SAP GxP Compliance

Posted by Andrea Mazzolani on Nov 25, 2022 8:15:00 AM
Andrea Mazzolani

What does GxP mean? Why is it done in SAP?

GXP SAP

What are the semplifications that can reduce the maintenance cost of these aspects?

What does GxP mean?

It is a set of procedures and guidelines (GxP quality guidelines) applicable to different processes and productive sectors (pharmaceutical, cosmetic, clinic, financial etc...) to guarantee that the products are safe from the aspect of procedures and production norms.

 

The tracing and procedure documenting aspects of the products, more in general the so called "Accountability", are between the most relevant aspects in the adoption of these "good practices".

 

SAP GxP Compliance what to do?

By nature, SAP, especially the ERP system, is being used in different sectors. Some of these are more subject to GxP regulations, specifically the pharmaceutical sector.

 

But what must be done in SAP in order to comply with the provisions of GxP compliance?

Usually, you start from an audit. This can be done inside the company itself or using a specialized consulting company in the preparation to this arguments.

 

After the audit has been done usually some non conformities or observations or suggestions (improvement opportunities) surface.

 

But what precisely emerges in SAP, relatively to the management of qualifications and authorizations?

 

Here are some examples:

  • Definition and identification of particularly critical transactions
  • Introduction of job separation logics. Non much tied to the financial risks but more to the aspects of conformity and limitation of errors regarding a specific process, in this sense the SAP GRC system can still be useful.
  • Assessment of the specific segregations through authorization objects, in this case functionalities already present in SAP or specifically designed solutions can be used

 

But who checks?

There are many specific consulting agencies that can support the SAP clients to be compliant to these management good practices.

 

To prepare to certification audits. In the case of pharmaceutical companies, the AIFA is one of these (Agenzia Italiana del Farmaco)

 

AIFA

 

How to reduce the management costs of the GxP in SAP?

There are different ways, at least regarding the authorization aspects. Some advantages can derive from having defined and prepared some best practices (also valid for realities non directly subject to GxP).

 

  1. An authorization model that lets you concentrare on controlling and less on the operations
  2. An authorization model that is simple to document, especially in an automatic way, making it simple to periodically verify for example (non-only during external inspection visits)
  3. Activating all the mechanisms to log and control, to protect the data that SAP provides. Many are already present "out of the box", meaning without buying additional licenses
  4. Using tools like the SAP Solution Manager, to document what was created in the system and help the tests, thanks for example to the Business Process Change Analyzer (BPCA) module.

Contact us!

 

Topics: gxp, sap gxp compliance

Yes Subscribe!

Blog Aglea, what you could find out?

Every Friday a new post, interview or content related to SAP Security.

  • Tips on how to design SAP Security
  • How to
  • Checklist
  • Common error and pitfall on security SAP
  • Interview with experts
  • Who we are and Aglea vision on SAP Security

Recent Posts

Post By Topic

See all

SAP Security Blog AGLEA RSS Feed

Aglea s.r.l. - Subject to the management and coordination of Horsa S.p.A. - P. IVA: IT 03868780960 - 2024 | Privacy Policy - Cookie Policy