EDITORIAL: Standardizing Package Security
Standards are important to you, and for good reason. Standards bring you together as an industry to set down packaging rules and practices. With these shared standards you can predict your operations and the supplies you need. You can also know what to expect when working with your customers, your peers, and your regulators.
But can you standardize the steps you take to secure your packages? For some you can, like the standards that are emerging for the Electronic Product Code (EPC).
Participants in our annual pharmaceutical roundtable are particularly interested in EPC for this reason. Says Rich Hollander, senior director of packaging services for Pfizer: “We like solutions that are aligned with open standards such that everybody in the supply chain can participate in them.” EPC appears to fit the bill. Hollander’s perspective, along with that of other packaging professionals, can be found in “Securing Pharmaceuticals,” which begins on page 86.
Hollander points out that the EPC is a number that will act as a key to a database. The EPC could include each drug’s National Drug Code (NDC) as well as other data, like packaging levels and even random serial codes. Standardizing EPC numerology is under way, led by EPCglobal. EPCglobal is managed by GS1, the new name for UCC, EAN International, and their members. The name change was announced at the 2005 U Connect conference held this month in Texas.
But EPC is just one weapon in the war against counterfeiting and diversion. Could other approaches to product security be standardized? Sort of, says Jim Rittenburg, vice president of pharmaceuticals for Authentix. “In considering standardization, it is important to ensure that the technology is well enough established so that it can be reproducibly inserted into the product each time it is manufactured,” says Rittenburg. “A manufacturer can get some sense of the maturity of a technology by understanding whether the technology is currently in commercial use and, if so, for how long; whether the technology has ever been breached; and whether drug master files (DMFs) exist that describe the technology to FDA.”
Rittenburg describes a marker for dosage forms that is now being built into pipeline products. “Manufacturers do disclose these to FDA by referencing confidential DMFs.” One such marker that Authentix has been providing since 1998 (originally through Biocode, a firm that was purchased in 2003 with other firms to form Authentix) has yet to be breached, he reports.
But global standards that industry could reference when using such technology probably aren’t feasible. “As more information about a security feature and its specifications becomes known to more people, it becomes much more difficult to maintain its security,” he says. “For this reason, manufacturers usually seek multilayered authentication solutions that have at least one component that is not shared with other companies.” These nonstandard components complement the use of RFID technology, says Rittenburg. “If criminals managed to destroy an RFID tag, there would be other technologies in place for product authentication,” he explains.
Roundtable participants spoke about the need for layering such covert, overt, and forensic elements as part of a multiple-weapon arsenal. To do so, you will need to work on two levels. First, you’ll need to follow standards like those developed by EPCglobal so that all supply-chain participants are set up to authenticate your products. Then you’ll need to work behind the scenes to implement unique authentication features that only you or your agents can use. Sure, it’s double duty, but it may be more secure.