implement-pharma-serialisation

Implement pharmaceutical serialisation and track-and-trace systems compliant with EU FMD, US DSCSA, and other global regulations. Covers unique identifier generation, aggregation hierarchy, EPCIS data exchange, and verification endpoint integration. Use when implementing serialisation for a new product launch, integrating with the EMVS/NMVS, designing DSCSA-compliant transaction exchange, building an EPCIS event repository, or extending serialisation to additional markets (China, Brazil, Russia).

9 stars

Best use case

implement-pharma-serialisation is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Implement pharmaceutical serialisation and track-and-trace systems compliant with EU FMD, US DSCSA, and other global regulations. Covers unique identifier generation, aggregation hierarchy, EPCIS data exchange, and verification endpoint integration. Use when implementing serialisation for a new product launch, integrating with the EMVS/NMVS, designing DSCSA-compliant transaction exchange, building an EPCIS event repository, or extending serialisation to additional markets (China, Brazil, Russia).

Teams using implement-pharma-serialisation should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/implement-pharma-serialisation/SKILL.md --create-dirs "https://raw.githubusercontent.com/pjt222/agent-almanac/main/i18n/caveman-lite/skills/implement-pharma-serialisation/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/implement-pharma-serialisation/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How implement-pharma-serialisation Compares

Feature / Agentimplement-pharma-serialisationStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Implement pharmaceutical serialisation and track-and-trace systems compliant with EU FMD, US DSCSA, and other global regulations. Covers unique identifier generation, aggregation hierarchy, EPCIS data exchange, and verification endpoint integration. Use when implementing serialisation for a new product launch, integrating with the EMVS/NMVS, designing DSCSA-compliant transaction exchange, building an EPCIS event repository, or extending serialisation to additional markets (China, Brazil, Russia).

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Implement Pharmaceutical Serialisation

Set up pharmaceutical serialisation systems for regulatory compliance with global track-and-trace mandates.

## When to Use

- Implementing serialisation for a new product launch in the EU or US market
- Integrating with the European Medicines Verification System (EMVS/NMVS)
- Designing DSCSA-compliant transaction information exchange
- Building or integrating an EPCIS event repository for supply chain visibility
- Extending serialisation to additional markets (China NMPA, Brazil ANVISA, etc.)

## Inputs

- **Required**: Product information (GTIN, product code, dosage form, pack sizes)
- **Required**: Target market regulations (EU FMD, DSCSA, or both)
- **Required**: Packaging hierarchy (unit, bundle, case, pallet)
- **Optional**: Existing ERP/MES system details for integration
- **Optional**: Contract manufacturer serialisation capabilities
- **Optional**: Verification endpoint specifications

## Procedure

### Step 1: Understand the Regulatory Landscape

| Regulation | Region | Key Requirements | Deadline |
|-----------|--------|------------------|----------|
| EU FMD (2011/62/EU) | EU/EEA | Unique identifier + tamper-evident feature on each unit | Live since Feb 2019 |
| DSCSA | USA | Electronic, interoperable tracing at package level | Full enforcement Nov 2024+ |
| China NMPA | China | Unique drug traceability code per minimum saleable unit | Rolling |
| Brazil ANVISA (SNCM) | Brazil | Serialisation of pharmaceuticals with IUM | Rolling |
| Russia MDLP | Russia | Crypto-code per unit, mandatory scanning | Live |

Key data elements per regulation:

**EU FMD unique identifier (per Delegated Regulation 2016/161):**
- Product code (GTIN-14 from GS1)
- Serial number (up to 20 alphanumeric characters, randomised)
- Batch/lot number
- Expiry date

**DSCSA transaction information:**
- Product identifier (NDC/GTIN, serial number, lot, expiry)
- Transaction information (date, entities, shipment details)
- Transaction history and transaction statement
- Verification at package level

**Got:** Clear understanding of which regulations apply to each product-market combination.
**If fail:** Engage regulatory affairs to confirm market requirements before proceeding.

