U.S. FDA TiTle 21 CFR PART 11 ComPliAnCe ASSeSSmenT oF SAP® enviRonmenT, HeAlTH & SAFeTy

Disclaimer

These materials are subject to change without notice. SAP AG’s compliance analysis with respect to SAP® software performance based on FDA Title 21 CFR Part 11: (i) in no way expresses the rec-ognition, consent, or certification of SAP software by the United States Food and Drug Administration; and (ii) applies to certain components of SAP Environment, Health & Safety (SAP EH&S) application only as stated herein. The customer is solely respon-sible for compliance with all applicable regulations, and SAP AG and its affiliated companies (“SAP Group”) have no liability or re-sponsibility in this regard. These materials are provided by SAP Group for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for er-rors or omissions with respect to the materials. The only warran-ties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be con-strued as constituting an additional warranty.

2 �

2 �

ConTenTS

Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

FDA.Title.21.CFR.Part.11.Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

SAP EH&S . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

E-Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

– FDA Requirement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

– Change Management in SAP EH&S . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Digital Signature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

How SAP EH&S Complies with FDA Title 21 Part 11 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

SUmmARyOn the basis of the interpretation of the FDA Title 21 CFR Part 11 rule of the U.S. Food and Drug Administration and the functions and features discussed within this document, SAP AG believes that the SAP® Environment, Health & Safety (SAP EH&S) applica-tion fully complies with FDA Title 21 CFR Part 11.

� 5

FDA TiTle 21 CFR PART 11 ASSeSSmenT SAP eH&S

The SAP EH&S application includes the following components:• Basic data and tools

With the basic data and tools component, you can manage specifications for different SAP EH&S application objects (sub-stances, dangerous goods classifications, agents, waste codes, and packagings) and create templates for reports.

• Product safety The product safety component contains functions required to manage hazardous substances in companies that manufacture hazardous substances. For example, you can manage and ship environment, health, and safety (EH&S) reports, such as mate-rial safety data sheets, and create labels. The software can de-termine data sheets and labels automatically and create the composition of the specification for the relevant substance from the bill of material (BOM) for a material.

• Hazardous substance management The hazardous substance management component contains functions that allow companies that use hazardous substances to manage them appropriately. For example, functions are available that make it easier for you to create the reports pre-scribed by the U.S. Superfund Amendments and Reauthoriza-tion Act (SARA).

• Dangerous goods management With the dangerous goods management component, you can manage dangerous goods master records, run dangerous goods checks, and create dangerous goods documents.

• Occupational health With the occupational health component, you can support the general employee occupational healthcare in your enterprise. You can record all relevant medical data (for example, diagno-ses, examinations, and injuries), plan and perform health sur-veillance protocols on the basis of the employee-specific expo-sure situation, and monitor the results of medical examina- tions and diagnoses.

• Industrial hygiene and safety With the industrial hygiene and safety component, you can or-ganize industrial hygiene and safety in your enterprise and manage the agents that are present. In addition, you can pro-cess events with or without injury to persons and create re-ports (such as standard operating procedures or accident reports).

• Waste management With the waste management component, you can manage waste-disposal processes, create the reports necessary for trans-portation and disposal of waste, and distribute the resulting costs proportionally among the cost centers in the enterprise that generated the waste.

Waste management is of high criticality concerning environmen-tal regulations, but it is not critical for good manufacturing prac-tices (GMPs). So, in the following document, the emphasis is on basic data and tools, product safety, hazardous substance man-agement, dangerous goods management, occupational health, and industrial hygiene and safety.

SAP performed the investigation for the mySAP™ ERP application.

Security

SAP EH&S is part of the product life-cycle management (PLM) extension to mySAP ERP 2005, which is built on top of the SAP NetWeaver® platform. Therefore, all security features of the SAP NetWeaver Application Server component are valid for SAP EH&S. For details, please refer to the document “FDA Title 21 CFR Part 11 Compliance Assessment of SAP NetWeaver.”

� 5

e-Records

FDA Requirement

The FDA requires the ability to log and track changes on business objects and dependent objects in a compliant software environment.

The computer system must provide functionality to log changes, creations, and deletions applied to business objects and to depen-dent objects (such as configuration data). The system must pro-vide the following minimal information:• Old value of an attribute of the changed business object• New value of this attribute• Person who changed the value• Date and time of change • Action (create, modify, or delete)

Change Management in SAP EH&S

In change documents, the SAP software logs all changes that are made within specification and phrase management. In the customizing process (in the Implementation Guide) for Basic Data and Tools under Specify Context Fields for Creation of Change Documents, you can specify which context information is displayed on the objects that are determined in the creation of the change documents log for specifications (such as identifier, material assignment, and trans-port approval). The change documents determine the objects that you created, deleted, and changed. The software marks changes that you made by a reference or inheritance. For each object, SAP EH&S displays the change date, change time, and user name of the person who made the change, in addition to the context information.

