As DSCSA requirements move from policy to daily operations, wholesalers and their trading partners are under increasing pressure to prove authorized trading partner (ATP) status, maintain accurate licensure records, and support interoperable data exchange across a fragmented ecosystem.
This case study examines how Morris & Dickson (M&D) implemented the LedgerDomain Address Book to modernize its approach to partner data management. By publishing credential-signed master data and enabling real-time access for trading partners, M&D replaced manual, spreadsheet-driven workflows with a scalable, auditable model aligned to emerging industry standards.
Background and Objectives
The U.S. Drug Supply Chain Security Act (DSCSA) establishes nationwide interoperable requirements for identifying and tracing prescription drugs as they move through the distribution supply chain. Manufacturers, repackagers, wholesale distributors, third-party logistics providers (3PLs), and dispensers must ensure their trading partners are “authorized” (ATPs) and must send serialized transaction data to accompany every drug shipment.
Moreover, U.S. state laws typically have an implicit or explicit requirement for trading partners to validate licensure for ship-to and ship-from facilities. In practice, this means that organizations must maintain up-to-date records about their trading partners, including corporate information, facility information, location identifiers, and license details. For wholesalers like M&D, this often includes facility licensure checks at the time of each transaction, prior to shipment.
Recently, many health systems have begun to systematically replace prior spreadsheet-based approaches to ATP tracking, and use governed address books to track and manage partner identities. By using OCI-compliant digital credentials, master data can be signed and exchanged between trading partners, independently proving the source and quality of the data. This reduces the burden of manual requests and ensures accurate, up-to-date information as contact information, sites, and licenses change over time.
With this in mind, M&D decided to publish its own data in the LedgerDomain Address Book to make it easy for their customers and suppliers to continue receiving and shipping product, reduce administrative burden, and accelerate the delivery of drugs to the patients who need them.
Timeline
M&D’s DSCSA credential was first issued in October 2024, prior to the end of the one-year FDA “stabilization period.” At that time, DSCSA credentials were largely used for signing requests over the Verification Router Service (VRS), an interoperable network of solution providers. Since then, the use of OCI-compliant credentialing has expanded to include suspect & illegitimate product investigations, exceptions management, direct ATP confirmation, and other signed data workflows.
In April 2026, M&D set up its self-published data using the LedgerDomain Address Book. Setup was accomplished in a matter of hours.
To conclude the exercise, four of M&D’s trading partners – three health systems and a manufacturer – added M&D’s signed data to their address books.
DSCSA Workflows
The LedgerDomain Address Book includes three core workflows.
1. Manage your own data. Users access a web dashboard to manage corporate master information, facility addresses, state licenses, GS1 GLNs, and preferred contact data. Most of this data is otherwise scattered across multiple data repositories.
2. Manage your trading partners. Users can populate their address book with their trading partners in order to track and manage their information. Trading partners who are already credentialed have validated data that can be supplemented. Trading partners who are not currently credentialed can be added from a directory or entered manually.
3. Request information. Users can request review of their trading partners’ data. The named contact at the trading partner receives a prefilled form with requested information, and can review and revise as needed.
Critically, all three of these workflows involve signing operations powered by OCI-compliant digital credentials, but also allow for alternative methods. LedgerDomain populates its directory from publicly available data to make onboarding faster and easier, but only trading partners can sign their own messages, such as master data or requests. Each trading partner essentially “stamps” every transaction with a tamper-evident proof of identity and ATP status, using strong cryptography based on open industry standards.
Data Elements
M&D’s Address Book entries include all data required by DSCSA and industry best practices. The key fields are summarized below:
- Legal Entity Name & Address: Official company name and physical address.
- Facility Location: Address for each licensed ship-from facility.
- Global Location Number (GLN): A GS1-assigned 13-digit code identifying the precise ship-to/ship-from location. GLNs uniquely identify trading entities and are recommended for DSCSA.
- DUNS Number: Dun & Bradstreet’s 9-digit identifier. This provides a secondary unique ID for legal entities.
- State Licenses: Each facility’s relevant license numbers and issuing state.
- DEA Numbers: Each facility’s DEA Registration Number to facilitate the distribution of controlled substances.
- Preferred Contact: Name, email, and phone of the DSCSA contact person.
All these data elements are kept up to date. For instance, if a license expires or an address changes, M&D’s team updates the record.
Partner Consumption and Workflows
Trading partners with their own ATP credentials are able to add M&D to their address books and receive a signed block of master data. After this, their own credentialed data appears in M&D’s Address Book and vice versa (“mutual handshake”).
A trading partner without an address book can request the data and receive a signed, standardized email with the data in easily human-readable format. In the near future, LedgerDomain plans to make signed data available via self-managed portals.
Benefits and Metrics
Within a week of going live, M&D observed clear benefits:
Partner Experience. Several health systems undergoing their own ATP validation activities were able to instantly validate M&D’s full suite of data, including all licensed ship-from locations.
Data Quality: Building the Address Book prompted cleanup of data (correcting names, addresses, licenses).
Privacy Preservation: While much of the information published through the Address Book is publicly available, DSCSA contact email addresses remain visible only to other ATPs through the “mutual handshake.”
Conclusion
M&D’s deployment demonstrates how a credential-backed address book can serve as a practical foundation for DSCSA compliance while delivering immediate operational value.
By improving data accuracy, reducing partner friction, and enabling trusted data exchange, the initiative moves beyond compliance into a more efficient and connected supply chain. As interoperability expectations continue to rise, approaches like this position organizations to meet regulatory requirements while strengthening relationships with trading partners and accelerating the flow of medicines to patients.