### Step 2: Design the Serialisation Data Model

```sql
-- Core serialisation data model
CREATE TABLE serial_numbers (
    id BIGSERIAL PRIMARY KEY,
    gtin VARCHAR(14) NOT NULL,          -- GS1 GTIN-14
    serial_number VARCHAR(20) NOT NULL,  -- Unique per GTIN
    batch_lot VARCHAR(20) NOT NULL,
    expiry_date DATE NOT NULL,
    status VARCHAR(20) DEFAULT 'ACTIVE', -- ACTIVE, DECOMMISSIONED, DISPENSED, etc.
    created_at TIMESTAMPTZ DEFAULT NOW(),
    UNIQUE(gtin, serial_number)
);

-- Aggregation hierarchy
CREATE TABLE aggregation (
    id BIGSERIAL PRIMARY KEY,
    parent_code VARCHAR(50) NOT NULL,     -- SSCC or higher-level code
    parent_level VARCHAR(10) NOT NULL,    -- CASE, PALLET, BUNDLE
    child_code VARCHAR(50) NOT NULL,      -- GTIN+serial or child SSCC
    child_level VARCHAR(10) NOT NULL,     -- UNIT, BUNDLE, CASE
    aggregation_event_id UUID NOT NULL,
    created_at TIMESTAMPTZ DEFAULT NOW()
);

-- EPCIS events
CREATE TABLE epcis_events (
    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
    event_type VARCHAR(30) NOT NULL,      -- ObjectEvent, AggregationEvent, TransactionEvent
    action VARCHAR(10) NOT NULL,          -- ADD, OBSERVE, DELETE
    biz_step VARCHAR(100),               -- urn:epcglobal:cbv:bizstep:commissioning
    disposition VARCHAR(100),             -- urn:epcglobal:cbv:disp:active
    read_point VARCHAR(100),             -- urn:epc:id:sgln:location
    event_time TIMESTAMPTZ NOT NULL,
    event_timezone VARCHAR(6) NOT NULL,
    payload JSONB NOT NULL,
    created_at TIMESTAMPTZ DEFAULT NOW()
);
```

Aggregation hierarchy:

```
Pallet (SSCC)
  └── Case (SSCC)
       └── Bundle (GTIN + serial) [optional level]
            └── Unit (GTIN + serial)
```

**Got:** Data model supports full pack hierarchy with EPCIS event tracking.
**If fail:** If existing ERP schema conflicts, design an integration layer rather than modifying ERP directly.

### Step 3: Implement Serial Number Generation

```python
import secrets
import string

def generate_serial_number(length: int = 20, charset: str = None) -> str:
    """Generate a random serial number compliant with GS1 standards.

    EU FMD requires randomised serial numbers to prevent prediction.
    Max 20 characters, alphanumeric (GS1 Application Identifier 21).
    """
    if charset is None:
        # GS1 AI(21) allows: digits, uppercase, lowercase, and some special chars
        # Most implementations use alphanumeric only for interoperability
        charset = string.ascii_uppercase + string.digits
    return ''.join(secrets.choice(charset) for _ in range(length))


def generate_serial_batch(gtin: str, batch_lot: str, expiry: str, count: int) -> list:
    """Generate a batch of unique serial numbers for a production run."""
    serials = set()
    while len(serials) < count:
        serials.add(generate_serial_number())
    return [
        {
            "gtin": gtin,
            "serial_number": sn,
            "batch_lot": batch_lot,
            "expiry_date": expiry,
            "status": "COMMISSIONED"
        }
        for sn in serials
    ]
```

**Got:** Serial numbers are cryptographically random, unique per GTIN, and stored before printing.
**If fail:** If a uniqueness collision occurs, regenerate the conflicting serial and log the event.

### Step 4: Implement GS1 DataMatrix Encoding

The 2D DataMatrix barcode encodes the GS1 element string:

```
(01)GTIN(21)Serial(10)Batch(17)Expiry
```

Example:
```
(01)05012345678901(21)A1B2C3D4E5(10)LOT123(17)261231
```

Where:
- AI(01) = GTIN-14
- AI(21) = Serial number
- AI(10) = Batch/lot number
- AI(17) = Expiry date (YYMMDD)

The GS1 DataMatrix uses FNC1 as a separator (GS character, ASCII 29) between variable-length fields.

```python
def encode_gs1_element_string(gtin: str, serial: str, batch: str, expiry: str) -> str:
    """Encode GS1 element string for DataMatrix printing.

    FNC1 (GS character \\x1d) separates variable-length fields.
    AI(01) and AI(17) are fixed length, so no separator needed after them.
    AI(21) and AI(10) are variable length and need FNC1 terminator.
    """
    GS = '\x1d'  # GS1 FNC1 / Group Separator
    return f"01{gtin}21{serial}{GS}10{batch}{GS}17{expiry}"
```

**Got:** Encoded strings verified by scanning test prints with a GS1-certified verifier (ISO 15415 grade C or above).
**If fail:** If scan verification fails, check print quality, quiet zones, and encoding order.

