CARO User Guide for Trading Partners #

About This Document #

This document walks you through the functionalities of the CARO app, Spherity’s Credentialing Service for Authorized Trading Partners (ATP), to enable you to navigate the user interface. It does neither explain any technical details of the Credentialing Service nor provide guidelines for the technical implementation of CARO.

This document will be updated continuously. Please check back frequently, as new features and functionalities will be added to the application and explained here.

If you are looking for a high-level overview of CARO, download our info brochure or visit the CARO website. You may also want to peruse some essential concepts about our app.

Development Status #

The current application is a beta version, which is continuously being developed further.

If you are in the process of testing CARO, we would love to hear your feedback. Which functionalities or info screens are useful to you? What should we add or remove? How can we make your life easier? Please get in touch through one of the means detailed at the bottom of this page.

Getting Started #

An important step for getting properly set up with CARO is to onboard your organization. This involves checking a few documents that prove your organization’s details and ATP status. Get a quick overview of the information needed to register your organization in our short onboarding guide.

You must be invited to CARO before you can access it. The web app resides on app.caro.vc.

Once you have received an email invite, accept it by following the link in the email. On the CARO log-in screen you can check your details and set a password. After log-in, you will be forwarded to the CARO Dashboard.

If you are unsure, you may want to watch our short video that walks you through the onboarding process.

Dashboard #

The dashboard provides some useful information about your credentials and account activity. It will also alert you to any critical issues that require your attention (see Attention required card in the screenshot below).

New to CARO? #

When you get started with CARO, the dashboard will show you a Welcome card. Simply follow the steps explained on the card to get set up with your first two essential credentials. An Attention required card may pop up to keep you right in case of any critical issues along the way.

System-wide Search #

The search function applies across the CARO app. It groups results into applicable categories, such as reports, events, or credentials. You can access it from any app screen by finding it in the sidebar or using the keyboard shortcut CTRL+K.

Account Selection #

Clicking on the account selector in the sidebar opens the account overview. All Enterprise Accounts to which you have been granted user access are listed here. You can switch between accounts by clicking on the switch option for each.

VRS Events #

The term VRS Events within CARO refers only to the credential processing between CARO and your VRS, not the entire VRS messaging roundtrip.

You can find your VRS Events in the menu section VRS Interactions. This screen shows a list of all VRS interactions with your Enterprise Account once they have taken place. You can filter your view and download transaction listings. The screen provides the status of incoming and outgoing VRS Events. Read more in section VRS Event Status below.

Before any interaction can happen, your VRS provider must have been granted restricted access to your Enterprise Account. This is either done by Spherity or your VRS provider in agreement with you.

VRS Event Details #

Clicking on any of the interactions in the VRS Events list will open a details view of this event.

Example: Outgoing VRS Event

For Outgoing VRS Events only, you will see a section called Counterparty Interaction. The counterparty is the trading partner you have interacted with in the selected VRS-facilitated exchange. Read more in section VRS Event Status below.

VRS Event Status #

In the list view, CARO displays one VRS Event status for incoming events and up to two statuses for outgoing events.

The first status icon in the VRS Events overview screen applies to both outgoing and incoming VRS Events. It tells you about the VRS-facilitated credential exchange at your end of the interaction with the other trading partner, i.e. your counterparty.

The second status icon in the VRS Events overview screen applies only to outgoing VRS Events. It tells you what has happened to your VRS-facilitated credential exchange at your counterparty’s end of the interaction. This status is only available when your counterparty is also a CARO user. Furthermore, it is possible that your VRS finds that something is wrong with your credential and may choose not to send it over to your business partner. Hence, there would be no counterparty status.

Note that the second icon pops out when you hover over it in the VRS Events overview screen. The blue eye icon tells you that the second (i.e. counterparty) status is available. The eye is greyed out when the counterparty status is not available.

On drilling into VRS Event Details of an outgoing event, you will see a section called Counterparty Interaction. This section portrays the flow of your credential details from your CARO Enterprise Account through your VRS to the other trading partner.

If the counterparty status is available, the following flow is displayed.

If the counterparty status is not available, the following flow is displayed.

VRS Reports #

You can find your VRS Reports in the menu section VRS Interactions. This screen shows a list of all VRS messaging roundtrips, i.e. the outgoing and incoming VRS Events belonging to the same unique interaction identifier (Correlation UUID). The same identifier is also used by your VRS provider and, thus, represents a shared reference for audits and inquiries across systems.

VRS Report Details #

Clicking on any of the VRS roundtrips in the VRS Reports list will open a details view of this roundtrip. This tells you what exactly happened in the entire interaction trail between your Enterprise Account and your counterparty.

Clicking on any of the interactions in the Correlating Events list will redirect you to the VRS Event details view of this event.

Enterprise Identifiers #

You can find your Enterprise Identifiers in the menu section Enterprise Wallet. This screen shows your Enterprise Account’s decentralized identifiers (DIDs). Each Enterprise Account must have at least one such Enterprise Identifier because having a unique DID assigned to your enterprise is a prerequisite for credential acquisition. Each enterprise that requires its own set of credentials must have its own DID. This DID is persistent. This means it will never change within the system so that it continuously identifies the particular enterprise to which it had been assigned originally.

Enterprise Identifier Details #

Clicking on any of the DIDs in the Enterprise Identifier list will open a details view of this DID.

