The DSCSA requires tracing in a way that is secure, electronic, interoperable, confidential, and takes place among ATPs or in collaboration with regulators. The XATP Compliance Suite meets these requirements in accordance with the PDG Blueprint. This article covers the high-level requirements for tracing.
For information about specific workflows, see the articles on DSCSA Portal Tracing Workflow and Electronic Interoperable Tracing Module. A video of a typical trace workflow is available further below.
Tracing in the DSCSA #
Under the DSCSA, trading partners are required to respond to requests for information “upon request by the Secretary or other appropriate Federal or State official, in the event of a recall or for the purpose of investigating a suspect product or an illegitimate product” or “in the event of a request by an Authorized Trading Partner, in a secure manner that ensures the protection of confidential commercial information and trade secrets, for purposes of investigating a suspect product or assisting the Secretary (or other appropriate Federal or State official) with a request described in clause (i).”
Under some circumstances, trading partners are required to conduct the investigation themselves. The information being requested in a trace request is typically the transaction information (TI) and transaction statement (TS) that accompanied the sale of the drug package(s) being investigated. More information about tracing may be found in the PDG Blueprint and our Example SOP for Tracing in Electronic Format.
Tracing Workflow #
At the most basic level, tracing involves either receiving a trace request or sending a trace request. If you receive a valid trace request from an appropriate Federal or State official or ATP, a response is required “no later than 24 hours after receiving the request, or in such other reasonable time as determined by FDA based on the circumstances of the request. FDA has determined that a response time of 1 business day is generally appropriate to meet the 24-hour response time requirements” (source).
If you are sending trace requests, this will often involve a series of requests and responses to map the path of product(s) through the supply chain. For a typical example, a manufacturer would first send a trace request to their wholesaler, and then to the pharmacy identified by the wholesaler as the subsequent buyer of the product.
Source: PDG Blueprint, Tracing Architectural Functional Design
XATP for Tracing #
The XATP Compliance Suite includes two modules for tracing:
- Electronic Interoperable Tracing Module. Send, manage, receive, and resolve trace requests and responses.
- Hosted DSCSA Portal Tracing Workflow. Make a portal available for your direct and indirect trading partners to submit tracing requests and responses.
In both cases, XATP uses PDG-compliant trace messages and OCI-compliant DSCSA credentials to ensure security, Interoperability, and confidentiality.
Tracing Case Study & Video #
In February 2024, a coalition of federal and state regulators, manufacturers, wholesalers, and dispensers gathered to conduct an interoperable electronic tracing exercise. Mapping the path of a suspect product through the pharmaceutical supply chain, leading representatives from a state regulator, big pharma manufacturer, and health system unmasked a counterfeit package and prevented it from reaching any patients.
