EPCIS Event Capture

EPCIS event capture is the controlled, validated process of recording supply-chain and manufacturing observations as GS1 EPCIS events and committing them to an EPCIS repository via the Capture Interface. Events encode what objects were acted upon (e.g., SGTINs, lots, SSCCs), where and when the observation occurred (readPoint, business location, timestamps), and why (business step, disposition) using the Core Business Vocabulary (CBV). In regulated manufacturing, capture points span weigh-dispense, batch processing, packaging/serialization, aggregation, sampling, QA release, warehousing, and distribution handoffs.

EPCIS 2.0 enables JSON/JSON-LD-based events and modern web transport, improving interoperability compared to earlier XML/SOAP-based implementations. Proper capture underpins DSCSA package-level traceability for pharmaceuticals and supports FSMA 204 traceability records in food. Because EPCIS events become part of the permanent electronic record, they must meet Part 11/Annex 11 expectations for security, audit trails, and reliable time-stamping, and align with ISA-95 Level 3–4 integration patterns.

EPCIS describes business events through five principal event types: ObjectEvent (observations on specific EPCs/objects), AggregationEvent (parent-child relationships such as case/pallet builds), TransactionEvent (linking objects to business transactions like POs/shipments), TransformationEvent (inputs transformed to outputs, e.g., blending or kitting), and AssociationEvent (EPCIS 2.0, flexible linking/unlinking of identifiers). Each event carries mandatory attributes e.g., eventTime, eventTimeZoneOffset, and optional attributes such as readPoint, bizLocation, source/destination, quantity elements, and sensor elements where applicable.

Semantics with the GS1 Core Business Vocabulary (CBV)

CBV provides controlled values for bizStep (e.g., commissioning, packing, shipping), disposition (e.g., in_progress, active, recalled), and standardized identifiers (GTIN, SGTIN, SSCC, GLN). Using CBV-compliant codes eliminates ambiguity, enabling reliable downstream querying and regulatory reporting. In pharmaceutical packaging, for example, an ObjectEvent with bizStep=commissioning and disposition=active establishes a serial number’s legal existence; an AggregationEvent then nests it into an SSCC for shipment.

• ObjectEvent: commissioning, packing, sampling, shipping scans
• AggregationEvent: unit-to-case, case-to-pallet associations
• TransactionEvent: linking EPCs to ASN/PO/Invoice or work order
• TransformationEvent: blending, rework, kitting, assembly
• AssociationEvent (2.0): flexible link/unlink of EPCs, e.g., device-to-accessory

The EPCIS Capture Interface is a producer-push mechanism: edge systems (MES, serialization line controllers, smart scanners, WMS) POST batches of events to an EPCIS repository’s capture endpoint. Repositories validate schema (EPCIS 2.0 JSON/JSON-LD or EPCIS 1.2 XML), enforce CBV values, perform de-duplication/idempotency using eventIDs, and persist events with immutable audit trails. Architectures commonly implement asynchronous ingestion, with acknowledgments separate from semantic acceptance to survive transient outages.

Security controls include TLS for transport, strong authentication/authorization, and least-privilege scopes for event producers. Capture endpoints must scale to packaging-line burst rates and B2B spikes (e.g., ASN-linked events at shipment). Time-source reliability is critical; eventTime reflects when the physical observation occurred, while recordTime reflects repository commit. Both must be managed carefully for auditability, especially across time zones.

EPCIS capture bridges execution (ISA‑95 Level 3) and business processes (Level 4). MES generates events at procedural steps; ERP/WMS contributes transaction linkages (e.g., POs, ASNs). Well-governed capture embeds EPCIS emissions into eBMR/eDHR steps and warehouse movements so the serialized/lot genealogy is complete and queryable. Below is a representative mapping that validation teams can tailor to site recipes and SOPs.

Because EPCIS events become regulatory records or evidence supporting them, capture must satisfy electronic records/e-signature and data integrity principles. Part 11 and EU Annex 11 call for validated systems, secure user access, audit trails, and accurate, contemporaneous, original, attributable, and legible data (ALCOA+). MHRA’s data integrity guidance reinforces time synchronization, unique record identification, and enduring readability. EPCIS repositories therefore require audit-trail capabilities for event creation, amendments to metadata (not the event payload, which should remain immutable), and administrative actions.

• Authentication and authorization mapped to roles; least-privilege capture scopes
• Time synchronization and eventTime vs recordTime management with time-zone offsets
• Immutable event payloads; corrections via follow-on events (e.g., decommission, disaggregate)
• Audit-trail review workflow to detect anomalous bizStep/disposition patterns
• Electronic signatures on critical operations (e.g., batch release-linked events) where required by procedure
• Periodic backup/restore tests and retention policies aligned to product record retention

For U.S. pharmaceuticals, DSCSA requires interoperable, electronic, package-level tracing across trading partners. While the FDA does not mandate a particular standard, industry has converged on EPCIS for exchanging serialized product data and supporting enhanced distribution security. EPCIS Aggregation and Transaction events are pivotal to reconstruct shipment pedigrees and respond to investigations and recalls. For foods subject to FSMA 204, EPCIS can carry KDEs/CTEs in a standardized form, enabling efficient one-up/one-down traceability across heterogeneous systems.