Adding New Enterprise Identifiers #

Generally, CARO automatically creates your first DID as part of the initial onboarding process.

Should you require more DIDs, say for additional business locations that hold their own credentials, you will need to create a new unique DID per additional enterprise.

It is important to note that any VRS events linked to any of the DIDs in the same Enterprise Account will be visible to all users with the respective user-level permissions within this Enterprise Account. If you wanted to keep the interaction records of particular enterprises separate, you would need to create a new separate Enterprise Account instead. Please contact us to explore which option is most suitable for your situation if you are unsure.

After clicking Create New Identifier on the main screen, you will be prompted to give your new DID a meaningful name and select a method to create this identifier, a so-called DID method. If all you want is to create a DID for a real enterprise, simply select the first option (did:ethr). If you are interested in experimenting with CARO, select any of the other DID methods. Please contact us if you want us to join your experiment or to discuss your needs.

Once you have confirmed your choice, you will be redirected to the Enterprise Identifiers overview page where you can see your newly created DID listed.

Credentials #

On joining CARO you will undergo a process called credentialing during which your enterprise’s legal and regulatory status within the US pharmaceutical supply chain is checked. The result of this process are the digital Verifiable Credentials you hold within CARO.

You can find your Credentials in the menu section Enterprise Wallet. This screen shows these Verifiable Credentials associated with your Enterprise Account. You can drill into the detail of credentials you already hold and check the status of any credential requests that are awaiting issuance.

Credential Details #

Clicking on any of the credentials in the list will open a details view of this credential.

Adding New Credentials #

Note that you do not need to use this screen for your first two credentials as long as you go through the simplified process using the aforementioned Welcome card on the Dashboard.

Step 1. After clicking Acquire New Credentials on the main screen, you will be prompted to select the Enterprise Identifier underlying the new credential.

If you only have one Enterprise Identifier…

• and your new credential is to be held by the same legal entity
• and you want to manage that entity’s data within the same CARO Enterprise Account,

then simply select the existing identifier.

If you are looking to obtain a credential for a different legal entity whose data you want to manage within the same CARO Enterprise Account, you would need to obtain an additional Enterprise Identifier first. Find out how to create a new Enterprise Identifier in section Adding New Enterprise Identifiers before acquiring a new credential.

If you are looking to obtain a credential for a different legal entity whose data you want to manage in a separate CARO Enterprise Account, please contact your solution provider’s customer support team or us directly.

Step 2. Next select the desired Credential Type, i.e. what kind of credential you need. Note that you can only acquire a DSCSA ATP Credential after obtaining an Identity Credential.

Step 3. Next select the Credential Issuer. This is the organization that will perform the due diligence on the pieces of evidence you will provide as justification for your credential request. When they are satisfied that everything is in order, they will issue the credential straight into your CARO Enterprise Account.

Once you have confirmed your choice, you will be redirected to the user interface of the integrated Credential Issuer. There you will need to provide the requested details for the issuer’s due diligence process such as the registered company address and certain documents. Find out what’s needed in our preparation guide.

Watch this short video to get an idea of the issuer’s interface.

Credential Request Progress #

Clicking on any of the pending credential requests on the main screen in the credentials list will open a details view of this credential request. Here you can see how far the request has already progressed through the application stages. Your current status is the actual status. Future stages are predicted based on expected next steps. The actual status is revised automatically as soon as the integrated Credential Issuer sends updates to CARO.

You can resume incomplete credential requests from this screen, too. Clicking the button will redirect you to the Credential Issuer interface.

Trading Partners #

This screen shows a list of all authorized trading partners with whom interactions have taken place. This view auto-populates. You do not need to add your trading partners manually.

Trading Partner Details #

Clicking on any of the trading partners in the list will open a details view of this trading partner. Besides general company information, this includes a list of all VRS-facilitated roundtrips between them and you. Drilling into the detail of an exchange will redirect you to the respective detailed VRS Report.

Settings #

Here you can see which service providers are connected to your Enterprise Account and manage your Enterprise Account’s enforcement of multi-factor authentication.

User Management #

This screen shows all users who have access or have been invited to the selected Enterprise Account.

Adding New Users #

After clicking Invite New User on the main screen, you will be directed to a form to enter the new user’s email address and select their user role. Once you have confirmed the invitation, the new user will receive an email inviting them to set-up their account access.

Available User Roles #

Admin #

• Administrating wallet set-up
• Enterprise identity configuration
• User and role management
• Credential management

Credential Manager #

• Requesting Identity and ATP credentials
• Managing existing credentials

Auditor #

• Monitoring VRS events
• Investigating VRS events

Managing Existing Users #

Clicking on any of the existing users on the main screen will open a details view of this user.

Clicking on your own user on the main screen or in the sidebar will open a details view of your own set-up. The display here is more expansive than for other users.

You can change the selected user’s role and access by clicking on Edit Profile.

Activity Log #

This screen lists the actions account users have performed in your Enterprise Account, such as applying for a credential or removing another user.

App Status Monitor #

The app status, including maintenance updates, can be found at https://status.caro.vc/.

You can also subscribe to updates via RSS: https://status.caro.vc/rss.

Support #

If you have already been invited to a dedicated Spherity Slack support channel, seeking assistance there will be the most straight-forward way for you to reach the CARO support team.

Otherwise please contact [email protected] for product-related questions or [email protected] for technical queries.