Configure MFDS AS2 Connection

Set up an AS2 Connection and Transmission Profile to support submissions through the MFDS Gateway.

About AS2 Connection Support for the MFDS Gateway

Vault Safety supports electronic reporting to the Korean Ministry of Food and Drug Safety (MFDS) Gateway through AS2 (system-to-system) communication. The MFDS Gateway can be used for ICSR submissions to the MFDS in the MFDS E2B(R3) file format. Vault’s integration with the MFDS allows you to set up an AS2 Connection to submit ICSRs directly from Vault Safety and receive gateway responses.

Prerequisite: Activate MFDS as a Standard Organization

The MFDS is a standard Agency provided with Vault Safety. However, in certain Vaults, your Admin must activate the Agency record.

Complete the following steps if the MFDS is inactive in your Vault:

Go to Business Admin > Objects > Organizations.
Open the MFDS Agency record.
From the All Actions menu, select Change State to Active.

Note: The Change State to Active user action appears only if configured by your Admin. Enable Regulatory Agencies as Standard Organizations provides instructions.

Configure an MFDS Account

Before you can configure the Vault Safety AS2 Connection, you must have an active MFDS AS2 account.

Public and Private Certificates

As part of the MFDS registration process, you must obtain a public and private certificate pair and send the public certificate to the MFDS. If you need help generating these certificates, contact Veeva Managed Services.

Configure the MFDS Transmission Profile

Vault Safety has a system-provided MFDS Transmission Profile for electronic MFDS Submissions. You must configure this Transmission Profile as part of the MFDS Gateway setup.

See the following guidance on setting the Origin and Destination IDs on Transmission Profiles:

Origin ID: Enter the ID registered with the MFDS.
Destination ID: Enter MFDS.

Setting up the MFDS Transmission Profile supports generating Submissions based on your Vault’s reporting rules for MFDS.

Add a Submission Rule Set

Vault does not provide a standard MFDS Rule Set for ICSR submissions. To support transmissions to the MFDS in MFDS E2B(R3) format, you can create and configure your own custom Rule Set to meet agency requirements.

Configure a Vault Safety AS2 Connection

Go to Admin > Connections, then select Create.
For the Connection Type, select AS2, then select Continue.
Complete the AS2 Connection Fields.
Select Save.

AS2 Connection Fields

Field	Description
Name	Enter a name for the AS2 Connection. This name must be unique in your Vault.
API Name	Enter an API Name for the AS2 Connection. This name must be unique in your Vault.
Contact Email	Enter the Sender's Email.
Description	Enter a description for the AS2 Connection.
AS2 Vault Gateway State	Vault populates this field with the current state of the AS2 Vault Gateway, which consists of one (1) of the following options: Unregistered: The Sync to Gateway action has not yet been run for this AS2 Connection. Registered: The AS2 Connection is synchronized with the Gateway. Out of Sync: Changes have been made to the AS2 Connection or its Connection Allowed List since the last time the Sync to Gateway action was run. From the All Actions menu, select Sync To Gateway to resync the AS2 Connection with the Gateway.
AS2 Additional ACK Stages	If required, select one (1) or more of the following options: HTTP Handshake: Used primarily for asynchronous requests. PRE-ACK: Used mainly for FDA VAERS, but can be used with synchronous or asynchronous requests. Note: We do not recommend using any additional ACK stages.
AS2 Encryption	The algorithm Vault uses to encrypt outbound AS2 messages and decrypt inbound messages. Vault supports the following algorithms: Triple DES (3DES) AES-256-GCM AES-256-CBC For the MFDS, select AES-256-CBC.
AS2 MDN Setting	Whether the Message Delivery Notification (MDN) can be exchanged synchronously (Sync) or asynchronously (Async). For the MFDS, select Sync.
AS2 Signature	The method Vault uses to sign outbound AS2 messages. Vault supports the following signing methods: SHA-1 SHA-256 For the MFDS, select SHA-256.
AS2 Compress Before Sign	If you select this option, Vault compresses messages before applying the Signing Algorithm. If you do not select this option, Vault compresses messages after applying the Signing Algorithm. Note: We recommend leaving this option unselected.
AS2 Partner ID	Enter one of the following MFDS identification codes: For a production account, enter the value supplied to you by the MFDS. For a test account, enter the value supplied to you by the MFDS. Whether you are submitting Study or postmarket Cases, enter one (1) of these values. You can specify the destination gateway endpoint in the Transmission Profile.
AS2 Partner URL	Enter one (1) of the following destination MFDS Gateway URLs: For a production account, enter the value supplied to you by the MFDS. For a test account, enter the value supplied to you by the MFDS.
AS2 Partner Certificate Expiry	Vault automatically populates this field when your Admin uploads the Partner Certificate.
AS2 Vault ID	Enter the sponsor ID registered with the MFDS. This value is the same as the customer's Routing ID you provided when setting up your MFDS account.
AS2 Vault URL	Vault automatically populates this field when you enter the AS2 Vault Domain / IP Configuration field below.
AS2 Vault Certificate Expiry	Vault automatically populates this field when your Admin uploads the Sponsor Certificate.
AS2 Vault Domain / IP Configuration	Select the method the Partner uses to interface with the AS2 Connection. AS2 Vault URL: Domain Name (typical): A standard domain name that resolves to dynamic IP addresses. AS2 Vault URL: Domain Name bound to static IP addresses: A standard domain name that resolves to static IP addresses. AS2 Vault URL: IP URL (uncommon): A non-standard IP address domain name that resolves to an IP address. For the MFDS, select AS2 Vault URL: IP URL (uncommon).
AS2 Ingress IPs	If you set the AS2 Vault Domain / IP Configuration field to AS2 Vault URL: Domain Name bound to static IP addresses, Vault populates this field automatically.

