Digital signatures are a key component of any digital software that deals with sensitive information. Digital signature management in SAP is a necessity for conforming to certain criteria in order to meet regulatory standards. Here we’ll take a look at how we can set up and trace digital signatures for SAP.
Step 1 – Basic Configuration
In order for us to set up the signature system we first need to verify or assign information in the IMG. The defaults for the time zone need to be maintained (the default for SAP should suffice). The date and time settings for individual users also need to be maintained, especially since digital signatures may need to be time-based in nature. To set this up, we visit System-> User profile -> Own data. Alternatively, we can run transaction code SU3. The Defaults tab is where the information we’re looking for is contained. The next step is defining the signature method. SAP supports two types of digital signature which we will explore.
Authorized System Signature
This system signature links a user’s authorized login to SAP to the signature and is the most secure system available without having to resort to an external, third-party system. To set this up, we open the IMG and navigate to the “Define Authorization Groups and Digital Signature” section under Environment -> Central Functions -> Authorization Management. We then open the “Specify Signature Method for Simple Signature” table and define a new one by selecting the “New Entries” button. We explore the Signature object type field and scroll the drop-down to find entries for “Inspection Lot: Results Recording” and “Inspection Lot: Usage Decision“. For the Signature Method field, we choose “System signature with authorization by R/3 user ID/password“.
For this method, an external security system should be present to enable users to execute their signatures with their own provided private keys. Each individual security product used would have their own documentation about how to use it in tandem with software such as SAP and since these execution methods tend to differ vastly, it is outside of the scope of our explanation to delve into how these security products generate their public keys and how they verify those keys.
Setting Up QM Authorization
We can perform authorization for the Quality Management user group in the IMG along with our other default settings. The Material Master’s QM view is designed to run at the “organizational level” of the Plant and we derive our digital signature management from the same template. We once again navigate to Environment -> Central Functions -> Authorization Management in the IMG and open the “Define Authorization Groups and Digital Signature” field. Here we can edit the existing entries or create a new one as a new QM Material Auth Group. Depending on what your QM system requires, you can set up what fields are required and what fields aren’t and save those within your authorization group.
Step 2 – Master Data
The first thing we will look into doing here is bringing over the QM Material Auth Group we just created to run under the QM View in the Material Master. Running transaction code MM02 opens the management console screen. We will select which plant we want to change settings for, which in this case would be Quality Management. Select the settings button for the Organizational Level Plant, and from there select the Quality Management tab and add in the previously defined authorization group. Once we add the signature, we can click the “Insp. Setup” button to see the material setting for the material we’re currently dealing with. Once everything has been properly set up, the signatures should work within the Materials Master when needed and will check to ensure all the requirements are met before putting the digital signature on the document.
Auditing and the Paper Trail
If you have need of reviewing the digital signatures that you created using electronic signature software, SAP offers a simple way to review the signature logs using transaction code DSAL. The code covers a wide range of audits and to narrow down the potential options, we’re going to have to select “inspection lot“. We can then filter results further by signatory or within a range of dates where the signature we’re looking for took place.
Secure SAP Operation
In many situations, multiple SAP users use the same desktop system in order to log in to the system. This digital signature system allows the company to keep track of which users are present within the SAP system at which times and which users authorized what. Furthermore, digital signatures need to be implemented before a company can meet certain regulatory standards such as FDA 21 CFR Part 11 or GMP guidelines. These digital signatures are very useful for a company to keep a detailed record of users and transactions as well as narrowing down problems within the human element of the system.