Press ReleaseDrummond Group Announces Completion of Spherity OCI Digital Wallet Compliance Criteria Audit

Spherity First to Complete Compliance Audit To OCI Digital Wallet Conformance Criteria to Validate Pharmaceutical Authorized Trading Partners (ATP)

Durham, NC USA — February 27, 2024 —Drummond Group, LLC, a trusted provider of compliance, standards, and cybersecurity testing, certification, and validation services, today announced that Spherity has completed the Open Credential Initiative (OCI) Digital Wallet Conformance Criteria Audit. Spherity is the first OCI digital wallet provider to have completed the audit successfully.

The OCI is a collaborative industry effort enabling pharmaceutical supply chain actors to establish digital proof of identity, licensure status, and information authorship using digital wallets and verifiable credentials.

The verifiable credentials held within Digital Wallets enable pharmaceutical business trading partners to validate that Verification Routing Service (VRS) messages originate from an Authorized Trading Partner (ATP). Pharmaceutical businesses obtain their ATP credentials from an approved OCI Credential Issuer. ATP validation is mandated by the Drug Supply Chain Security Act (DSCSA) by Nov. 27, 2024.

A pharmaceutical trading partner must prove their enterprise identity as a first step in establishing trust. OCI Digital Wallet providers work in conjunction with OCI Credential Issuers who validate the trading partner via identity proofing and assigning that organization an ATP credential. VRS systems then retrieve these ATP credentials from an OCI Digital Wallet, like Spherity’s Digital Wallet, for embedding in VRS messages. This allows pharmaceutical trading partners to verify that VRS messages originate only from ATPs and respond as required by FDA’s guidance on DSCSA.

OCI’s requirement for service providers who are directly involved with issuance and maintenance of credentials to be audited, follows the public-private Partnership for DSCSA Governance (PDG)’s directive. The PDG Blueprint for 2023 Interoperability incorporates advice from FDA, pharmaceutical businesses, and other pharmaceutical supply chain stakeholders. It is foreseen that the OCI Digital Wallet and Credential Issuance Conformance Criteria will be the standard way of validating organizations as ATPs for use by VRS systems to meet DSCSA compliance.

The audit was conducted by Drummond expert auditors, who developed an audit plan based on OCI Digital Wallet Conformance Criteria. Drummond is the sole auditor and has developed a testing plan that successfully executes OCI audits. During the Spherity audit, working in collaboration with OCI, Drummond’s audit plan development contributed to validating the Digital Wallet Conformance Criteria and helped identify areas that needed clarification or improvement.

“Because of Drummond’s more than 25 years in conformance certification testing and auditing experience, Drummond was able to respond quickly to OCI’s request to become an OCI Conformance Criteria auditor and is now helping drive OCI specifications through to production,” said Aaron Gomez, Supply Chain Security Business Unit Leader.

“I am pleased to announce that Spherity has successfully passed all required Digital Wallet Conformance Criteria, including some optional conformance criteria, and has now achieved Drummond CertifiedTM status,” he added.

“It was an insightful and gratifying experience to see the OCI Digital Wallet Conformance Criteria come to life not only in our Digital Wallet implementation but also through the independent assessment by a third-party auditor. Drummond has shown the professional curiosity and flexibility that a pioneering audit firm requires to apply their long-standing expertise in a new context. We look forward to working with Drummond on future OCI audits,“ said Dr. Christiane Wirrig, Spherity Customer Success Manager and OCI Policy & Architecture Co-Chair.

About Drummond Group, LLC

For over 25 years, Drummond Group, LLC (www.drummondgroup.com) has helped organizations in highly regulated industry sectors (health, finance, pharmacy, and retail sectors) by providing compliance, standards, and cybersecurity consulting, testing, certification, and validation services. Drummond promotes and supports the adoption of interoperability and security mandates, standards, and best practices that drive the secure industry digital transformation, including B2B EDI (AS2, AS4), ONC Health IT, HIPPA, PCI, FTC, FHIR, DEA EPCS, DEA CSOS, GS1 GDSN, GS1 EPCIS 1.2, NIST AI RMF 1.0, NIST 8374, NIST 800-53, and more.

About Spherity

Spherity, a global pioneer in digital identity software, aims to revolutionize secure identity integration for enterprises, machines, products, data, and algorithms. The company's vision centers on leveraging self-sovereign identity (SSI) to streamline compliance processes in accordance with regulations related to data protection and security. Spherity offers products tailored for supply chains, providing authentication and authorization solutions for the US pharmaceutical supply chain and the Digital Product Passport solution for the automotive industry, delivering battery passports required by the European Commission.