solution master guide

Master Guide

SAP® Defense MILSTRIP Purchasing 2.0

Using SAP ECC 6.0

Target Audience

■ Consultants ■ Administrators ■ Others

Public Document version 1.8 – 12/4/2017

© Copyright 2017 SAP AG. All rights reserved.

No part of this publication may be reproduced or transmitted in any

form or for any purpose without the express permission of SAP AG.

The information contained herein may be changed without prior

notice.

Some software products marketed by SAP AG and its distributors

contain proprietary software components of other software vendors.

Microsoft, Windows, Excel, Outlook, and PowerPoint are registered

trademarks of Microsoft Corporation.

IBM, DB2, DB2 Universal Database, System i, System i5, System p,

System p5, System x, System z, System z10, System z9, z10, z9,

iSeries, pSeries, xSeries, zSeries, eServer, z/VM, z/OS, i5/OS, S/390,

OS/390, OS/400, AS/400, S/390 Parallel Enterprise Server, PowerVM,

Power Architecture, POWER6+, POWER6, POWER5+, POWER5,

POWER, OpenPower, PowerPC, BatchPipes, BladeCenter, System

Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks,

OS/2, Parallel Sysplex, MVS/ESA, AIX, Intelligent Miner,

WebSphere, Netfinity, Tivoli and Informix are trademarks or

registered trademarks of IBM Corporation.

Linux is the registered trademark of Linus Torvalds in the U.S. and

other countries.

Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either

trademarks or registered trademarks of Adobe Systems Incorporated in

the United States and/or other countries.

Oracle is a registered trademark of Oracle Corporation.

UNIX, X/Open, OSF/1, and Motif are registered trademarks of the

Open Group.

Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame,

VideoFrame, and MultiWin are trademarks or registered trademarks of

Citrix Systems, Inc.

HTML, XML, XHTML and W3C are trademarks or registered

trademarks of W3C®, World Wide Web Consortium, Massachusetts

Institute of Technology.

Java is a registered trademark of Sun Microsystems, Inc

JavaScript is a registered trademark of Sun Microsystems, Inc., used

under license for technology invented and implemented by Netscape.

SAP, R/3, xApps, xApp, SAP NetWeaver, Duet, PartnerEdge,

ByDesign, SAP Business ByDesign, and other SAP products and

services mentioned herein as well as their respective logos are

trademarks or registered trademarks of SAP AG in Germany and in

several other countries all over the world. All other product and

service names mentioned are the trademarks of their respective

companies. Data contained in this document serves informational

purposes only. National product specifications may vary.

These materials are subject to change without notice. These materials

are provided by SAP AG and its affiliated companies ("SAP Group")

for informational purposes only, without representation or warranty of

any kind, and SAP Group shall not be liable for errors or omissions

with respect to the materials. The only warranties for SAP Group

products and services are those that are set forth in the express

warranty statements accompanying such products and services, if any.

Nothing herein should be construed as constituting an additional

warranty.

Disclaimer

Some components of this product are based on Java™. Any code

change in these components may cause unpredictable and severe

malfunctions and is therefore expressively prohibited, as is any

decompilation of these components.

Any Java™ Source Code delivered with this product is only to be used

by SAP’s Support Services and may not be modified or altered in any

way.

Documentation in the SAP Service Marketplace

You can find this documentation at the following Internet address:

service.sap.com/instguides

In order to make your document available under this alias, contact

Kathrin Luecke. You can find more information about Master Guides

using the quick link /go/TICM in the Corporate Portal.

SAP AG Dietmar-Hopp-Allee 16 69190 Walldorf Germany T +49/18 05/34 34 34 F +49/18 05/34 34 20 www.sap.com

Typographic Conventions

Type Style Represents

Example Text Words or characters that appear on the screen. These include field names, screen titles, pushbuttons as well as menu names, paths and

options.

Cross-references to other documentation

Example text Emphasized words or phrases in body text, titles of

graphics and tables

EXAMPLE TEXT Names of elements in the system. These include report names, program names, transaction codes, table names, and individual key words of a programming language, when surrounded by body text, for example, SELECT and INCLUDE.

Example text Screen output. This includes file and directory names and their paths, messages, names of variables and parameters, source code as well as names of installation,

upgrade and database tools.

Example text Exact user entry. These are words or characters that you enter in the system exactly as they appear in the

documentation.

