U.S. FDA TiTle 21 CFR PART 11 ComPliAnCe ASSeSSmenT of SAP SRm

Similar documents
U.S. FDA TiTle 21 CFR PART 11 ComPliAnCe ASSeSSmenT of SAP ReCiPe management

SAP CENTRAL PROCESS SCHEDULING BY REDWOOD: FREQUENTLY ASKED QUESTIONS

SAP Business One Financial Consolidation

Speed Business Performance, Lower Cost, and Simplify IT with Automated Archiving

SAP NetWeaver. INTRODUCING THE POWERED BY SAP NetWeaver PARTNER PROGRAM

Optimizing Asset Value and Performance with Enterprise Content Management

Getting Ready for May 25, 2018

SCM750. Processes in SAP Manufacturing Execution COURSE OUTLINE. Course Version: 11 Course Duration:

Information Lifecycle Management with SAP Software

SAP Services ASAP: PROVEN METHODOLOGY FOR FAST, SUCCESSFUL IMPLEMENTATION CONTENT, TOOLS, AND EXPERTISE TO HELP REDUCE PROJECT RISK

SAP Fieldglass Datasheet SAP FIELDGLASS INTEGRATION OVERVIEW AND DIFFERENTIATORS

SAP Business One Intercompany Purchasing

FEATURE SCOPE DESCRIPTION PUBLIC Feature Scope Description SAP SE or an SAP affiliate company. All rights reserved.

Intercompany Integration Solution for SAP Business One Centralized Payment

Complementary Demo Guide

HOW TO CONFIGURE SINGLE SIGN-ON (SSO) FOR SAP CLOUD FOR CUSTOMER USING SAP CLOUD IDENTITY SERVICE

Integrate, Automate, and Personalize Business Communications with Greater Ease

Securing Your Business in the Digital Age

Lifecycle Management for SAP BusinessObjects Error Messages Explained Guide

Complementary Demo Guide

Invoice Upload Guide THE BEST RUN. ADMINISTRATION GUIDE PUBLIC Release a (incubation release, not globally available)

ADM100. System Administration I for SAP S/4HANA and SAP Business Suite COURSE OUTLINE. Course Version: 19 Course Duration:

Integration Framework for SAP Business One The Capabilities Overview

Intelligent Enterprise

Store Specific Consumer Prices

Complementary Demo Guide

SAP Business ByDesign A Solution for Midsize Companies

SAP S/4HANA How to Create and Generate Backend Security Authorizations for SAP Fiori 2.0

Intercompany Integration Solution for SAP Business One Intercompany Allocation

SRM210 SRM Server Configuration

SAP Solution Manager Adapter for SAP Quality Center by HP

EU-GDPR and the cloud. Heike Fiedler-Phelps January 13, 2018

ADM100 AS ABAP Administration I

Configuration of Warehouse Management with Preconfigured Processes

SAP Product and REACH Compliance. REACH Compliance

SAP Education: Reporting Access User Guide

SAP SuccessFactors Onboarding

SAP NetWeaver Identity Management 7.0 SPS 2. Identity Management for SAP System Landscapes: Architectural Overview

SAP Road Map for Governance, Risk, and Compliance Solutions

Feature Scope Description for Enterprise Messaging THE BEST RUN FEATURE SCOPE DESCRIPTION PUBLIC

Compliant Provisioning Using SAP Access Control

Certificate SAP INTEGRATION CERTIFICATION

Feature Scope Description for SAP S/4HANA Cloud for Data Enrichment

FI Localization for Ukraine Accounts Payable (FI-AP)

Improve Enterprise Data Security, Compliance with Attribute-Based Authorizations

SAP Transportation Management 9.1, Support Package 2 Enterprise Services

WHITE PAPER EU General Data Protection Regulation Compliance

Interaction Center for Automotive

Release Notes SAP ERP Industry Extension Healthcare 6.0 Enhancement Package 7 Support Package 07

S4500. Business Processes in SAP S/4HANA Sourcing & Procurement COURSE OUTLINE. Course Version: 09 Course Duration:

SAP Global Certification Digital Badges Step-by-Step Guide

Fast-Track to a Digital Platform to Improve Utilities Customer Engagement

Intercompany Integration Solution for SAP Business One Discover How the Intercompany Solution Enables Financial Data Consolidation & Provides

