Set up a Vault Safety PMDA AS2 Connection to support submissions through the PMDA Gateway.
About AS2 Connection Support for the PMDA Gateway
Vault Safety supports the Japan Pharmaceuticals and Medical Devices Agency (PMDA) Gateway through AS2 (system-to-system) communication. The PMDA Gateway can be used for ICSR submissions to the PMDA in the PMDA E2B(R3) file format. Vault Safety defines the Case criteria for these Submissions using the PMDA Rule Set.
Vault’s integration with the PMDA allows you to set up an AS2 Connection to submit ICSRs directly from Vault Safety and receive gateway responses.
Note: If your Vault currently uses the PMDA Gateway Profile to communicate with the PMDA, we recommend that you create an AS2 Connection to the PMDA as described in this article and then follow the instructions in Replace a Gateway Profile with an AS2 Connection.
Prerequisites
You must perform the following one-time configuration changes before you can set up PMDA Gateway submissions:
Prerequisite: Activate PMDA as a Standard Organization
PMDA comes preconfigured in each Vault as a standard Organization. In certain Vaults, an Admin must make the Agency active before you can set up PMDA Gateway submissions.
If PMDA is Inactive in your Vault, your Admin must complete the following steps:
- Go to Business Admin > Objects > Organizations.
- Open the PMDA Agency record.
- From the All Actions menu, select Change State to Active.
Note: The Change State to Active user action appears only if configured by your Admin. Add User Action to the Organization Lifecycle provides instructions for this configuration.
Apply for a PMDA Gateway Connection
Before you can configure the Vault Safety Gateway Profile, you must apply for a gateway connection between Vault Safety and the PMDA. The PMDA website provides instructions for setting up the gateway registration.
Public and Private Certificates
As part of the PMDA registration process, you must send a public and private certificate pair to the PMDA. If you need help generating these certificates, contact Veeva Managed Services.
Complete the PMDA Connectivity Form
When you configure your PMDA Gateway connection, ensure that you complete the PMDA Connectivity Form from the PMDA website. Use the appropriate information in your AS2 Connection settings and the PMDA website, which provides the latest information available.
Note: To send AS2 messages to the PMDA, port 443 must be open. To receive AS2 messages from the PMDA, port 4080 must be open.
Add the Recipient User for PMDA Submissions
Vault Safety maps the Email Destination associated with the PMDA JP Transmission Profile when generating PMDA E2B(R3) files.
- Go to Business Admin > Objects > Transmission Profiles.
- Open the PMDA JP (
jp_pmda__v
) Gateway Profile. - In the Recipients section, select Create. If you do not see this section, you must insert the Recipients section on the layout.
- In the Destination Person field, select the preconfigured Person record with the appropriate email address.
- In the Recipient Type field, specify To.
Note: Before you can add an Email Destination, you must add a Person record for each recipient with the appropriate email address. Manage Person records from Business Admin > Objects > Persons.
Result
Vault Safety uses the contact information for the referenced Person to populate E2B elements J2.18.2 to J2.18.4 in PMDA E2B(R3) exports.
Configure a Vault Safety AS2 Connection
- Go to Admin > Connections, then select Create.
- For the Connection Type, select AS2, then select Continue.
- Complete the AS2 Connection Fields.
- Select Save.
AS2 Connection Fields
Fields marked with a (*) are required.
Field | Description |
---|---|
Name* |
Enter a name for the AS2 Connection. This name must be unique in your Vault. |
API Name* |
Enter an API Name for the AS2 Connection. This name must be unique in your Vault. |
Contact Email* | Enter the Sender's Email |
Description | Enter a description for the AS2 Connection. |
AS2 Vault Gateway State |
The system populates this field with the current state of the AS2 Vault Gateway, which consists of one of the following options:
|
AS2 Encryption |
The algorithm the system uses to encrypt outbound AS2 messages and decrypt inbound messages. The system supports the following algorithms:
|
AS2 MDN Setting |
Whether the Message Delivery Notification (MDN) can be exchanged synchronously (Sync) or asynchronously (Async). For the PMDA, select Sync. |
AS2 Signature |
The method the system uses to sign outbound AS2 messages. The system supports the following signing methods:
|
AS2 Compress Before Sign |
If this option is selected, the system compresses messages before applying the Signing Algorithm. If this option is not selected, the system compresses messages after applying the Signing Algorithm. Note: We recommend leaving this option unselected. |
AS2 Additional ACK Stages |
If required, select one or more of the following options:
Note: We do not recommend using any additional ACK stages. |
AS2 Partner ID |
Enter one of the following PMDA identification codes:
Whether you will be submitting Study or postmarket Cases, enter one of these values. You can specify the destination gateway endpoint in the Transmission Profile. |
AS2 Partner URL |
Enter one of the following destination PMDA Gateway URLs:
|
AS2 Partner Certificate Expiry | The system automatically populates this field when an Admin uploads the Partner Certificate. |
AS2 Vault ID | Enter the sponsor ID registered with the PMDA. This value is the same as the customer's Routing ID you provided when setting up your production or test PMDA account. |
AS2 Vault URL |
Enter the AS2 URL of your Vault in the following format, replacing https://<SponsorName><Partner><Environment>.gateway.veevavaultsafety.com:4080/api/v1/inbound/transmission/
The following example demonstrates how to form the AS2 Vault URL for a Vault with the following values:
|
AS2 Vault Certificate Expiry | The system automatically populates this field when an Admin uploads the Sponsor Certificate. |
Upload the Partner and Sponsor Certificates
Vault Safety uses the Partner and Sponsor certificates to communicate securely with the Partner.