<Example text> Variable user entry. Pointed brackets indicate that you replace these words and characters with appropriate entries.

EXAMPLE TEXT Keys on the keyboard, for example, function keys (such

as F2) or the ENTER key.

Icons

Icon Meaning

Caution

Example

Note

Recommendation

Syntax

Master Guide SAP DMP 2.0

4 December 2017

History of Changes The Master Guide is regularly updated in SAP Service Marketplace at http://service.sap.com/instguides.

Make sure you have the latest version of the Master Guide by checking SAP Service Marketplace immediately before starting the installation.

The following table provides an overview of the most important changes that were made in the latest versions.

Master Guide Version Important Changes

1.00 (April 2011) Initial Release

1.1 Updates and minor changes




1.8 Added security information


December 2017 5

Contents

History of Changes ........................................................................... 4

1 Getting Started ......................................................................... 8

1.1 About this Document .................................................................. 8

1.2 Related Information .................................................................. 10

1.2.1 Planning Information...................................................................... 10

1.2.2 Further Useful Links ....................................................................... 10

1.2.3 Related Master Guides ................................................................... 11

1.3 Important SAP Notes ................................................................ 11

1.4 Availability ................................................................................. 12

2 SAP DMP 2.0 Overview .......................................................... 13

2.1 Software Units of SAP DMP 2.0 ............................................... 13

2.2 Software Component Matrix .................................................... 13

2.3 System Landscape .................................................................... 14

2.4. Overall Implementation Sequence ......................................... 14

3 Business Scenarios of SAP DMP 2.0 .................................... 16

3.1 Defense MILSTRIP Purchasing ................................................ 16

4 Security Information for SAP Defense MILSTRIP Purchasing .................................................................................................... 17

Data Protection ................................................................................ 17

Glossary ........................................................................................... 17

Other Required Documents for Security ...................................... 19

5 References .............................................................................. 22

6 Media List ............................................................................... 23

7 The Main SAP Documentation Types ................................... 24


6 December 2017


December 2017 7

1 Getting Started

1.1 About this Document

8 December 2017

1 Getting Started To install SAP Defense MILSTRIP Purchasing 2.0 (DMP 2.0), SAP ERP 6.0 is required. If Public Sector Funds Management (PSFM) is installed, then SAP ERP 6.04 is required.

The standard SAP installation without PSFM requires only SAP ERP 6.0. If you use PSFM, then the higher release of SAP ERP, 6.04, is required to get the additional functions required by the FMS functionality to handle down-payments at the contract level and the associated

process handling.


Purpose

This Master Guide is the central starting point for the technical implementation of SAP Defense MILSTRIP Purchasing 2.0. In particular, the Master Guide provides important

information about the required components and high-level, scenario-specific information.

Use the Master Guide to get an overview of SAP Defense MILSTRIP Purchasing 2.0, its software units, and its scenarios from a technical perspective. The Master Guide is a planning tool that helps you to design your system landscape. It refers you to the required

detailed documentation, mainly:

• SAP Notes

• Configuration documentation

• SAP Library documentation

For a general overview of the available SAP documentation, see The Main SAP Documentation Types.

The Master Guide consists of the following main sections:

• Section 1. Getting Started explains how to use this document and related information (documentation and SAP Notes) that is crucial to the installation and upgrade.

• Section 2. SAP Defense MILSTRIP Purchasing 2.0 Overview provides essential information about the supported scenarios, the installable software units, the software

component matrix, and how to plan your system landscape.

• Section 3. Business Scenarios for SAP Defense MILSTRIP Purchasing 2.0 contains information about the supported business scenarios and processes. This section also provides links to the relevant configuration documentation that is provided via SAP

Solution Manager.

• Section 4. References provide lists of all the SAP Notes and documents that are

mentioned in this Master Guide.

• Section 5. Media List provides information on the data carriers and the software components contained in them. It helps identify the DVDs that you need for the

installation or upgrade of the required software components.

• Section 6. The Main SAP Documentation Types contains information about the overall documentation concept for SAP systems.

1 Getting Started


December 2017 9

You can find the most current information about the technical implementation of SAP Defense MILSTRIP Purchasing 2.0 and the latest installation and configuration guides on SAP Service Marketplace at http://service.sap.com/instguides.