For the dangerous goods management component, you can write master data change documents as well.

SAP EH&S uses application server time for change documents and history.

You can use the engineering change management function for specifications, phrases, and dangerous goods master records. This function enables you to make data changes for a particular key

date using a change number. In this way, you can, for example, today enter data that will be valid only in the future. Each change number is valid from a particular validity date so that the data has a validity period in accordance with the change number.

The phrase history function enables you to compare current phrase versions with previously valid versions. The software dis-plays the history in relation to the day on which changes were made, according to the creation of change documents.

You can use the specification status function to specify for a spec-ification the usages of its identifiers and value assignment in-stances and whether they should be protected. You can use ap-propriate status entries to set the software so that it prohibits changing specification data, prohibits outputting specification data on reports, or issues a warning against editing specification data (default setting, for example, in the status For release). In the customizing process, an indicator profile specifies for each status which protection effect the status should have. You can enhance the basic status network as required to suit your needs.

For reports, versioning is available for specifications of all specifi-cation categories, such as for substances, agents, and dangerous goods classifications.

The versioning function supports the assignment of version numbers to a number of reports that are generated for the same specification, generation variant, and language. As long as you have not yet released a report and not assigned it to a version, the new report replaces the old reports. However, once you release a report and, therefore, you must preserve every version, the soft-ware creates a new version of the report for the newly generated report, which does not replace the old one. Versioning enables the comparison of the old and new reports and includes the user who made the change. Standard operating procedures (such as safety instructions for workers) that are used in industrial hy-giene and safety, as well as transport emergency cards that are used in dangerous goods management, are based on reports. So the versioning described above is available for those documents.

6 7

If you need an audit trail for objects not explicitly mentioned in this document, use the electronic records tool for creation of change documents. A change document object captures changes to fields within a transaction and writes this information to a unique record. This record is date stamped and time stamped and maintains the old and new values for each of the fields that have been changed, in addition to the user ID of the person who made the change. You run a report to query and display the au-dit trail record. These objects may be active in the shipped ver-sion of SAP EH&S or may require configuration for activation. You can perform the configuration modification free with the electronic records tool. For more details, please refer to www.sap.com/industries/lifesciences/brochures/index.epx.

SAP EH&S uses the standard authorization management of SAP software to ensure the proper access of users on objects.

Digital Signature

If you need a digital signature within SAP EH&S, you can imple-ment the encapsulated signature tool, which is part of SAP NetWeaver Application Server, on a project basis for the EH&S functionalities of product safety, hazardous substance manage-ment, and industrial hygiene and safety. Asynchronous signa-tures are supported. For occupational health functionality, digi-tal signatures are not required, according to 21 CFR Part 211 § 211.28 “Personnel responsibilities.” Reports are sufficient in this case. Therefore, the software ensures compliance to FDA Title 21 CFR Part 11 even though you cannot realize digital signatures for occupational health functionality.

The prerequisite for the use of the encapsulated signature tool is that the solution must fully consist of coding of the ABAP™ pro-gramming language, which is the case for SAP EH&S. The pre-requisite is not true for user interfaces, as the tool can also be used with user interfaces programmed in a language other than ABAP, such as Java. In this case, you must carefully consider secu-rity and authentication issues to avoid security gaps.

All transactions and workflow steps of the SAP EH&S functional-ities of product safety, hazardous substance management, and in-dustrial hygiene and safety can include signature functionality with the encapsulated signature tool. You must have release 6.20 or higher of SAP NetWeaver Application Server (formerly named SAP Web Application Server) for the use of the encapsulated sig-nature tool. For further information, refer to the implementa-tion guide titled Digital Signature Tool (see “References” below).

6 7

How SAP eH&S Complies with FDA Title 21 Part 11

The following table summarizes how SAP EH&S complies with each requirement of Part 11.

Part 11 Clause

SAP Assessment of SAP® EH&S

11.10(a) Specifications and phrases within the SAP® Environment, Health & Safety (SAP EH&S) application have a complete audit trail. For reports via versioning, the software allows you to track changes. If you need an audit trail for other objects within SAP EH&S, you can use the electronic records tool. The audit trail records are secured from unauthorized access.

11.10(b) All electronic records generated in SAP EH&S are accurate, complete, and presented in a human-readable format. Electron-ic records in SAP EH&S can be printed or exported into several industry-standard formats, such as Adobe PDF and XML.

11.10(c) You can maintain all electronic records in the active database or archive the records to accommodate all required retention peri-ods, even when the software is upgraded. Access to these re-cords is secured by authorization profiles.

11.10(d) Robust security administration and authorization profiles assure system access. You record changes to security profiles in the SAP NetWeaver® Application Server component.