- Partner certificate: You will have received the Partner certificate as part of creating your account with the Partner.
- If you need help generating a Sponsor certificate, contact Veeva Managed Services.
Upload Partner Certificate
- From the All Actions menu, select Upload Partner Certificate.
- Select Choose, then select the Partner’s Public Certificate.
Accepted formats: PKCS7 (.p7b
or.p7c
), DER (.cer
or.der
) and PEM (.cer
,.crt
, or.pem
)
Vault checks the expiry date of the certificate. If the certificate is no longer valid, you cannot save the record.” - Select Continue.
Upload Sponsor Certificate
- From the All Actions menu, select Upload Sponsor Certificate.
- Select Choose, then select the Sponsor’s Public Certificate.
Accepted formats: PKCS12 (.pfx
or.p12
)
Vault checks the expiry date of the certificate. If the certificate is no longer valid, you cannot save the record. - Select Continue.
Add Connection Allowed IPs
Specify one (1) or more Allowed Connections for the AS2 Connection. These are Internet Protocol (IP) addresses that the system will allow to connect with this AS2 Connection.
Note: To obtain the latest list of allowed connections for the PMDA, contact Veeva Managed Services.
Perform the following steps for each Allowed Connection you want to add to the AS2 Connection:
- Go to the Connection Allowed Lists section, then select Create.
- Enter the Name, (optional) Description, and IP address of the Allowed Connection.
Ensure the format of the IP address isXX.XX.XX.XX
orXX.XX.XX.XX/{subnet mask}
where the{subnet mask}
is a number between 24 and 32. - Repeat steps 1 and 2 for each Allowed Connection.
- When you have added all the Allowed Connections, select Save.
Note: By default, Vaults are limited to 512 Allowed Connections. If your organization requires more, contact Veeva Managed Services.
Synchronize the Connection
Once you have entered all the details of the AS2 Connection, the Connection must be synchronized with the Gateway.
From the All Actions menu, select Sync Connection to Gateway.
When the system successfully completes this action, the Connection’s AS2 Vault Gateway State changes to Registered and the system can send and receive messages using this Connection.
Note: If the Sync Connection to Gateway action is not successful, ensure the value of each of the AS2 Connection fields is correct before retrying the action again. If the issue perists, contact Veeva Managed Services.
If you make any changes to the Connection object or its Connection Allowed List, the AS2 Vault Gateway State changes to Registered - Out of Sync. The system cannot send or receive any messages using this Connection while it is in the Out of Sync state. You will need to repeat the All Actions > Sync to Gateway action to restore the Connection to the Registered state.
Result
The PMDA AS2 Connection is active and available to use to submit case reports to the PMDA.
Configure the PMDA Transmission Profile
Vault Safety has a system-provided PMDA Transmission Profile for electronic PMDA Submissions. You must configure this Transmission Profile as part of the PMDA Gateway setup.
Manage Transmission Profiles provides instructions on setting up Transmission Profiles.
When setting up the Transmission Profiles, see the following guidance on setting the Origin and Destination IDs:
- Origin ID: Enter the ID registered with the PMDA, typically your D-U-N-S number. This value is the same as the customer’s Routing ID you provided when setting up your PMDA account.
- Destination ID: Enter
PMDA
.
Note: The Routing ID should be ‘PMDA’. Do not edit this value.
Once you set up the PMDA Transmission Profile, the system uses the appropriate Transmission Profile to generate Submissions based on your Vault’s reporting rules for PMDA.