• Pharma: commissioning, aggregation, shipping, returns verification and investigation via EPCIS exchanges
• Medical devices: UDI-based identifiers can be carried in EPCIS for kit assembly and distribution traceability
• Food processing: receiving, transformation (e.g., mixing), packing, shipping events to satisfy traceability rule
• Cosmetics and ingredients: supplier pedigree and lot genealogy for quality holds and rapid withdrawals

Reliable EPCIS capture depends on accurate identifiers and vocabulary governance. GTIN/SGTIN identify trade items and their serials; GLN identifies locations (readPoint, bizLocation); SSCC identifies logistic units; CBV manages bizStep/disposition semantics. Changes in packaging hierarchy, location codes, or CBV mappings must be controlled under change control, and synchronized to all producers before go-live to avoid invalid or ambiguous events. Master data lineage and versioning should be linked to validation documentation and SOPs.

1. Establish data ownership for GTIN/GLN/SSCC pools and CBV mappings.
2. Baseline and version master data; link to validation and release notes.
3. Distribute updates to all capture endpoints with deployment verification.
4. Monitor rejects at the capture endpoint for unknown identifiers or invalid CBV values.
5. Periodically reconcile EPCIS events to ERP/MES/WMS inventory and transactions.

Treat EPCIS capture as a GxP-relevant interface and repository. Apply a risk-based approach per GAMP 5: define intended use (user requirements), perform supplier assessment of repository/capture services, and verify with configuration and interface testing. Qualification should include positive/negative payloads, schema/CBV validation, idempotency/duplicate detection, time-zone handling, performance under packaging-line burst, resilience to outages with store-and-forward, and security/role-based access control. Evidence should trace to SOPs for event remediation (e.g., decommission, correction via follow-on events) rather than altering immutable history.

• Design: message schemas, code lists, identifier formats, error handling contracts
• Test: CBV-compliant and intentionally non-compliant events; malformed timestamps; unknown GLN/GTIN
• Security: authentication failures, authorization boundaries, and audit-trail completeness
• Performance: sustained throughput and spike tests aligned to line speeds and B2B volumes
• Continuity: backup/restore and replay of queued events without duplication

EPCIS 2.0 modernizes transport with RESTful HTTP and JSON/JSON-LD payloads; legacy implementations may use XML/SOAP and AS2 for B2B. Inside the plant, capture producers might be line controllers, scanners, MES, or WMS services posting directly to the repository or via an integration broker. Store-and-forward at the edge ensures continuity during network outages, with persisted queues, retry policies, and idempotent replay. Time normalization and consistent eventTimeZoneOffset are essential when devices operate in different time zones or with intermittent NTP.

• Use unique eventIDs to guarantee idempotency and deduplication during replay.
• Normalize identifiers (e.g., canonical SGTIN URI vs. GS1 element string) consistently across sources.
• Encrypt in motion (TLS) and restrict inbound IPs/tokens; log minimal PII/PHI (usually none in EPCIS).
• Apply back-pressure controls so capture keeps pace with line-rate scanning and aggregation bursts.
• Version JSON-LD contexts deliberately; avoid breaking downstream query semantics.

Most EPCIS capture defects stem from mis-specified semantics, weak master data, or time/sequence errors. These manifest as incorrect genealogy, untraceable shipments, or false discrepancies during investigations. Preventive controls combine CBV governance, robust validation, and operational monitoring.

• Incorrect aggregation order: emitting disaggregation before aggregation completes, breaking parent–child chains.
• Ambiguous bizStep/disposition: using non-CBV values that downstream partners cannot interpret.
• Clock drift: eventTime earlier than commissioning or later than shipping in implausible sequences.
• Mixed identifier formats: element strings in one source and EPC URIs in another without normalization.
• Unknown GLN/GTIN/SSCC: repository rejects events, silently reducing apparent traceability coverage.
• Overloaded capture endpoint: dropped connections at peak pack rates; insufficient retry/idempotency.

In V5 Ultimate, EPCIS emission is embedded into execution steps across MES, WMS, and quality workflows. Commissioning, aggregation, transformation, and shipment confirmations generate EPCIS 2.0 JSON events with CBV semantics, tied to the batch record (eBMR/eDHR) and warehouse transaction. The repository enforces schema and CBV validation, immutability, and audit trails, with role-based access and digital signatures per site SOPs where required.