SAP NetWeaver Demo Model: Java Demo Enterprise Services (SAP NetWeaver Composition Environment 7.1)

SAP Solution Manager Focused Insights Setup for ST-OST SP4. AGS Solution Manager SAP Labs France

Maintain Vendor Evaluation (155.13)

SolidWorks Enterprise PDM for Medical Device Manufacturers

Golden Audit Reporting

PLM400 Quality Management

Introducing SAP Fiori Keeping Simple Things Simple

SAP Fieldglass Datasheet SAP FIELDGLASS INTEGRATION OVERVIEW AND DIFFERENTIATORS

Apriso and FDA 21 CFR Part 11

BIT300 Integration Technology ALE

Release 6.0 HELP.SECGUIDE_ISHERCM

S4DEV. Hands-on Introduction to Application Programming on SAP S/4HANA COURSE OUTLINE. Course Version: 10 Course Duration: 3 Day(s)

Feature Scope Description for SAP S/4HANA Cloud for Intelligent Product Design

How To Handle the SLD for SAP XI

SAP Rapid data migration for SAP S/4HANA Software and Delivery Requirements. SAP Data Services 4.2 October 2016 English. Document Revisions

BPC420. SAP Business Planning and Consolidation, Version for SAP NetWeaver: Standard Administration and Planning Configuration COURSE OUTLINE

Frequently Asked Questions on Remote Support Platform for SAP Business One (RSP)

How Distributors Increase Income with Automated Rebates and Chargebacks

Feature Scope Description for SAP Cloud Platform Alert Notification (Beta) THE BEST RUN

Feature Scope Description for SAP Watch List Screening

Enablement Escalation for SAP Ariba Solutions

SAP Enterprise Inventory and Service-Level Optimization SAP Integration Tools September 2015

PS Project System. SAP ERP Central Component

Meet Your Citizens Where They Live Through Digital Content Management

Intercompany Integration Solution for SAP Business One Intercompany Reporting

SAP Fiori Extensibility overview

Using SMS Notifications to Keep Customers Informed and Engaged

mysap Supply Chain Management Solution Map Edition 2004

SAP Crystal Solutions

CUSTOMER Customizing Tables for Transfer Types and Enhancement Spot Container for EPC BADIs

Work Order and Notification Assignment Types Supported In Work Manager 5.3

ADM325. Software Logistics for SAP S/4HANA and SAP Business Suite COURSE OUTLINE. Course Version: 18 Course Duration: 5 Day(s)

SAP and SAP Ariba Solution Support for GDPR Compliance

Access Control 5.3. Implementation Roles and Responsibilities. Applies to: Summary. Version 2.0. Access Control 5.3

S4225. SAP S/4HANA Production Orders COURSE OUTLINE. Course Version: 09 Course Duration: 5 Day(s)

S4PR1 SAP S/4HANA Sourcing & Procurement - Functions & Innovations

FS240 Shared Processes for Loans and Deposits Management in Banking Services from SAP 9.0

S4F29 Profitability Analysis in SAP S/4HANA

Automated VAT Adjustment for Payments with PPD - Workaround

mysapsrm3.0isaworkinprogress

Frequently Asked Questions on Secure Usage of Remote Support Platform for SAP Business One (RSP)

S4PR1 SAP S/4HANA Sourcing & Procurement - Functions & Innovations

Procurement Insights from the SAP Ariba Benchmark Program

Field Data Capture for Upstream Allocations with SAP MII Release 2.0

SAP SuccessFactors Learning Marketplace

SAP SuccessFactors HCM Suite. Q Release Highlights SAP SE or an SAP affiliate company. All rights reserved. 1 / 11

Indirect Access Guide for SAP Installed Base Customers. April / SAP SE or an SAP affiliate company. All rights reserved.

