Life sciences / Specialty pharma

DSCSA compliance in NetSuite: what specialty pharmacies need to configure

DSCSA enforcement went live May 27, 2025. Specialty pharmacies that thought they had a grace period no longer do. This is what NetSuite needs to support: serialization, EPCIS-based T3 exchange, suspect product handling, and saleable returns.

Published May 22, 2026 · By Archer Insights | NetSuite Alliance Partner

DSCSA enforcement is here, and the grace period ended May 27, 2025

The Drug Supply Chain Security Act set a final compliance deadline of November 27, 2023, with FDA providing a stabilization period that extended through May 27, 2025. After that date, FDA is enforcing DSCSA as written. Paper, PDF, and manual spreadsheet exchange of T3 documentation are no longer acceptable. Trading partners must exchange T3 data electronically in EPCIS format. Specialty pharmacies that have not implemented serialized track-and-trace are now exposed to enforcement.

The requirements are not optional. The configuration is not a project that can wait for next year's budget cycle. Archer's specialty pharma configuration addresses DSCSA as a foundational component of the NetSuite implementation, not as a bolt-on.

DSCSA enforcement is operational, not theoretical. The system either supports serialized T3 exchange in EPCIS format, or it is creating compliance risk on every receipt.

What DSCSA actually requires

The statute requires 6 capabilities from every trading partner in the pharmaceutical supply chain.

01 Serialization

Every saleable unit and homogeneous case must carry a product identifier consisting of the National Drug Code, a unique serial number, lot number, and expiration date in human-readable and machine-readable form (a 2D data matrix barcode).

02 T3 data exchange

At each change of ownership, the seller must provide the buyer with Transaction Information, Transaction History, and Transaction Statement. Per the November 27, 2023 final deadline and the May 27, 2025 enforcement date, T3 is exchanged electronically using EPCIS or equivalent standards.

03 Verification

Trading partners must verify product identifiers. Dispensers must verify before dispensing. Wholesalers must verify before further distribution.

04 Suspect product handling

If a product is suspected to be counterfeit, diverted, or otherwise illegitimate, it must be quarantined and investigated. Per FDA DSCSA implementation guidance, the trading partner must follow defined suspect product protocols.

05 Saleable returns

Returned product can be resold only after verification that the returned product matches the original T3 record. The pharmacy or wholesaler accepting the return is responsible for the verification.

06 Recordkeeping

T3 data must be retained for 6 years.

The NetSuite configuration: 5 components

Component 01: Serialization on item records

Item records for DSCSA-covered products carry serialization as a structural property. NetSuite lot tracking is extended for unit-level serialization. Each sellable unit carries a unique serial number recorded at the point of manufacture (or import) and tracked through every transaction.

The configuration:

  1. Serial number is a required field on inbound transactions for DSCSA items
  2. Serial number flows through every internal movement
  3. Outbound transactions record the serial numbers shipped
  4. Reporting can produce a serialized inventory listing at any time

Component 02: EPCIS messaging integration

EPCIS (Electronic Product Code Information Services) is the GS1 standard for supply chain event data. GS1 US publishes the DSCSA-specific EPCIS guidance. NetSuite exchanges EPCIS messages with trading partners through a serialization solution provider integrated to the ERP.

Inbound flow:

  1. Trading partner sends EPCIS file before or with shipment
  2. Integration validates the file structure and content
  3. NetSuite receives the shipment and reconciles physical product against EPCIS data
  4. Discrepancies trigger suspect product workflow

Outbound flow:

  1. Shipment is created in NetSuite with serialized units
  2. Integration generates EPCIS file with T3 data
  3. File transmits to trading partner within DSCSA timing requirements (typically before or with the physical shipment)
  4. Confirmation receipt closes the loop

Component 03: Trading partner verification

Before exchanging product or T3 data, the pharmacy must verify that the trading partner is authorized. Authorization is checked against FDA's authorized trading partner list and against the trading partner's DEA registration where applicable.

Configuration:

  1. Vendor and customer records carry DSCSA authorization status as a custom field
  2. Vendor Onboarding validates DSCSA authorization at onboarding
  3. Periodic re-verification runs on a defined schedule
  4. Transactions with unauthorized trading partners are blocked at the system level

Component 04: Suspect product workflow

When physical product does not match T3 data, when verification fails, or when other red flags are present, the suspect product workflow activates.

Workflow steps:

  1. Affected product is quarantined: lot status changes to Suspect, blocking all outbound transactions
  2. Investigation case is opened with required documentation
  3. Approvals App routes the investigation through quality, regulatory, and operational review
  4. Outcome determines whether product is cleared (returned to Released status), destroyed (status Destroyed), or returned to trading partner
  5. FDA notification posts if the product is determined to be illegitimate
  6. The full investigation history retains under 21 CFR Part 11 audit trail

Component 05: Saleable returns handling

Returns require verification before resale. The configuration:

  1. Return authorization captures the original T3 reference and the serial numbers being returned
  2. Receipt validates the physical product against the return authorization
  3. If verification succeeds, product returns to available inventory at the original lot
  4. If verification fails, the suspect product workflow activates

Common DSCSA configuration gaps

Gap 01: Lot tracking treated as serialization

Standard NetSuite lot tracking is not unit-level serialization. The configuration must extend lot to support unique serial numbers on each saleable unit. Pharmacies that rely on lot tracking alone are not DSCSA compliant.

Gap 02: T3 data captured but not exchanged in EPCIS

Some pharmacies record T3 data in NetSuite but exchange it through PDFs or spreadsheets. Per the May 2025 enforcement date, this is no longer compliant. EPCIS exchange through a validated integration is the standard.

Gap 03: No suspect product workflow

Discrepancies between physical receipt and T3 data are noted but not formally investigated. DSCSA requires defined suspect product procedures. Informal handling does not satisfy.

Gap 04: Saleable returns processed without verification

Returns flow back into inventory based on lot match only. DSCSA requires serial-level verification before resale. The configuration has to enforce verification at receipt of return.

Gap 05: Trading partner authorization not validated

Vendor and customer records do not carry DSCSA authorization status. Transactions occur with unauthorized parties because the constraint is not in the system.

What enforcement-ready DSCSA looks like

When an FDA investigator arrives, the response is a query. Serialized inventory listing prints. T3 exchange history shows EPCIS files sent and received for any time range. Trading partner verification log shows authorization status at every transaction. Suspect product investigations show timeline and outcome. Saleable returns verification shows serial-level match.

The pharmacies that achieve this are running DSCSA as a configured operating model, not as a compliance overlay. The difference is whether the platform was designed for serialized track-and-trace from go-live or whether DSCSA was added later as a workaround.

Related on archerinsights.com

  1. Specialty pharma industry page. Full specialty pharmacy configuration approach.
  2. NetSuite for specialty pharmacy hub. Foundation configuration for specialty pharmaceutical operations.
  3. Drug stores and pharmacies industry page. Adjacent retail pharmacy DSCSA application.
  4. 3PL Integration. EPCIS messaging with trading partners and 3PLs.
  5. Vendor Onboarding. Trading partner authorization verification.
  6. Approvals App for SOX-ready workflows. Suspect product investigation routing.

External references

  1. FDA Drug Supply Chain Security Act
  2. FDA DSCSA Implementation Guidance for Dispensers
  3. GS1 US DSCSA Standards and Regulations
  4. FDA 21 CFR Part 11
  5. NetSuite Life Sciences ERP

Working session

Configure NetSuite for DSCSA enforcement, not for the grace period

A discovery call with an Archer implementation lead. Bring your current DSCSA approach and your trading partner mix.

Contact sales