Systematic Certificate Renewal v1.0

Intended Audience:  Software Suppliers

Date:  01 July 2020

Situation

User certificate sare valid for 2 years and will start to expire from Autumn 2020, with large numbers expiring in Q1 2021. Because the current system requires manual intervention to renew user certificates this may lead to high volumes of support calls to software suppliers. A solution will be introduced to the UK MVS with Release 1.08 in November 2020.

Affected software suppliers must move quickly to update their software.

Background

The NMVS uses multi-factor authentication: Software must present a valid set of user credentials and certificate to transact with the UK MVS. Manual certificate renewal is problematic due to the dependency on expiry notification emails being delivered and read, and because many suppliers manage numerous certificates on their users’ behalf.  Currently, certificates can be renewed in 2 ways:

  1. Users manually download the new certificate from the UK MVS GUI, by providing the TAN information from the certificate renewal email.
  2. If software implementation allows, the software can download a new certificate from the G615 process if the user inputs the TAN information from the certificate renewal email.

If the user does not receive the TAN notification email or does not take prompt and appropriate action, then they will be unable to connect to the UK MVS when their certificate expires. This issue is addressed in Release 1.08 to be released in November 2020. Documentation to support development is available now.

Solution

A new endpoint will allow the systematic renewal of certificates. This additional endpoint authenticates using current certificate and credentials and will provide the new certificate that is automatically generated 60 days prior to the expiry of the current certificate. This endpoint is independent from the TAN delivered in the certificate renewal email, and so no user intervention is required.

Recommendations

  • Consult the revised documentation for Release 1.08: FD-002 Implementation Guideline NMVS. https://www.sws-nmvs.eu/portal/documentation (Release 1.08 section)
  • Update their software and deploy it to customers to utilise this new endpoint to minimise the impact of user certificate expiry.
  • Submit new versions of NMVS end user software for Arvato baseline testing before distribution.                                                     

Download this article here.                                                   

Related articles


EU Exit and UK MVS

The United Kingdom formally departed from the European Union on 31st January 2020, entering into a Transition Period lasting until 31st December 2020.

First Login to UK MVS - Quick Start Guide - Step 1

Ready to log in to the UK MVS?  Please follow the links to instructions below.

Should we contact SecurMed to infiliate to GS1?

No. Please contact GS1 directly.

Does Article 37(d) require that a National Medicine Verification Organisation (NMVO) directly alerts the relevant national competent authorities, the EMA and the Commission about a falsification? Is there is a time limit for such alerting?

The use of the term “provide for” in Article 37(d) of Commission Delegated Regulation (EU) 2016/161 means that an NMVO has to ensure that the National Competent Authorities (NCA), the EMA and the Commission are informed.

Where can I find a copy of the Delegated Regulation?

You can find the Delegated Regulation here.

I am having a problem logging onto my FMD software. What should I do?

If you have successfully logged onto the UK MVS but are having a problem logging onto your FMD software, please contact your Software Supplier.