Transcription:

U.S. FDA Title 21 CFR Part 11 Compliance Assessment of SAP SRM

Disclaimer These materials are subject to change without notice. SAP AG s compliance analysis with respect to SAP software performance based on FDA Title 21 CFR Part 11: (i) in no way expresses the recognition, consent, or certification of SAP software by the United States Food and Drug Administration; and (ii) applies to certain components of SAP SRM 5.0 only as stated herein. The customer is solely responsible for compliance with all applicable regulations, and SAP AG and its affiliated companies ( SAP Group ) have no liability or responsibility in this regard. These materials are provided by SAP Group for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. 2

Contents Summary...................................................................... 4 FDA Title 21 CFR Part 11 Assessment.............................................. 5 Security.............................................................................. 5 E-Records............................................................................ 5 Versions of Purchasing Documents..................................................... 5 Digital Signature...................................................................... 5 Encapsulated Signature Tool in SAP NetWeaver.......................................... 5 How SAP SRM 5.0 Complies with Part 11.................................................. 6 References..................................................................... 7

Summary On the basis of the interpretation of the FDA Title 21 CFR Part 11 rule of the U.S. Food and Drug Administration and the functions and features discussed within this document, SAP AG believes that the SAP Supplier Relationship Management (SAP SRM) 5.0 component technically complies with the intent and requirements of FDA Title 21 CFR Part 11.

FDA TITLE 21 CFR Part 11 Assessment Security The SAP SRM 5.0 component is built on the SAP NetWeaver Application Server (SAP NetWeaver AS) component. Therefore, all security features of SAP NetWeaver AS are valid for SAP SRM 5.0. E-Records SAP SRM 5.0 contains the following change document objects: shopping basket, purchase order, contract, request for proposal, bid, confirmation, and invoice. These change document objects contain the following information: Old value of an attribute of the changed business object New value of this attribute Person who changed the value (user ID written on the database and full name of user displayed) Date and time of change, in terms of Coordinated Universal Time (UTC) Action (create, modify, or delete) Versions of Purchasing Documents The SAP Enterprise Buyer component of SAP SRM provides you with version management for purchasing documents. As a first step, you can display versions of purchase orders and contracts. SAP Enterprise Buyer creates a version if you as a purchaser carry out one of the following actions: Change a posted purchase order Order a posted purchase order again Change a contract that has already been released Release an already released contract again In contrast to the change documents that retain a change history, a version displays the status of a document at a specific point in time. Version management provides a check for you as a purchaser, for example, if you wish to display a purchase order in the form in which you transferred it to the vendor on day X. A version provides clarity in areas such as negotiations on a contract. Archiving objects are available for the change document objects of the shopping basket, as well as for the purchase order, contract, request for proposal, bid, confirmation, and invoice. For restrictions that are not critical as per good manufacturing practice (GMP) guidelines, SAP Enterprise Buyer does not log changes regarding price, condition, or related issues. Digital Signature You cannot configure SAP SRM to handle digital signatures. Encapsulated Signature Tool in SAP NetWeaver AS The powerful encapsulated signature tool in SAP NetWeaver AS enables you to include signature functionality in any transaction or business process within the mysap Business Suite family of business applications. The tool can be integrated into any business area in mysap Business Suite. The encapsulated signature tool enables all transactions and work flow in mysap Business Suite to include signature functionality. You must have release 6.20 or higher of SAP NetWeaver AS (formerly named SAP Web Application Server). For further information, refer to the implementation guide titled Digital Signature Tool. (See References below.) 5

