The complexities surrounding product serialization for pharmaceutical and medical device companies are immense. While current serialization requirements are limited to marking the unit of sale with a unique data carrier, by 2023 the process will require a product to be traceable through the entirety of its journey - from the individual package through the carton/pallet to its final point of distribution. In the United States, the Healthcare Distribution Management Association (HDMA) is suggesting that pharmaceutical companies begin to support this level of serialization, called aggregation, now. Around the world - in Europe and Asia in particular - disparate track and trace practices are incrementally moving toward a global standard that will, undoubtedly, be more stringent than today’s differing benchmarks.
How can companies manage this transformation with the greatest degree of success while also minimalizing business disruption? The key to creating an optimal implementation strategy is to select a serialization solution that has strong capabilities at all levels of technology. It’s also important to choose a solution that enables multi-phase implementation and provides business benefits beyond compliance.
FOUR LEVELS OF TECHNOLOGY
There are four main levels of technology involved in the delivery of an effective serialization solution:
• Level 1: The Device Level - Includes line level systems such as printers, scanners, cameras, code readers
• Level 2: Line Level Control Systems - Includes software that controls data, serial number management and aggregation of data across all Layer 1 devices on a specific packaging line. These real-time controls and software supervise, monitor and control the physical processes, human-machine interface (HMI) and data acquisition.
• Level 3: Site Level Software and Hardware - Includes software systems that send and receive information to multiple Level 2 systems within each site and that connect to Level 4 software, which is often hosted outside the company firewall, or in the cloud. There is typically one Level 3 system for each packaging facility. These systems manage production workflow to serialize the desired products: Master data such as customer, product and work order information are generally managed in this layer and distributed out to Level 2 systems in a one-to-many distribution model. Centralized configuration at Level 3 provides an enhanced level of governance and robustness in today’s fast-changing environment.
• Level 4: Business Logistics Systems - Level 4 encompasses the software that manages connectivity to the greater pharmaceutical company and connects all Level 3 site level systems across all sites. Level 4 Electronic Product Code Information Service (EPCIS) systems typically interface with Enterprise Resource Planning (ERP) systems along with other track-and-trace related systems in order to provide comprehensive use of serialized and operational data. Level 4 systems manage the business-related activities of the manufacturing operation, such as establishing the basic plant production schedule, material use, shipping and inventory levels.
The most effective and comprehensive serialization solutions will support the requirements of all levels of technology, connecting challenges at the shop floor and plant levels with the enterprise level.
IMPORTANCE OF LEVEL 3 APPLICATIONS
There is no denying the importance of Level 3 applications for serialization solutions - the software that resides at the manufacturing or packaging plant site level above the packaging lines and machines/devices (Levels 1 and 2), and below Level 4 enterprise applications.
ISA-95.00.01-2010 is an international standard for the development by global manufacturers of an automated interface between enterprise and control systems (Levels 3 and 4). It is meant to be applied in all industries and all sorts of processes, such as batch, continuous and repetitive processes.
The goals of the standard are to increase uniformity and consistency of interface terminology, and to reduce the effort associated with implementing new product offerings so that enterprise and control systems can easily integrate and smoothly interoperate.
While there are no definitions for serialization in ISA-95 for objects, attributes, interfaces, etc., the overall architecture and concepts can be leveraged in designing and implementing serialization systems.
As defined by ISA-99.01.01, implementation of a Level 3 system above all Level 2 systems is a critical element in securing corporate infrastructure through a conduit and zoning model, where a zone is defined as a grouping of logical or physical assets that share common security requirements, and conduits are defined as a logical grouping of communication channels connecting two or more zones. As most serialization systems are implemented in response to counterfeiting or brand protection programs, it should seem obvious that following best practices security guidelines would be a basic requirement.
One of the primary goals of Level 3 applications is the provision of critical isolation of automation and production devices from enterprise applications at Level 4.
This separation provides:
• Network traffic management and security
• System access management and control
• Data domain establishment at the site level
Level 3, in its most basic construct, is an element of an architectural design pattern that does not cover capabilities, functionality, capacity, implementation methodologies, or any metrics that could be applied to an application to create some sort of baseline. In simplest terms, if you stick a PC with a hard drive at the plant level and make a Windows share or FTP mount point on it, you could technically classify it as a Level 3 architectural system. Simply put, ISA-95.00.01 Level 3 Model only defines its architectural level — but nothing about the functionality of the application itself. (For serialization systems, Parts 2-6 do not directly apply.)
DEFINING KEY FUNCTIONALITIES
The following are key functionalities for a useful serialization Level 3 application, and an examination of what a complete Level 3 solution should ideally include for each Level 2 functionality category.
Key Functionality Categories:
1. Configuration Management
2. Data Exchange
4. Change Management Support
5. Validation Support
6. IT Governance
1. Configuration Management
Unfortunately, there exist large gaps in the benefits offered by many widely used Level 3 solutions. Many have only partial configuration capabilities, and some offer no configuration whatsoever; they are simply generic middleware platforms providing a one-to-many communication function for data transfer.
A more complete Level 3 solution would provide a multitude of additional functions, including:
• Performing all configuration at Level 3
• Not requiring configuration work at each and every line level controller
• Being ‘self-aware’ in that it would broadcast its information so that the solution’s upstream components would ‘discover’ it
• Involving no chance of human error
Let’s consider a hypothetical, yet typical, scenario: One plant with 15 lines, four levels of aggregation and five rework stations.
Assume we need to prompt the operator for a new piece of data per each new regulation. In most systems this would require making at least 65 configuration changes. In fact, in some systems, there would need to be corresponding changes at Levels 2 and 3, causing this number to rise to 130 configuration changes at the line level, taking each line out of service for a period.
In addition to the incredible waste of time and energy needed to replicate a simple change across all of those configuration points, there would be a 65- or 130-times greater chance of entering something wrong.
A complete Level 3 solution would require making just one change in the default general parameters section, which would then reflect that change throughout the serialization enterprise.
That is 1/65th or 1/130th of the work for each and every change. This clear savings in time and labor is compounded exponentially in the validation, governance and change management support functions, to be discussed later. A related scenario: Let’s assume a mistake is made at the outset, such as the last number being left off in some value. One quick change would fix it instantly, for a total of two changes versus 130, or 260, or more.
What this amounts to is a distribution of configuration changes. In this far more preferable arrangement, configuration change elements are distributed across the complete solution in the same “delta” methodology used in Enterprise Master Data Management platforms and ERP systems. This provides an extremely high performing solution that keeps systems up to date with the latest configuration changes, all with zero downtime.
2. Data Exchange
A major element of a proper Level 3 application is managing communications from both a data transmission and security access approach.
Recalling the example of one plant with 15 lines, four levels of aggregation, and five rework stations, many standard Level 3 solutions would try to manage this at a controller by controller level, putting them right back at the 65X complexity and heightened risk for undesirable configuration issues. Security and access rights become another burden: Changes in controller hardware, new operator accounts, etc., all create costly challenges and add points of potential failure.
A complete Level 3 solution would include robust interface options to Level 4 systems, providing centralized access and control of work orders, delivery orders, product data, customer data, serial number exchanges, EPCIS events and XML files. This would provide a wealth of information to Level 2 systems with a zero-touch approach at the line. Changes or additions to types of integration to Level 4 applications would be streamlined, organized and easily governable in a secure fashion.
When it comes to reporting, serialization systems, by their very nature, generate a new level of granularity of information created at the line level and site level. Clearly, the idea of having all reportable information data residing on Level 2 systems spread throughout a plant can hardly be called functional, let alone useful. Data is only useful if it’s relevant, and this approach inundates various points of the process with information overload. Context is key.
A complete Level 3 solution would provide an extensive and extendable set of insightful reports. This approach entails the ability to export data, including supporting customized SQL statements to extract the precise data desired in applicable contexts. This affords the ability to extract meaningful serialization data and merge it with corresponding data from other systems.
4. Change Management Support
A significant cost and challenge to cGMP regulated organizations is controlling and managing changes to systems.
A complete Level 3 solution would provide a full and rich set of features and capabilities that support a robust change management program. A centralized configuration management model ensures unwarranted changes are not possible at the line level by operators or supervisors, even by innocent mistake.
With this approach, all configuration data is stored in the SQL database and, in addition to scheduled backups, can be backed up on demand at any time. This yields the ability to use those data files (or exports of those data files) as versions by themselves, or imported into any number of commercially available Configuration Management tools for versioning purposes.
This high level of control provides a lower risk when implementing changes for new regulations and equipment upgrades and, in turn, directly impacts validation plans and drastically reduces requirements for maintaining compliance.
5. Validation Support
FDA regulated pharmaceutical companies budget, on average, 30 percent of a project’s cost for validation — a figure that reflects less-then-ideal serialization operations efficiency. With this figure in mind, let’s recall once more the example of one plant with 15 lines, four levels of aggregation, and five rework stations.
Here, the testing and validation process is compounded by the documentation process, including the exponential impact of configuration specifications requiring the same 65 to 130 changes. In addition, solutions that provide Class 5 or bespoken (custom) software solutions at the line level create a significant burden for the initial implementation and every resulting change for the entire lifecycle of the solution. It’s all unnecessarily complicated.
A complete Level 3 solution would have centralized configuration with standardized line level application that provides the least impactful, easiest to access and document, lowest risk application architecture from a validation perspective.
6. IT Governance
IT systems and their management have matured a great deal in recent years, and standards such as ITIL and PRINCE have helped add structure and discipline to the support and management of mission-critical IT systems.
For production systems, there are two metrics that headline the worry list. They are RTO (recovery time objective) and RPO (recovery point objective); these basically refer to how long it takes to recover from a disaster, and to what point in time, data-wise, one needs to restart from.
A complete Level 3 solution would provide the lowest RTO and highest RPO, and have a centralized SQL database with a multitude of recovery options that can be implemented. This means zero configuration needed to roll out a new replacement Level 2 controller, combined with “no specific knowledge needed” in regards to any line level application configuration.
In the global pharmaceutical marketplace, serialization has been an unsettled buzzword for the better part of a decade. Differing mandates, legislative delays and a variety of other factors have coalesced to create confusion and uncertainty as to precisely what is expected of pharmaceutical manufacturers in terms of securing their supply chains and sharing data both within their own sphere of jurisdiction and beyond.
The best approach to uncertainty lies in flexibility and comprehensive capabilities. Today’s serialization solutions must be outfitted to meet tomorrow’s demands — a rolling set of new rules that, though unspecific in their totality, will certainly require more exacting track-and-trace practices, documentation and data sharing capabilities. A Level 3 serialization solution that leaves room for these inevitable, near-future must-haves is the keystone to being prepared to meet track-and-trace challenges for decades to come.
ABOUT THE AUTHORS
David Carpentier is Founder & Chief Technology Officer for Adents, and James Cumming is VP Americas for Adents. Headquartered in Massy, France, Adents is a software specialist of unique product identification and traceability helping manufacturers from all sectors to adapt to market changes and comply with regulations on traceability. Adents’ innovative solutions enable manufacturers and brands to protect themselves from counterfeiting and grey markets, better control their distribution channels and create a personalized link with their customers. For more information, visit www.adents.com.