Last update: February 2024
OCI is an open initiative enabling trusted digital interactions between Authorized Trading Partners (ATPs) in the U.S. pharmaceutical supply chain to meet the requirements of the U.S. Drug Supply Chain Security Act (DSCSA). (For more information about the DSCSA and verification, consult FDA’s website.) Our members work together to deliver secure credentialing over networks, APIs, and other secure channels. This page provides you with details on the level of each service provider’s OCI conformance. Please find the main page at oc-i.org/marketplace.
Please note that we do not display a comprehensive range of each listed service provider’s commercial offering. OCI is only concerned with these companies’ relationship to OCI’s framework. Thus, listed providers are identified by their role within OCI’s framework or, in the case of outsourcing providers, a term that aims to encompass their OCI-related offering only. We encourage you to research which service provider addresses your needs best.
The commercial service providers listed on this page have demonstrated that they meet OCI’s applicable conformance criteria. Proof of such adherence to OCI’s framework is provided as far as possible. OCI has not performed any further quality checks on these entities. The links are provided solely for informational purposes and convenience of our site visitors. Please refer to our Disclaimer.
Service Interoperability
The Verification Router Service (VRS) is a network designed to pass verification requests between trading partners in the pharmaceutical supply chain. OCI-compliant verifiable credentials provide an additional layer of authentication, allowing responders (e.g. manufacturers and repackagers) to be certain that requestors (e.g. wholesalers and dispensers) are ATPs under the law.
OCI-committed service providers actively work towards or have achieved adherence to OCI’s conformance requirements. Some service providers are ready to go! Others are preparing to test their interoperability and get OCI-conformant. Any of the service providers listed here can be contacted directly with inquiries about their DSCSA solutions.
☆ HDA VRS Working Group
Interoperability is achieved between service providers through small- and large-scale efforts coordinated by the Healthcare Distribution Alliance (HDA) VRS Working Group. The first ATP Verifiable Credential integration efforts began on the GS1 Lightweight Messaging Standard (LVMS) Release (R)1.2 in summer 2022. Currently, a wide range of solution providers have since upgraded to the GS1 LVMS R1.3 implementation and have successfully tested their ATP Verifiable Credential integrations; LVMS R1.2 has been deprecated.
| Service Provider | OCI Role | R1.2 Tested | R1.3 Tested |
|---|---|---|---|
| Gateway Checker | VRS | ✅ | ✅ |
| Jekson Vision | VRS | ✅ | ✅ |
| Movilitas.Cloud | VRS | ✅ | ✅ |
| Optel Group | VRS | N/A | ✅ |
| rfxcel (Antares Vision Group) | VRS | ✅ | ✅ |
| SAP | VRS | ✅ | ✅ |
| Systech | VRS | ✅ | ✅ |
| TraceLink | VRS | ✅ | ✅ |
| TrackTraceRX | VRS | N/A | ✅ |
| LedgerDomain | Digital Wallet | N/A | ✅ |
| Spherity | Digital Wallet | ✅ | ✅ |
| Legisym | Credential Issuer | ✅ | ✅ |
OCI works closely with HDA to keep this table up to date. There may be VRS providers who collaborate through HDA-facilitated events and/or are aligned with OCI specifications but are not listed here.
☆ OCI Conformance
To be considered OCI-conformant, OCI requires VRS providers to submit a signed self-attestation asserting compliance with the VRS Integration Conformance Criteria.
- Find blank OCI forms on our main site.
- Should a VRS provider choose not to submit a signed self-attestation but a credible alternative statement, we appreciate this and consider this provider OCI-aligned.
To be considered OCI-conformant, OCI requires Credential Issuers and Digital Wallet providers to undergo a formal 3rd-party audit to assert compliance with the Credential Issuer and Digital Wallet Conformance Criteria, respectively. An alternaive means is not permitted.
See also OCI’s conformance requirements.
| Service Provider | OCI Role | OCI Audit | OCI Signed Self-Attestation | Alternative Statement |
|---|---|---|---|---|
| Movilitas.Cloud | VRS | N/A | Proof | N/A |
| Optel Group | VRS | N/A | Proof | N/A |
| Systech | VRS | N/A | Proof | N/A |
| TraceLink | VRS | N/A | Proof | N/A |
| LedgerDomain | Digital Wallet | Proof | N/A | N/A |
| Spherity | Digital Wallet | Proof | N/A | N/A |
| Legisym | Credential Issuer | Proof | N/A | N/A |
| SAP | VRS | N/A | Not Provided | Reference (requires log-in) |
Find the provided evidence documents in this repository.
☆ Integration Partnerships
Some solution providers do not need to undergo testing or conformance attestation because they outsource the needed key functions to OCI-conformant service providers through close partnerships.
| Service Provider | OCI-related Service | Integration Partnerships |
|---|---|---|
| RxScan | DSCSA Compliance | ✅ |
| Trust.med | DSCSA Compliance | ✅ |