How SAP SRM 5.0 Complies with Part 11 The following table summarizes how SAP SRM 5.0 complies with each requirement of Part 11. Part 11 Clause 11.10(a) 11.10(b) 11.10(c) 11.10(d) 11.10(e) 11.10(f) 11.10(g) SAP SRM 5.0: Part 11 Compliance SAP Assessment of SAP SRM 5.0 All electronic records within SAP SRM provide adequate audit trails that you can review for information. SAP SRM secures these records from unauthorized access. All electronic records generated in SAP SRM are accurate, complete, and presented in a human-readable format. SAP SRM electronic records can be printed or exported into several industry-standard formats, such as ASCII. You can maintain all electronic records in the active database or archive the records to accommodate all required retention periods, even when the software is upgraded. Access to these records is secured by standard authorization profiles of SAP software. Robust security administration and authorization profiles assure system access. Changes to security profiles are recorded in SAP NetWeaver AS. SAP SRM automatically generates all electronic records for creating, modifying, or deleting data. These records are date stamped and time stamped and include the user ID of the individual who is logged on the system and who performed the action. Electronic records also maintain the old and new values of the change and the transaction used to generate the record. This is not applicable to SAP SRM. SAP SRM and SAP NetWeaver AS execute authority checks in conjunction with the robust security administration and authorization profiles of SAP NetWeaver AS to ensure that only authorized individuals can access the system and access or perform the operation at hand. SAP NetWeaver AS also records changes to authorization profiles. 11.10(h) This is not applicable to SAP SRM 5.0. 11.10(i) The product innovation life cycle (PIL) for SAP development requires that all personnel responsible for developing and maintaining SAP SRM have the education, training, and experience to perform their assigned tasks. A wide range of additional education and training offerings and regular assessments of individual training requirements ensure a process of continuous learning for staff involved in the development and support of all SAP software. 11.10(j) This is not applicable to SAP SRM 5.0. 11.10(k) SAP SRM maintains the electronic records for revision and change control according to clause 11.10(e). 11.30 For open systems, SAP NetWeaver AS supports interfaces with complementary software partners that supply cryptographic methods such as public key infrastructure (PKI) technology. 11.50(a) 11.50(b) 11.70 11.100(a) 11.100(b) This is not applicable to SAP SRM 5.0. 11.100(c) This is not applicable to SAP SRM 5.0. 11.200(a)(1) 11.200(a)(2) This is not applicable to SAP SRM 5.0. 11.200(a)(3) 11.200(b) 11.300(a) 11.300(b) SAP NetWeaver AS provides a certified interface to biometric devices such as fingerprint and retinalscanning devices. Look for SAP-certified security partners in the SAP Service Marketplace extranet. The user and security administration functions of SAP NetWeaver AS provide the necessary controls to ensure that no two individuals have the same combination of identification code (user ID) and password. You can configure SAP NetWeaver AS to force users to change passwords at various intervals, and the component provides system checks to prevent users from repeating passwords or using combinations of alphanumeric characters that are included in the user ID. You can also invalidate user IDs, for example, when an employee leaves the company. 11.300(c) This is not applicable to SAP SRM 5.0. 11.300(d) SAP SRM 5.0 and SAP NetWeaver AS provide the following features: When the number of failed attempts (for either logon or signature) is exceeded, the SAP software prevents the user from further access, without intervention from the security administration. Note that the number of failed attempts allowed is configurable. SAP NetWeaver AS generates an express mail in the SAP software system and sends it to a defined distribution list to notify the security administration in an immediate and urgent manner. In addition, you can interface any messaging system compliant with the messaging application programming interface (MAPI) to SAP NetWeaver AS to send the message externally to e-mail systems such as Microsoft Exchange or even a paging system. An electronic record of all failed attempts (for either logon or signature) is maintained in the security audit log of SAP NetWeaver AS. SAP NetWeaver AS also generates electronic records for the locking and unlocking of users. 11.300(e) This is not applicable to SAP SRM 5.0. 6

References For more information, look up the following references, many of which are found in the SAP Service Marketplace extranet (authorization required): Complying with U.S. FDA Title 21 CFR Part 11 for the Life Sciences Industry (white paper, www.sap.com/usa/solutions/ grc/pdf/bwp_fda_title21.pdf) Financial Supply Chain Management with SAP (white paper, www.sap.com/solutions/business-suite/erp/financials/ pdf/bwp_wp_fscm.pdf), Delivering Operational Excellence with Innovation (white paper, www.sap.com/. solutions/esa/pdf/bwp_delivering_operational_. Excellence.pdf), and Adaptive Business Networks: A Strategy for Mastering Change and Efficiency in Manufacturing (white paper, www.sap.com/solutions/business-suite/scm/pdf/ BWP_WP_Adaptive_Bus_Networks_Mfg.pdf) Digital Signatures in SAP Applications: SAP Best Practices Guide Digital Signature Tool, an implementation guide available in note 700495 in SAP Notes FDA Title 21 CFR Part 11 Electronic Records; Electronic Signatures: Final Rule, March 1997 (www.fda.gov/ora/compliance_ref/part11/) Authors: Dr. Christoph Roller and Dr. Anja Modler-Spreitzer, IBU Consumer Products & Life Sciences, SAP AG

www.sap.com/contactsap 50 082 632 (06/12) 2006 by SAP AG. All rights reserved. SAP, R/3, mysap, mysap.com, xapps, xapp, SAP NetWeaver, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary. Printed on environmentally friendly paper. These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies ( SAP Group ) for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback