DURHAM, NC, February 27, 2024 – Drummond Group, LLC, a trusted provider of compliance, standards, and cybersecurity testing, certification, and validation services, today announced that Spherity has completed the Open Credential Initiative (OCI) Digital Wallet Conformance Criteria Audit. Spherity is the first OCI digital wallet provider to have completed the audit successfully.
The OCI is a collaborative industry effort enabling pharmaceutical supply chain actors to establish digital proof of identity, licensure status, and information authorship using digital wallets and verifiable credentials.
The verifiable credentials held within Digital Wallets enable pharmaceutical business trading partners to validate that Verification Routing Service (VRS) messages originate from Authorized Trading Partners (ATP). Pharmaceutical businesses obtain their ATP credentials from an approved OCI Credential Issuer. ATP validation is mandated by the Drug Supply Chain Security Act (DSCSA) by Nov. 27, 2024.
A pharmaceutical trading partner must prove their enterprise identity as a first step in establishing trust. OCI Digital Wallet providers work in conjunction with OCI Credential Issuers who validate the trading partner via identity proofing and assigning that organization an ATP credential. VRS systems then retrieve these ATP credentials from an OCI Digital Wallet, like Spherity’s Digital Wallet, for embedding in VRS messages. This allows pharmaceutical trading partners to verify that VRS messages originate only from ATP and respond as required by FDA’s guidance on DSCSA.
OCI’s requirement for service providers who are directly involved with issuance and maintenance of credentials to be audited follows the public-private Partnership for DSCSA Governance (PDG)’s directive. The PDG Blueprint for 2023 Interoperability incorporates advice from FDA, pharmaceutical businesses, and other pharmaceutical supply chain stakeholders. It is foreseen that the OCI Digital Wallet and Credential Issuance Conformance Criteria will be the standard way of validating organizations as ATP for use by VRS systems to meet DSCSA compliance.
The audit was conducted by Drummond expert auditors, who developed an audit plan based on OCI Digital Wallet Conformance Criteria. Drummond is the sole auditor and has developed a testing plan that successfully executes OCI audits. During the Spherity audit, working in collaboration with OCI, Drummond’s audit plan development contributed to validating the Digital Wallet Conformance Criteria and helped identify areas that needed clarification or improvement.
“Because of Drummond’s more than 25 years in conformance certification testing and auditing experience, Drummond was able to respond quickly to OCI’s request to become an OCI Conformance Criteria auditor and is now helping drive OCI specifications through to production,” said Aaron Gomez, Supply Chain Security Business Unit Leader.
“I am pleased to announce that Spherity has successfully passed all required Digital Wallet Conformance Criteria, including some optional conformance criteria, and has now achieved Drummond CertifiedTM status,” he added.
“It was an insightful and gratifying experience to see the OCI Digital Wallet Conformance Criteria come to life not only in our Digital Wallet implementation but also through the independent assessment by a third-party auditor. Drummond has shown the professional curiosity and flexibility that a pioneering audit firm requires to apply their long-standing expertise in a new context. We look forward to working with Drummond on future OCI audits,” said Dr. Christiane Wirrig, Spherity Customer Success Manager and OCI Policy & Architecture Co-Chair.