11.10(e) SAP EH&S provides for specifications and phrases complete audit trails within the application. You can write change docu-ments for dangerous goods master data as well. For reports via versioning, you can track changes. If you need an audit trail for other objects within SAP EH&S, you can use the electronic re-cords tool. The audit trail records are secured from unauthor-ized access.

11.10(f) You can control the processing statuses of objects in SAP EH&S by using status and workflow management and so en-force the proper sequence of operations as required by the applicable regulation.

11.10(g) SAP NetWeaver Application Server executes authority checks in conjunction with its robust security administration and autho-rization profiles to ensure that only authorized individuals can access the system, electronically sign a record, and access or perform an operation. SAP NetWeaver Application Server also records changes to authorization profiles.

11.10(h) This is not applicable to SAP EH&S.

11.10(i) The product innovation life cycle (PIL) for SAP development re-quires that all personnel responsible for developing and main-taining SAP products have the education, training, and experi-ence to perform their assigned tasks. A wide range of additional education and training offerings and regular assess-ments of individual training requirements ensure a process of continuous learning for staff involved in the development and support of all SAP software.

11.10(j) This clause covers a procedural requirement for customers and is not related to the functions of the computer system.

11.10(k) This is not applicable to SAP EH&S.

11.30 For open systems, SAP NetWeaver Application Server sup-ports interfaces with complementary software partners that supply cryptographic methods such as public key infrastructure (PKI) technology.

11.50(a) You can implement the encapsulated signature tool to satisfy these requirements.

11.50(b) You can implement the encapsulated signature tool to satisfy these requirements.

11.70 You can implement the encapsulated signature tool to satisfy these requirements.

11.100(a) You can implement the encapsulated signature tool to satisfy these requirements.

11.100(b) This clause covers a procedural requirement for customers and is not related to the functions of the computer system.

11.100(c) This clause covers a procedural requirement for customers and is not related to the functions of the computer system.

11.200(a)(1) SAP NetWeaver Application Server requires two distinct com-ponents – a user ID and a password – to create each electronic signature. By design, SAP NetWeaver Application Server does not support continuous sessions where only a single compo-nent is necessary subsequent to the first signing.

11.200(a)(2) This clause covers a procedural requirement for customers and is not related to the functions of the computer system.

11.200(a)(3) User and security administration functions of SAP NetWeaver Application Server ensure that the attempted use of an individ-ual’s electronic signature by someone other than the genuine owner requires the collaboration of two or more individuals.

11.200(b) SAP NetWeaver Application Server provides a certified inter-face to biometric devices such as fingerprint and retinal-scan-ning devices. Look for SAP-certified security partners in the SAP Service Marketplace extranet.

11.300(a) User and security administration functions of SAP NetWeaver Application Server provide the necessary controls to ensure that no two individuals have the same combination of identifica-tion code (user ID) and password.

11.300(b) You can configure SAP NetWeaver Application Server to force users to change passwords at various intervals, and the com-ponent provides system checks to prevent users from repeat-ing passwords or using combinations of alphanumeric charac-ters that are included in the user ID. You can also invalidate user IDs, for example, when an employee leaves the company.

11.300(c) This clause covers a procedural requirement for customers and is not related to the functions of the computer system.

11.300(d) SAP NetWeaver Application Server fulfills this requirement and behaves as demanded by the requirement.

11.300(e) This clause covers a procedural requirement for customers and is not related to the functions of the computer system.

8 �

For more information, look up the following references, many of which are found in the SAP Service Marketplace extranet (autho-rization required):• SAP NetWeaver ’04 Security Guide (help.sap.com)• SAP NetWeaver 2004s Security Guide (help.sap.com)• “Complying with U.S. FDA Title 21 CFR Part 11 for the Life Sci-

ences Industry” (white paper, www .sap .com/usa/solutions/grc/pdf/BWP_FDA_Title21 .pdf)

• “SAP NetWeaver: Providing the Building Blocks for Effective Governance, Risk, and Compliance Management” (white paper)

• Digital Signature Tool, an implementation guide available in note 700��5 in the SAP Notes service

• FDA Title 21 CFR Part 11 Electronic Records; Electronic Signatures: Final Rule, March 20, 1��7 (www.fda.gov/ora/compliance_ref/part11/)

• Environment, Health and Safety (help.sap.com)• Electronic Records (help.sap.com)

Authors: Dr. Anja Modler-Spreitzer and Dr. Christoph RollerIBU Consumer Products & Life Sciences, SAP

ReFeRenCeS

8 �

www.sap.com/contactsap

50 083 535 (07/03) © 2007 by SAP AG. All rights reserved. SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary. Printed on environmentally friendly paper.These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies (“SAP Group”) for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.