### Step 5: Integrate with National Verification Systems

#### EU FMD — EMVS/NMVS Integration

```
MAH → Upload serial data → EU Hub → Distribute to National Systems (NMVS)
                                      ├── Germany (securPharm)
                                      ├── France (CTS)
                                      ├── Italy (AIFA)
                                      └── ... 31 markets
```

API operations:
1. **Upload** (MAH → EU Hub): Batch upload of commissioned serial numbers
2. **Verify** (Pharmacy → NMVS): Check serial status before dispensing
3. **Decommission** (Pharmacy → NMVS): Mark as dispensed at point of sale
4. **Reactivate** (MAH → NMVS): Reverse accidental decommission

#### DSCSA — Verification Router Service

```
Trading Partner A → VRS Request → Verification Router → MAH's VRS → Response
```

Implement a VRS responder endpoint:

```python
# Simplified VRS endpoint (DSCSA verification)
from fastapi import FastAPI, HTTPException

app = FastAPI()

@app.get("/verify/{gtin}/{serial}/{lot}/{expiry}")
async def verify_product(gtin: str, serial: str, lot: str, expiry: str):
    """DSCSA product verification endpoint."""
    record = await lookup_serial(gtin, serial)
    if record is None:
        return {"verified": False, "reason": "SERIAL_NOT_FOUND"}
    if record.batch_lot != lot or str(record.expiry_date) != expiry:
        return {"verified": False, "reason": "DATA_MISMATCH"}
    if record.status != "ACTIVE":
        return {"verified": False, "reason": f"STATUS_{record.status}"}
    return {"verified": True, "status": record.status}
```

**Got:** Verification endpoints respond within 1 second with correct status.
**If fail:** If national system upload fails, retry with exponential backoff and alert operations.

### Step 6: Implement EPCIS Event Capture

Record supply chain events in EPCIS 2.0 format:

```json
{
  "@context": "https://ref.gs1.org/standards/epcis/2.0.0/epcis-context.jsonld",
  "type": "ObjectEvent",
  "eventTime": "2025-03-15T10:30:00.000+01:00",
  "eventTimeZoneOffset": "+01:00",
  "epcList": ["urn:epc:id:sgtin:5012345.067890.A1B2C3D4E5"],
  "action": "ADD",
  "bizStep": "urn:epcglobal:cbv:bizstep:commissioning",
  "disposition": "urn:epcglobal:cbv:disp:active",
  "readPoint": {"id": "urn:epc:id:sgln:5012345.00001.0"},
  "bizLocation": {"id": "urn:epc:id:sgln:5012345.00001.0"}
}
```

Key business steps in the pharma supply chain:
- `commissioning` — serial number assigned to physical unit
- `packing` — aggregation into cases/pallets
- `shipping` — departure from a location
- `receiving` — arrival at a location
- `dispensing` — supplied to patient (decommission trigger)

**Got:** Every status change generates an EPCIS event with correct timestamps and locations.
**If fail:** Failed event capture must be queued and retried; never silently dropped.

## Validation

- [ ] Serial numbers are randomised and unique per GTIN
- [ ] GS1 DataMatrix encoding verified by barcode scanner (ISO 15415 grade C+)
- [ ] Aggregation hierarchy correctly links units → bundles → cases → pallets
- [ ] National verification system integration tested (upload, verify, decommission)
- [ ] EPCIS events captured for all business steps
- [ ] Verification endpoint responds within 1 second
- [ ] Exception handling covers upload failures, scan failures, and network errors

## Pitfalls

- **Sequential serial numbers**: EU FMD explicitly requires randomisation to prevent counterfeiting. Never use sequential numbering.
- **Aggregation errors**: Disaggregation (breaking a case) must update the hierarchy. Shipping a case with wrong child associations causes verification failures downstream.
- **Timezone handling**: EPCIS events must include timezone offset. Using local time without offset causes event ordering ambiguity across sites.
- **Late uploads**: Serial data must be uploaded to national systems before product enters the supply chain. Late upload = product flagged as suspicious at pharmacy.
- **Ignoring exceptions**: Legitimate products get flagged (false alerts) regularly. A process for investigating and resolving alerts is essential.

## Related Skills

- `perform-csv-assessment` — validate serialisation system as a computerised system
- `conduct-gxp-audit` — audit serialisation processes
- `implement-audit-trail` — audit trail for serialisation events
- `serialize-data-formats` — general data serialisation (different domain, complementary concepts)
- `design-serialization-schema` — schema design for data exchange formats

Related Skills

implement-gitops-workflow

9
from pjt222/agent-almanac

Implement GitOps continuous delivery using Argo CD or Flux with app-of-apps pattern, automated sync policies, drift detection, and multi-environment promotion. Manage Kubernetes deployments declaratively from Git with automated reconciliation. Use when implementing declarative infrastructure management, migrating from imperative kubectl commands to Git-driven deployments, setting up multi-environment promotion workflows, enforcing code review gates for production, or meeting audit and compliance requirements.

