Serialization and data integrity in pharma production
With the US, European, and Russian pharmaceutical serialization deadlines looming, the industry is busy implementing these new technologies to their production lines.
Serialization, in effect, expands the digital dimension to production data. Instead of just master and batch data, there will be individual package-related data in cloud and ERP systems. Even the small-scale production sites that have been able to rely on paper-based reporting have to adopt digital reporting.
Of obvious importance is the need to reconcile data, not just materials, after the production run before the batch is released. The approved batch should not have serial numbers hanging loose, nor packages without serial numbers, nor serialized packages not accounted for. All the rejected packages with serial numbers must be accounted for.
Digital accounting makes the control of data integrity both easier and harder. On the other hand, the data systems can be made to provide audit trail every data read, write, and change, require digital identification of persons responsible and provide backups. On the other hand, people are prone to looking for shortcuts, especially during incidents. For example, if the person having the access rights to production line stop mitigation is not always close, the personnel may find a shortcut, e.g., having access keys are available at the production line to make quick changes and repairs. This results in obvious data integrity risks.
Data integrity might look like a simple issue with a modern computerized production control systems, but it is hardly so. There are interfaces between the systems: within the organization, between trading parties such as API manufacturers or CMOs and MAHs, and between the MAHs and cloud systems or government repositories, such as the European Hub in the EMVS, and MDLP in Russia.
Each data transfer contains a possibility of unintentional data changes. Guaranteeing the data integrity between ISA levels 2 (production line) and 3 (site/factory level) may well be troublesome if the software solutions on these levels are from different vendors. An example of an unintentional change of data was with HIV testing at a blood service years ago, where the transferred testing data was truncated and critical information lost — leading to people being given contaminated blood.
Compromising data integrity compromises also patient safety.
Data integrity is also related to the data being safe. The serialization data is particularly sensitive as a data security breach may result in counterfeit manufacturers copying the genuine codes to the counterfeit products. The MES and ERP systems should thus be safe from external hacking, even in case the criminals get inside help.
One such case where the serial number data was compromised was at a software manufacturer which, in essence, sold serial codes packed in carton packages, the software being freely downloadable but requiring the license keys. In this case, counterfeits quickly emerged in the market with perfectly genuine, but copied, serial codes. After an investigation, it was found that the issue was not computer system hacking nor an inside job, but the CD-ROMs containing the serial codes were thrown into normal garbage cans after use, and were thus available to somebody outside the factory looking through the garbage for CDs or other data-containing media.
Web links on machine-readable QR or DataMatrix codes create novel data integrity threats. An obvious problem is that the actual content of the web link is not visible, but attack links can also look similar to genuine ones. A malicious link may lead to a fake website made to look exactly like the genuine one and thus lead to a compromised test of product authenticity — it may even contain a trojan/virus attack to the mobile phone reading the code! If web links are added to QR or DataMatrix codes, one should add a layer of security, such as Systech UniSecure.
Servicepoint offers services of an experienced full-service packaging, device assembly, machine vision, robotics, and serialization and track & trace automation integration company. In the last few years, Servicepoint has implemented serialization to more than a dozen sites for several manufacturers, our implemented or started projects at customers ranging from Russia to Spain, from Finland to Greece. Call us, we can help you!
Servicepoint Oy — the reliable partner for the manufacturing industry
CTO, Chief Technology Officer
+358 44 7868 215