We strongly recommend that you use the documents available here. The guides are regularly updated.

Constraints

• The business scenarios that are presented here serve as examples of how you can use SAP software in your company. The business scenarios are only intended as models and do not necessarily run the way they are described here in your customer-specific system landscape. Ensure to check your requirements and systems to determine whether these scenarios can be used productively at your site. Furthermore, we recommend that you test these scenarios thoroughly in your test systems to ensure they are complete and free

of errors before going live.

• This Master Guide primarily discusses the overall technical implementation of SAP Defense MILSTRIP Purchasing 2.0, rather than its subordinate components. This means that additional software dependencies might exist without being mentioned explicitly in this document. You can find more information on component-specific software

dependencies in the corresponding installation guides.

1 Getting Started

1.2 Related Information

10 December 2017

1.2 Related Information

1.2.1 Planning Information For more information about planning topics not covered in this guide, see the following content on SAP Service Marketplace:

Content Location on SAP Service Marketplace

Latest version of installation and upgrade information

In this Master Guide, see the SAP Notes listed

in the below Section 1.3 Important SAP Notes.

Overview application information as well as collection of function- and process-oriented information about SAP Defense MILSTRIP

Purchasing 2.0

Application Help for SAP Defense MILSTRIP Purchasing 2.0 can be found in SAP Help Portal

at http://help.sap.com > SAP ERP > SAP Defense MILSTRIP Purchasing

General information about SAP DMP 2.0 http://service.sap.com/ Installation &

Upgrade Guides Focused Business Solutions SAP Defense MILSTRIP Purchasing

Sizing, calculation of hardware requirements – such as CPU, disk, and memory resource

– with the Quick Sizer tool

http://service.sap.com/quicksizer

Released platforms and technology-related topics such as maintenance strategies and

language support

http://service.sap.com/platforms

To access the Platform Availability Matrix directly, enter http://service.sap.com/pam.

Network security http://service.sap.com/securityguide

High Availability http://www.sdn.sap.com/irj/sdn/ha

Performance http://service.sap.com/performance

Information about Support Package Stacks, latest software versions and patch level

requirements

http://service.sap.com/sp-stacks

Information about Unicode technology http://www.sdn.sap.com/irj/sdn/i18n

1.2.2 Further Useful Links The following table lists further useful links on SAP Service Marketplace:

Content Location on SAP Service Marketplace

Information about creating error messages http://service.sap.com/messages

SAP Notes search http://service.sap.com/notes

SAP Software Distribution Center (software

download and ordering of software)

http://service.sap.com/swdc

SAP Online Knowledge Products (OKPs) –

role-specific Learning Maps

http://service.sap.com/rkt

http://help.sap.com/

http://service.sap.com/

http://service.sap.com/quicksizer

http://service.sap.com/platforms

http://service.sap.com/pam

http://service.sap.com/securityguide

http://www.sdn.sap.com/irj/sdn/ha

http://service.sap.com/performance


http://www.sdn.sap.com/irj/sdn/i18n

http://service.sap.com/messages

http://service.sap.com/notes

http://service.sap.com/swdc

http://service.sap.com/rkt

1 Getting Started

1.3 Important SAP Notes

December 2017 11

1.2.3 Related Master Guides This Master Guide is based on Master Guides for cross-industry applications. You can find more information about the relevant applications in the following documents:

Title Location

SAP ERP 6.0 service.sap.com/erp-inst SAP

ERP 6.0 Installation Master Guide - SAP ERP 6.0

SAP ERP 6.04 Service.sap.com/erp-inst SAP

ERP 6.0 Upgrade Upgrade Master

Guide - SAP ERP 6.0

1.3 Important SAP Notes You must read the following SAP Notes before you start the installation. These SAP Notes

contain the most recent information on the installation.

The following note is technically required for installing SP04 (SAPK-60404INFMFMS):

SAP Note Number

Title Description

1828217 Commitment Plan for MM-PUR Agreements: New

field "Due Date"

Required note for implementing SP04 (SAPK-60404INFMFMS)

Make sure that you have the up-to-date version of each SAP Note, which you can find on

SAP Service Marketplace at http://service.sap.com/notes.

SAP Note Number

Title Description

1224284 Enterprise Services, Installing and Accessing the

SOA Documentation

Gives an overview which services are available, how to install and access their documentation and which product versions, software components, Technical Usages

and Business Functions they require.

