Frequently Asked Questions

Credentialing

  • What’s the difference between LedgerDomain and Legisym?

    Legisym is the credential issuer that actually provides the credential by reviewing the documentation and checking and monitoring your state license over time. LedgerDomain provides the software that uses the credential to sign and check messages, and link out to the broader DSCSA enhanced drug distribution security network. There’s a division of responsibilities between LedgerDomain and Legisym, as Legisym sees your documentation and monitors your license but never gets to see how you use your digital credential. Our job at LedgerDomain is to manage the credential and link it to the broader network, but we can never issue credentials ourselves.

  • What do the credentials do?

    Credentials are like digital passports that unlock access to systems and information. For DSCSA, this takes four forms:

    1. You can prove and track your ATP status as well as those of your trading partners. This is supported out of the box by our Address Book. Additional modules enable greater flexibility when automated site license checks are demanded.
    2. You can verify any drug package with the original manufacturer. This is available as part of our Verification Plus module, or via your VRS provider if you have a separate connection to the network.
    3. You can create or respond to trace requests. Your existing solution provider provides you with all the tools you need to respond to trace requests, and your credential can check that the request originated from a valid ATP or regulatory authority. The ability to create your own trace requests to manage investigations is available as part of our Tracing Module.
    4. You can report and resolve supply chain exceptions. The PDG Blueprint establishes an open standard for communicating about supply chain issues, with ATP credentials used to sign the messages as they pass between different systems. Exceptions management is available as part of our Exceptions Module.

Health Systems

  • Who should be the lead on getting our DSCSA credential?

    Getting a DSCSA credential is quick and easy with a DEA CSOS certificate. For every deployment we recommend at least two users on your organization's XATP account: (1) the person most responsible for DSCSA implementation and workflows (often a principal phamacy buyer), and (2) a DEA CSOS certificate holder. If your health system has multiple people who fill these roles across multiple facilities, that's OK – only one facility needs to participate in the credentialing process to cover your entire health system.

  • Does each site need to be credentialed?

    DSCSA is an ownership law, so you only need one credential to cover your entire organization. This can be achieved with a single DEA certificate and state license.

  • Does it matter which pharmacy license I use?

    No, you can point to any licensed pharmacy location as evidence to support your credential. A general rule of thumb is to pick a location where the address is unlikely to change in the near future.

  • What happens if the address does change?

    Legisym, our credential issuer partner, tracks the DEA certificates and state licenses to ensure that credentials remain current. If the address changes, that means your DEA number and state license number will change. You'll get an email from Legisym indicating that you have 30 days to upload another CSOS certificate.

  • What kind of credential do I get if I fill multiple roles?

    You will only need one credential to cover your entire organization, and can choose any supply chain role you fill as your "primary" ATP type for the credential.

  • How many named users do we need?

    During the credential implementation period, you should only need to add two users: the DSCSA lead at your organization and the CSOS certificate holder.

DEA Certificates

  • Why should I use a CSOS certificate to get a credential?

    The DEA CSOS (Controlled Substance Ordering System) digital certificate is issued by the agency to an individual person at a physical site in order to allow that site to transmit controlled substance orders without supporting paper forms. The process to enrol and receive a CSOS certificate owner is enough that it meets the identity assurance requirements for DSCSA credentialing by itself.

  • Does it matter which DEA certificate I use?

    No, as long as the DEA certificate is tied to a licensed pharmacy location. A general rule of thumb is to pick a location where the address is unlikely to change in the near future.

  • Does the DEA allow me to use my CSOS certificate to get a credential?

    The DEA reassures registrants that the use of the DEA Signing Certificate is perfectly acceptable for this purpose; it was foreseen and specifically allowed for by the DEA in their policy manual CSOS Certificate Policy, Version 4.1, January 2015, section 1.4.1 Appropriate Certificate Uses.

  • Can I use my DEA certificate as its own credential?

    While the DEA (Controlled Substance Ordering System) CSOS certificate can be used as evidence for issuing a credential, it cannot be used as an interoperable DSCSA credential by itself. There is no interoperable mechanism for exercising the DEA certificate over networks such as the VRS. In addition, because DEA certificates are issued to allow for controlled substance ordering, few manufacturers have them.