This series originally ran in the LedgerDomain newsletter. Don't miss out on industry updates and insights – subscribe below:

While the entire industry pulls together to meet DSCSA’s interoperable data exchange requirements, traceability is just the first step. Triggered as part of investigations, recalls, or simple compliance audits, tracing is a high-stakes game with tight timelines. Whether you’re throwing the ball or catching it, will you be ready when the moment strikes?

Today we’re going to take a close look at DSCSA tracing, where credentialing fits in, and what you can need ahead of November 27.

What is Interoperable Tracing?

Under the DSCSA, every trading partner must be prepared to respond to requests for information

“upon request by the Secretary or other appropriate Federal or State official, in the event of a recall or for the purpose of investigating a suspect product or an illegitimate product”

…or…

“in the event of a request by an Authorized Trading Partner, in a secure manner that ensures the protection of confidential commercial information and trade secrets, for purposes of investigating a suspect product or assisting the Secretary (or other appropriate Federal or State official) with a request described in clause (i).”

At the most basic level, tracing involves either receiving a trace request or sending a trace request. Under some circumstances, trading partners may need to conduct tracing themselves. Under the DSCSA 2023 requirements, the information being requested in a trace request is the transaction information (TI) and transaction statement (TS) of the drug package(s) being investigated.

If you receive a valid trace request from an authority or ATP, a response is required in 24 hours or by the next business day. If you are sending trace requests, this will involve a series of requests and responses to map the path of product(s) through the supply chain. (For instance, a manufacturer first sends a trace request to their wholesaler, then to the secondary wholesaler, then to the pharmacy.)

Where Does Credentialing Come In?

The DSCSA requires “interoperable, electronic tracing” among ATPs in a manner that is secure and preserves confidential commercial information. Recognized by the PDG BlueprintATP credentials are the only available method that meets all three elements of the law. They make it possible to sign your own trace requests and responses, as well as validate messages from other ATPs – including trading partners with no prior business relationship.

What Does Tracing Look Like in Real Life?

The video below shows how tracing supported a suspect product investigation as part of a real-life exercise with federal and state regulators, manufacturers, wholesalers, and dispensers in February 2024.

Go to Part 4: Interoperable Verification

DSCSA Action Items

1. Check Your Policies & Procedures. Be sure your P&Ps provide coverage on the 6 areas of DSCSA compliance identified by the Board’s State of DSCSA report. Our example SOPs provide a solid grounding for ATP validation, trace, and verification.

2. Electronic Interoperability. Ask your solution provider about “secure, electronic” methods for ATP validation and tracing. Some providers make it easy for you to find the source data, but may not provide a PDG-compliant method to send, receive, and validate trace messages. The DSCSA requires “interoperable, electronic tracing” among ATPs, and ATP credentials are the only available method that meets all three elements of the law.

3. Get Your XATP Credential. Only LedgerDomain’s XATP Credential supports the trace workflows critical to achieving compliance out of the box. Get your credential set up or schedule a demo.