1555008 Release strategy for the ABAP add-on PSFMS

Release planning information PSFMS

1555007 PSFMS 600: Installation on ERP 6.0

Installation information on ECC 600

1555006 PSFMS 600: Add-on

Support Packages

Release planning information on PSFMS

1555009 Release strategy for the

ABAP add-on FMFMS

If Public Sector Funds Management is

needed:

Release planning information on FMFMS

1555010 FMFMS 604: Installation on ERP 6.0 EHP 4

If Public Sector Funds Management is needed:

Installation information on ECC 604

http://service.sap.com/erp-inst

http://service.sap.com/erp-inst

http://service.sap.com/notes

1 Getting Started

1.4 Availability

12 December 2017

1555011 FMFMS 604: Add-on

Support Packages

If Public Sector Funds Management is

needed:

Release planning information on FMFMS

1614932 Down-payments with reference to Case Number

The FMS payment process relies on the standard Assignment field in the down-payment transaction holding the FMS Case number

SAP Note Number

Title Description

1799426 Document Tolerances: FICUSTOM064 with

Subitems

Standard Note of EA-PS to allow the deletion of purchase order items if Funds

Management is in use

1839834 Document Tolerances: FICUSTOM064 with

Subitems



1898269 Document Tolerances: FICUSTOM064 when

deleting PO



2283922 MODIFICATION: Suffix message processing may

lead to error MEPO-043

Modification Note: To avoid standard error MEPO-043 when Baseline item quantity is

fully consumed by the new suffix

1.4 Availability Currently available release DMP2.0

Required SAP base software ECC600

ECC604 if using PS Funds Management

Additionally required enhancement or support packages

SAPK-60007INPSFMS

SAPK-60407INFMFMS

Release available in the following

languages

English

Mainstream maintenance until 31.12.2015

Extended maintenance until 31.12.2017

2 SAP DMP 2.0 Overview

2.1 Software Units of SAP DMP 2.0

December 2017 13

2 SAP DMP 2.0 Overview SAP DMP 2.0 allows countries foreign to the United States to purchase material and services from the US Government using the Foreign Military Sales (FMS) process. The FMS process uses MILSTRIP coded messages to pass requirements to the US and update purchasing and

financial data in response to status messages received from the US.

This standard product facilitates the FMS processing using standard objects and new programs that create the MILSTRIP outbound messages to the US, and receives and processes inbound messages from the US according to your specific business rules. Configuration allows you to set your own business rules for the FMS handling. The product uses an enhanced SAP contract and an enhanced SAP Purchase Order to meet the unique

requirements that support the FMS process.

This release of SAP DMP is realized in a modification free Add-on based on SAP ECC 6.0.

2.1 Software Units of SAP DMP 2.0 PSFMS 600 ECC6.00 FMS functional component Add-on

FMFMS 604 ECC6.04 FMS functional component Add-on required in addition to PSFMS 600 for customers who are using Public

Sector Funds Management.

EHP 4 is required due to the use of the FM Additive

Consumption logic added in EHP 4.

2.2 Software Component Matrix This section provides an overview of which business scenario of SAP DMP uses which

software unit.

This Master Guide provides just one way to implement each business scenario. For other ways to implement business scenarios, see the Scenario & Process Component List in SAP Service Marketplace at

http://service.sap.com/scl. The Scenario & Process Component List

helps you to find realization alternatives for SAP solutions, business scenarios and processes. It shows you which application components are needed to realize a business scenario or process.

Business

Scenario

Software Units

FMS Purchasing PSFMS 600 X mandatory

FMS Funds

Management

FMFMS 604 X mandatory


2.3 System Landscape

14 December 2017

2.3 System Landscape ECC600 with PSFMS 600

ECC604 with PSFMS 600 and FMFMS 604

FMS functional component add-on FMFMS 604 required in addition to PSFMS600 for customers who are using Public


EHP 4 is required due to the use of the FM Additive Consumption logic added in EHP 4.

We strongly recommend that you use a minimal system landscape for test and demo purposes only. For performance, scalability, high availability, and security reasons, do not use a minimal system landscape as your production

landscape.

