AMS two-factor authentication - news
News in AMS - two-factor autentication
The Czech Medicines Verification Organization (CZMVO) would like to inform pharmacies and wholesalers about a change in signing into the Alert management system (AMS). In order to enhance security, the authentication will involve two steps. The SW providers, who were informed beforehand, are supportive of this change. It is an important step respecting the current trend in enhancing IT systems security. It is also a response to conclusion of the security IT audit (10/2022).
Two-factor authentication for web interface
A two-factor authentication will be implemented for access to the CZMVO AMS web interface. E-mail address will be primarily used as the second factor, optionally Google Authenticator, laterMicrosoft Authenticator (or other) will be applicable prospectively. Selection of the second (or other) factor will be managed by a user in Users administration of the respective organization. This change will also include a transfer to the OAuth 2.0 protocol for those users communicating with the AMS directly by API via their SW applications.
Implementation is set to occur in two phases:
The pilot phase took place in May and enabled testing in real operation on a selected sample of users (selected marketing authorization holders, pharmacies, wholesalers).
After evaluation of the pilot it has been made available to all users since May 30. A gradual transition in the minimal period of 5 months follows in order to ensure higher version of secured access to AMS. Conclusion of this period is set for 26th October 2023.
SWs using API queries to AMS must first register with NOOL and then receive a token that they can start using.
Users accessing the AMS via the web interface can "switch" to two-factor authentication at any time during the transition period. At the end of October, the switch will be enforced automatically.
Statement of SÚKL (NCA) regarding AMS
Use of AMS in the process of alert resolution is supported by the State Institute for Drug Control. Hereunder is an extract from a statement posted in February 2023:
In compliance with the intention of the European Medicines Verification Organization (EMVO), the Czech Medicines Verification Organization (CZMVO) developed a national alert management system (AMS), which enables a fast resolution of alerts via either Application Programming Interface (API) or web interface. The AMS is being further developed in accordance with requirements of the European Alert Management System (EAMS).
AMS is a supportive system to the National Medicines Verification System (NMVS). The objective of the supportive system is to facilitate communication related to alert resolution, automate the whole alert investigation process, and share information. Finally, the system helps to reduce the count of „false positive” suspicions of counterfeit medicines.
The State Institute for Drug Control considers the use of AMS as a key tool to ensure control of medicines via safety features and calls upon marketing authorization holders, wholesalers and pharmacies to resolve and close their alerts via this system. The obligation to resolve all alerts is based on article 37/d of the COMMISSION DELEGATED REGULATION (EU) 2016/161. The CZMVO can only follow this obligation in cooperation with marketing authorization holders, wholesalers and pharmacies.