Vault Safety uses the Partner and Sponsor certificates to communicate securely with the Partner.

You will have received the Partner certificate as part of creating your account with the Partner.

If you need help generating a Sponsor certificate, contact your Veeva Representative.

Upload Partner Certificate

Go to Admin > Connections > [Connection].
From the All Actions menu, select Upload Partner Certificate.
Select Choose, then select the Partner’s Public Certificate.
The following accepted formats are:
- PKCS7 (.p7b or .p7c)
- DER (.cer or .der)
- PEM (.cer, .crt, or .pem)
  Vault checks the expiry date of the certificate. If the certificate is no longer valid, you cannot save the record.
Select Continue.

Go to Admin > Connections > [Connection].
From the All Actions menu, select Upload Sponsor Certificate.
Select Choose, then select the Sponsor’s Public Certificate.
The accepted formats are PKCS12 (.pfx or .p12)
Vault checks the expiry date of the certificate. If the certificate is no longer valid, you cannot save the record.
Select Continue.

Add Connection Allowed IPs

Specify one (1) or more Allowed Connections for the AS2 Connection. These are Internet Protocol (IP) addresses that Vault will allow to connect with this AS2 Connection.

Note: To obtain the latest list of allowed connections for the MFDS, contact your Veeva Representative.

Perform the following steps for each Allowed Connection you want to add to the AS2 Connection:

Go to Admin > Connections > [Connection].
Go to the Connection Allowed Lists section, then select Create.
On the Create Connection Allowed List window, complete the following information:
- Name: Enter a name for the Allowed Connection.
- (Optional) Description: Enter a description for the Allowed Connection.
- IP: Enter the address of the Allowed Connection.
  Ensure the format of the IP address is XX.XX.XX.XX or XX.XX.XX.XX/{subnet mask} where the {subnet mask} is a number between 24 and 32.
Repeat the above steps for each Allowed Connection.
When you have added all the Allowed Connections, select Save.

Note: By default, Vaults are limited to 512 Allowed Connections. If your organization requires more, contact your Veeva Representative.

Synchronize the Connection

Once you have entered all the details of the AS2 Connection, the Connection must be synchronized with the Gateway.

From the All Actions menu, select Sync Connection to Gateway.

When Vault successfully completes this action, the Connection’s AS2 Vault Gateway State changes to Registered and Vault can send and receive messages using this Connection.

Note: If the Sync Connection to Gateway action is not successful, ensure each field value on the AS2 Connection is correct before retrying the action again. If the issue persists, contact your Veeva Representative.

If you make any changes to the Connection object or its Connection Allowed List, the AS2 Vault Gateway State changes to Registered - Out of Sync. Vault cannot send or receive any messages using this Connection while it is in the Registered - Out of Sync state. You will need to repeat the All Actions > Sync to Gateway action to restore the Connection to the Registered state.

Result

The MFDS AS2 Connection is active and available to use to submit case reports to the MFDS.

Configure Transmission Lifecycles and Workflows

We recommend that you configure Transmission lifecycles and workflows to align with your organization’s standard operating procedures. The following items are best practices and recommendations:

Configure a Case Transmission Error workflow to handle Transmission errors.
Configure a workflow to prevent a Transmission record from entering a Ready for Submission state until a Transmission Profile is specified.

About Object Lifecycles and About Object Workflows provide more information about configuring lifecycles and workflows.