2.4. Overall Implementation Sequence

Purpose

The following table describes the overall installation sequence for SAP DMP. This table contains all available software units. However, to implement a specific scenario, you only need a subset of available software units. Some are only required for special processes.

For the latest component version and patch level requirements, see http://service.sap.com/sp-stacks.

For documentation listed in the following table, see References.

Process

Implementation Sequence

Step Action Remarks/Subsequent Steps

1 Installation of either:

- SAP ECC 6.00 Server or

- SAP ECC 6.04 Server if Public Sector Funds Management

is needed

For detailed information, see service.sap.com/instguides

SAP Business Suite

Applications SAP ERP Upgrade SAP ERP 6.0 including

EHP 6

2 Installation of SAP DMP Add-ons:

- PSFMS 600

- FMFMS 604 on SAP ECC 6.04 if Public Sector Funds Management is

needed

Follow the SAP Notes:

- 1555006, 1555007, 1555008

for PSFMS 600

- 1555009, 1555010, 1555011 for FMFMS 604


http://service.sap.com/instguids

http://service.sap.com/instguids


2.4. Overall Implementation Sequence

December 2017 15

Step Action Remarks/Subsequent Steps

3 If Public Sector Funds Management is needed, the Software Component (SWC) EA-PS is required. Activate the business functions of SWC

EA-PS:

- LOG_MMFI_P2P for automatic down payment clearing

during Delivery List Invoicing

- PSM_FM_CI_2

for additive consumption logic for

funds reservations

In Customizing for SAP

Customizing Implementation Guide, choose Activate SAP ECC Extensions to activate the business function set and the

business function.

4 Install NetWeaver Business Client 3.5 or 3.0 (check for SAP Note 1029940)

service.sap.com/support

- Choose the tabstrip "Software Downloads"

- Navigate to “Software Download Center” ->”Support Packages and Patches” -> “A-Z Index” and choose “N”

- Choose “NETWEAVER BUSINESS CLIENT”

- Choose “NWBC NW BUSINESS CLIENT 3.0” if possible or “NWBC NW BUSINESS CLIENT 1.0” depending on your SAP NetWeaver release (refer to SAP Note 1029940)

- Follow the instructions and download the NWBC.

3 Business Scenarios of SAP DMP 2.0

3.1 Defense MILSTRIP Purchasing

16 December 2017

3 Business Scenarios of SAP DMP 2.0 SAP Defense MILSTRIP Purchasing 2.0 is a single scenario that supports military purchasing from the US Department of Defense:

• Defense MILSTRIP Purchasing

3.1 Defense MILSTRIP Purchasing

Technical System Landscape

ECC600 with PSFMS 600

ECC604 with PSFMS 600 and FMFMS 604

FMS functional component add-on FMFMS 604 required in addition to PSFMS600 for customers who are using Public


EHP 4 is required due to the use of the FM Additive Consumption logic added in EHP 4.

Further Information

The following documents provide more information about Defense MILSTRIP Purchasing 2.0

Content Location

Scenario Description See the documentation in SAP Solution Manager.

Configuration Documentation See the documentation in SAP Solution Manager.

Scenario Security Guide For more information, see SAP Service Marketplace at

http://service.sap.com/securityguide.

http://service.sap.com/securityguide

4 Security Information for SAP Defense MILSTRIP Purchasing

December 2017 17

4 Security Information for SAP Defense MILSTRIP Purchasing This section deals with security topics relevant for SAP Defense MILSTRIP Purchasing.

Data Protection Data protection is associated with numerous legal requirements and privacy concerns. In addition to compliance with general data privacy regulation, it is necessary to consider compliance with industry-specific legislation in different countries. SAP provides specific features and functions to support compliance with regards to relevant legal requirements, including data protection. SAP does not give any advice on whether these features and functions are the best method to support company, industry, regional, or country-specific requirements. Furthermore, this information does not give any advice or recommendation in regards to additional features that would be required in particular IT environments; decisions related to data protection must be made on a case-by-case basis, under consideration of the

given system landscape and the applicable legal requirements.

SAP Defense MILSTRIP Purchasing is based on the standard SAP procurement process. Data protection and privacy may be an issue for the Supply Discrepancy Report (SDR),

which is an extension of the SAP QM Notification:

• In the event of discrepancies, an SDR is raised and submitted on behalf of US DoD. The SDR report provides two containers where text can be entered without context. The procurement officer enters the name of the preparing official and business addresses for distribution of copies, which may contain person-related information.