implement-electronic-signatures

9
from pjt222/agent-almanac

Implement electronic signatures compliant with 21 CFR Part 11 Subpart C and EU Annex 11. Covers signature manifestation (signer, date/time, meaning), signature-to-record binding, biometric vs non-biometric controls, policy creation, and user certification requirements. Use when a computerized system requires legally binding electronic signatures for GxP records, when replacing wet-ink signatures in regulated workflows, when implementing batch release or document approval workflows, or when a regulatory gap reveals missing signature controls.

implement-diffusion-network

9
from pjt222/agent-almanac

Implement a generative diffusion model (DDPM or score-based) with noise scheduling, U-Net architecture, training loop, and sampling procedures including DDIM acceleration. Use when building a generative model for image, audio, or molecular synthesis; implementing DDPM from a research paper; adding a custom noise schedule or conditioning mechanism; replacing a GAN-based generator with a diffusion alternative; or prototyping before scaling with production frameworks like diffusers.

implement-audit-trail

9
from pjt222/agent-almanac

Implement audit trail functionality for R projects in regulated environments. Covers logging, provenance tracking, electronic signatures, data integrity checks, and 21 CFR Part 11 compliance. Use when an R analysis requires electronic records compliance (21 CFR Part 11), when you need to track who did what and when in an analysis, when implementing data provenance tracking, or when creating tamper-evident analysis logs for regulatory submissions.

implement-a2a-server

9
from pjt222/agent-almanac

Implement a JSON-RPC 2.0 A2A server with full task lifecycle management (submitted/working/completed/failed/canceled/input-required), SSE streaming, and push notifications. Use when implementing an agent that participates in multi-agent A2A workflows, building a backend for an Agent Card, adding A2A protocol support to an existing agent or service, or deploying an agent that must interoperate with other A2A-compliant agents.

skill-name-here

9
from pjt222/agent-almanac

One to three sentences describing what this skill accomplishes, followed by key activation triggers. This field is the primary mechanism agents use to decide whether to activate the skill — it is read during discovery before the full body is loaded. Start with a verb. Include the most important "when to use" conditions inline. Max 1024 characters.

write-vignette

9
from pjt222/agent-almanac

Create R package vignettes using R Markdown or Quarto. Covers vignette setup, YAML configuration, code chunk options, building and testing, and CRAN requirements for vignettes. Use when adding a Getting Started tutorial, documenting complex workflows spanning multiple functions, creating domain-specific guides, or when CRAN submission requires user-facing documentation beyond function help pages.

write-validation-documentation

9
from pjt222/agent-almanac

Write IQ/OQ/PQ validation documentation for computerized systems in regulated environments. Covers protocols, reports, test scripts, deviation handling, and approval workflows. Use when validating R or other software for regulated use, preparing for a regulatory audit, documenting qualification of computing environments, or creating and updating validation protocols and reports for new or re-qualified systems.

write-testthat-tests

9
from pjt222/agent-almanac

Write comprehensive testthat (edition 3) tests for R package functions. Covers test organization, expectations, fixtures, mocking, snapshot tests, parameterized tests, and achieving high coverage. Use when adding tests for new package functions, increasing test coverage for existing code, writing regression tests for bug fixes, or setting up test infrastructure for a package that lacks it.

write-standard-operating-procedure

9
from pjt222/agent-almanac

Write a GxP-compliant Standard Operating Procedure (SOP). Covers regulatory SOP template structure (purpose, scope, definitions, responsibilities, procedure, references, revision history), approval workflow design, periodic review scheduling, and operational procedures for system use. Use when a new validated system requires operational procedures, when existing informal procedures need formalisation, when an audit finding cites missing procedures, when a change control triggers SOP updates, or when periodic review identifies outdated procedural content.

write-roxygen-docs

9
from pjt222/agent-almanac

Write roxygen2 documentation for R package functions, datasets, and classes. Covers all standard tags, cross-references, examples, and generating NAMESPACE entries. Follows tidyverse documentation style. Use when adding documentation to new exported functions, documenting internal helpers or datasets, documenting S3/S4/R6 classes and methods, or fixing documentation-related R CMD check notes.

write-incident-runbook

9
from pjt222/agent-almanac

Create structured incident runbooks with diagnostic steps, resolution procedures, escalation paths, and communication templates for effective incident response. Use when documenting response procedures for recurring alerts, standardizing incident response across an on-call rotation, reducing MTTR with clear diagnostic steps, creating training materials for new team members, or linking alert annotations directly to resolution procedures.