the drug supply chain security act requirements for authorized trading partners.
If you have any questions, I will be available in the, in this, in this networking event later. And otherwise just contact me or sorry, also, Dave, of course, for any questions on that. Thanks Dave, for, for joining me here today.
No, thanks for everybody's attention. And thanks for the invite to the, to the seminar. We're we're always trying to get the message out to a shorter compliance.