• When the SDR is either accepted or rejected by US DoD, these two fields can be masked with ‘*******’ via a scheduled report after a certain retention period. The masking takes place on the database level.

In the majority of cases, compliance with applicable data protection and privacy laws will not be covered by a product feature. SAP software supports data protection compliance by providing security features and specific data protection-relevant functions, such as simplified blocking and deletion of personal data. SAP does not provide legal advice in any form.

Definitions and other terms used in this document are not taken from any given legal source.

Glossary Term Definition

Personal data Any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Purpose A legal, contractual, or in other form justified reason for the processing of personal data. The assumption is that any purpose has an end that is usually already defined

when the purpose starts.

Blocking A method of restricting access to data for which the primary business purpose has ended.


18 December 2017

Deletion The irreversible destruction of personal data.

Retention period The period of time between the end of purpose (EoP) for a data set and when this data set is deleted subject to applicable laws. It is a combination of the residence period

and the blocking period.

End of purpose (EoP) A method of identifying the point in time for a data set when the processing of personal data is no longer required for the primary business purpose. After the EoP has been reached, the data is blocked and can only be accessed by users with special authorization (e.g. tax

auditors).

Sensitive personal data A category of personal data that usually includes the following type of information:

• Special categories of personal data such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership and the processing of genetic data, biometric data, data concerning health or sex life or sexual orientation

• Personal data subject to professional secrecy

• Personal data relating to criminal or administrative offenses

• Personal data concerning insurances and bank or credit card accounts

Residence period The period of time after the end of purpose (EoP) for a data set during which the data remains in the database and can be used in case of subsequent processes related to the original purpose. At the end of the longest configured residence period, the data is blocked or deleted. The residence period is part of the overall

retention period.

Where-used check (WUC) A process designed to ensure data integrity in the case of potential blocking of business partner data. An application's where-used check (WUC) determines if there is any dependent data for a certain business partner in the database. If dependent data exists, this means the data is still required for business activities. Therefore, the blocking of business partners referenced in the data is

prevented.

Consent The action of the data subject confirming that the usage of his or her personal data shall be allowed for a given purpose. A consent functionality allows the storage of a consent record in relation to a specific purpose and shows if a data subject has granted, withdrawn, or denied

consent.


December 2017 19

Read Access Logging Read Access Logging (RAL) is used to monitor and log read access to sensitive data. This data may be categorized as sensitive by law, by external company policy, or by internal company policy. These common questions might be of interest for an application that uses

Read Access Logging:

• Who accessed the data of a given business entity, for example a bank account?

• Who accessed personal data, for example of a business partner? • Which employee accessed personal information, for example religion?

• Which accounts or business partners were accessed by which users?

These questions can be answered using information about who accessed particular data within a specified time frame. Technically, this means that all remote API and UI

infostructures (that access the data) must be enabled for logging.

Use In Read Access Logging (RAL), you can configure which read-access information to log and under which conditions. SAP delivers sample configurations for applications. The application

component scenario logs data in order to describe business processes.

Read Access Logging is currently limited to the following channels, however:

• Remote Function Calls (sRFC, aRFC, tRFC, qRFC, bgFRC)

• Dynpro (dynpro fields, ALV Grid, ABAP List, F4)

• Web Dynpro

• Web services

• Gateway (for oData)

Deletion of Personal Data Simplified Blocking and Deletion: In addition to compliance with the general data protection regulation, it is necessary to consider compliance with industry-specific legislation in different countries. A typical potential scenario in certain countries is that personal data shall be deleted after the specified, explicit, and legitimate purpose for the processing of personal data has ended, but only as long as no other retention periods are defined in legislation, for example, retention periods for financial documents. Legal requirements in certain scenarios or countries also often require blocking of data in cases where the specified, explicit, and legitimate purposes for the processing of this data has ended, but the data has to be retained in the database due to other legally defined retention periods. In some scenarios, personal data also includes referenced data. Therefore, the challenge for deletion and blocking is to

first handle referenced data and finally other data, such as business partner data.

Deletion of personal data: The handling of personal data is subject to applicable laws related to the deletion of such data at the end of purpose (EoP). If there is no longer a legitimate purpose that requires the use of personal data, it must be deleted. When deleting data in a data set, all referenced objects related to that data set must be deleted as well. It is also necessary to consider industry-specific legislation in different countries in addition to general data protection laws. After the expiration of the longest retention period, the data must be

deleted.

SAP Defense MILSTRIP Purchasing might process data (personal data) that is subject to the data protection laws applicable in specific countries as described in SAP Note 1825544.

To enable even complex scenarios, SAP simplifies existing deletion functionality to cover data objects that are personal data by default. For this purpose, SAP uses SAP Information Lifecycle Management (ILM) to help you set up a compliant information lifecycle management process in an efficient and flexible manner. The functions that support the simplified blocking

https://service.sap.com/sap/support/notes/


20 December 2017

and deletion of personal data are not delivered in one large implementation, but in several waves. Scenarios or products that are not specified in SAP Note 1825608 (central Business Partner) and SAP Note 2007926 (ERP Customer and Vendor) are not yet subject to simplified blocking and deletion. Nevertheless, it is also possible to destroy personal data for these scenarios or products. In these cases, you have to use an existing archival or deletion functionality or implement individual retention management of relevant business data throughout its entire lifecycle. The SAP Information Lifecycle Management (ILM) component supports the entire software lifecycle including the storage, retention, blocking, and deletion of data. SAP Defense MILSTRIP Purchasing uses SAP ILM to support the deletion of

personal data as described in the following sections:

• SAP delivers an end of purpose check for the product.

• SAP delivers a where-used check (WUC) for the product.

All applications register either an end of purpose check (EOP check) in the Customizing settings for the blocking and deletion of application data (for example, the customer and vendor master or the business partner) or a WUC. For information about the Customizing of

blocking and deletion for this product, see Configuration: Simplified Blocking and Deletion.

End of Purpose Check (EOP Check) An end of purpose check determines whether data is still relevant for business activities based on the retention period defined for the data. The retention period of data consists of

the following phases:

• Phase one: The relevant data is actively used.

• Phase two: The relevant data is actively available in the system.

• Phase three: The relevant data needs to be retained for other reasons.

For example, processing of data is no longer required for the primary business purpose, but to comply with legal rules for retention, the data must still be available. In phase three, the

relevant data is blocked.

Blocking of data prevents the business users of SAP applications from displaying and using data that may include personal data and is no longer relevant for business activities.

Blocking of data can impact system behavior in the following ways:

• Display: The system does not display blocked data.

• Change: It is not possible to change a business object that contains blocked data.

• Create: It is not possible to create a business object that contains blocked data.

• Copy/Follow-Up: It is not possible to copy a business object or perform follow-up activities for a business object that contains blocked data.

• Search: It is not possible to search for blocked data or to search for a business object using blocked data in the search criteria.

It is possible to display blocked data if a user has special authorization; however, it is still not possible to create, change, copy, or perform follow-up activities on blocked data.

Where Used Check A where-used check is a simple check to ensure data integrity in case of potential blocking. The WUC for this product checks whether any dependent data for a customer, vendor, or central business partner (cBP) exists in the respective table. If dependent data exists, that is, if the data is still required for business activities, the system does not block that specific

customer, vendor, or cBP.

https://service.sap.com/sap/support/notes/


December 2017 21

If you still want to block the data, the dependent data must be deleted by using the existing archival and deletion tools or by using another customer-specific solution.

Other Required Documents for Security This section provides an overview of other security-related documents.

SAP Defense MILSTRIP Purchasing is based on SAP ERP 6.0. It is compliant with the Industry Solution for Defense and Security. SAP NetWeaver Business Client (SAP NWBC) provides the FMS User Worklists for exception handling and reporting. This means that the corresponding security guides also apply.

Resource Where to Find It

SAP ERP Security Guides https://help.sap.com/doc/erp2005_ehp_05/6.0.5/en-US/4f/98aa5390893543e10000000a44538d/frameset.htm

5 References

22 December 2017

5 References List of Documents

The following table lists all documents mentioned in this Master Guide.

Title Where to Find

SAP Defense MILSTRIP Purchasing 2.0 Configuration Guide

http://service.sap.com/instguides > Focused Business Solutions > SAP Defense MILSTRIP

Purchasing

SAP Defense MILSTRIP Purchasing 2.0 Operations Guide

http://service.sap.com/instguides > Focused Business Solutions > SAP Defense MILSTRIP

Purchasing

List of SAP Notes

Please refer to chapter 1.3 Important SAP Notes for a complete list of notes.

http://service.sap.com/instguides

http://service.sap.com/instguides

6 Media List

December 2017 23

6 Media List The following table provides you with the information, on which data carrier you can find which software.

Installable Software Unit Media Name

SAP DMP 2.0

7 The Main SAP Documentation Types

24 December 2017

7 The Main SAP Documentation Types The following is an overview of the most important documentation types that you need in

the various phases in the life cycle of an SAP solution.

Documentation types in the software life cycle

ImplementationImplementation

Master Guide

Configuration

DocumentationRelease Notes

Component

Installation Guide

Component

Upgrade Guide

Upgrade Master Guide

OperationOperation UpgradeUpgrade

Solution Management

Guide

Implementation Guide (IMG) Delta and Upgrade IMG

Security Guide

SAP Library

SAPterm

Cross-Phase Documentation

SAPterm

SAPterm is SAP’s terminology database. It contains SAP-specific vocabulary in over 30 languages, as well as many definitions and glossary entries in English and German.

• Target group:

Relevant for all target groups

• Current version:

Located in the SAP Help Portal at help.sap.com → Additional Information → Glossary

(direct Access) or Terminology (available as terminology CD)

In the SAP-System in transaction STERM

SAP Library

The SAP Library is a collection of function- and process-oriented documentation for SAP components. The SAP Library also contains the Business Scenario Descriptions.

• Target group:

o Consultants

o System administrators


December 2017 25

o Project teams for implementations or upgrades


o Located in the SAP Help Portal at help.sap.com

o Also located in the SAP Service Marketplace at service.sap.com/ibc (only the

Business Scenario Descriptions)

Implementation Guide (IMG)

The Implementation Guide is a tool for configuring the SAP system to meet customer

requirements. Its structure and documentation are component-oriented.

• Target group:

o Solution consultants



o In the SAP menu of the SAP system under Tools Customizing IMG

Security Guide

The Security Guide describes the settings for a medium security level and offers suggestions for raising security levels. A collective security guide is available for the SAP NetWeaver technologies like SAP Web Application Server (SAP Web AS). This document contains general guidelines and suggestions about system security. Other technologies and individual

applications have a Security Guide of their own.

• Target group:

o Technology consultants




o Located in the SAP Service Marketplace at service.sap.com/securityguide

Implementation

Master Guide

The Master Guide is the starting point for implementing an SAP solution. It lists the required SAP components and third party applications that are required for each Business Scenario. It provides scenario-specific descriptions of preparation, execution, and follow-up of an implementation. It also offers references to other documents, such as Component Installation

Guides and SAP Notes.

• Target group:



o Project teams for implementations


o Located in the SAP Service Marketplace at service.sap.com/instguides


26 December 2017

Component Installation Guide

The Component Installation Guide describes the technical implementation of an SAP component, taking into account the combinations of operating systems and databases. It

does not describe any business-related configuration.

• Target group:





Configuration Documentation in SAP Solution Manager

SAP Solution Manager is a tool with various functions, one of its main functions being the configuration of SAP solutions and Business Scenarios. It contains IMG activities, transactions, and so on, as well as documentation. Instead of the configuration documentation in SAP Solution Manager, there may be separate Business Scenario Configuration Guides in the SAP Service Marketplace for earlier shipments of the Business

Scenarios.

• Target group:




o In SAP Solution Manager

o Located in the SAP Service Marketplace at service.sap.com/ibc

Production Operation

Application Operation Guide

The Application Operation Guide is the starting point for operating an SAP solution. The guide refers users to the tools and documentation that are needed to carry out various tasks, such as monitoring, backup/restore, master data maintenance, transports, and tests. It also refers users to other documents, for example the SAP Library, the Master Guide, and the Component Management Guides.

• Target group:








December 2017 27

Upgrade

Release Notes

Release notes are documents that contain short descriptions of new features or changes in an SAP component since the previous release. Release notes about ABAP developments

enable the SAP system to generate delta and upgrade IMGs.

• Target group:

o Consultants

o Project teams for upgrades


o Located in the SAP Service Marketplace at service.sap.com/releasenotes

o In the SAP menu of the SAP system under Help Release information