Managing employee files in SAP
Addressing business and legal requirements to securely store, retain and dispose of employee documents
Secure storage of employee documents
For many companies, SAP is the go-to-solution to manage employee data. SAP's HCM module offers comprehensive options to store master data, to process actions on employees, etc. A whole authorization system is built up around employee data to ensure privacy for the employee and compliance with national and supranational (EU) regulations for the company.
Looking at the secure storage of employee documents, built-in functionalities in SAP like ArchiveLink can limit access to documents using the same security measurements: the ability to access the employee record in SAP and its data (based on infotypes). Permissions include displaying, adding and deleting documents.
However, a missing link in this solution is the secure retention and disposition of employee documents. The only out-of-box option offered in SAP ArchiveLink is the removal of the link to the document after a certain amount of time, disposing documents x years after the date of origin of the document. National and supranational regulations ask for more detailed retention schedules for employee documents: some document types need to be retained for a certain period after employee separation. In some cases, it might be required to put a hold on an employee file avoiding the deletion of documents e.g. during an ongoing law suit. These retention scenarios require a more thorough solution than the one offered in the built-in SAP functionalities.
Built-in storage functionalities in SAP, like ArchiveLink, can limit access to documents, but a missing link in these solutions is the secure retention and disposition of employee documents.
OpenText Employee File Management (EFM)
OpenText Employee File Management (EFM) for SAP Solutions is a product developed by OpenText in a strategic partnership with SAP. The solution fully integrates in SAP, using SAP ArchiveLink for storage and retrieval of documents and SAP HCM & the standard SAP Security model to manage access to employee files. SAP EFM offers integrations with Adobe Processes & Forms and SuccessFactors and can be accessed through transactions PA20/30 in SAP GUI and Employee Self-Service & Manager Self-Service (ESS & MSS) in SAP Portal.
It also adds additional functionalities like a dynamic folder structure logically arranging the stored documents, in-frame display of documents within SAP GUI and Portal, thumbnail view for quick browsing, notes and annotations linked to the document, monitoring of activities (like accessing the document) in an activity log and so on. To make sure these functionalities are only used by the right people in the organization, a sizeable set of authorizations is provided: while certain HR administrators can export/print documents, this is typically a functionality that would be restricted for a manager reviewing documents in an employee file: this supports centralized storage and limiting exposure outside SAP.
An important aspect of storing employee documents is the secure storage, retention and disposition of documents. This business requirement is driven by internal policies, the risk associated with unwanted exposure, but also national and supranational regulations that are in effect to ensure an employee's right to privacy. Cases where employees access other employees' files for non-professional purposes must be prevented at all cost, as the cost of claims would vastly overshadow the cost of prevention. Other scenarios include keeping employee documents longer than legally required where the documents can be used against the company, or documents that were disposed of too early that could have served as proof in favor of the company.
OpenText EFM addresses these concerns around storage, retention and disposition by using the Records Management module of OpenText Content Server. This Records Management module can classify documents to make sure they are retained for the right period and offers an audit functionality to monitor access to the documents. This solution makes a direct connection between SAP and OpenText Content Server to feed any updates of the employee data in SAP to OpenText Content Server that would influence the retention of documents in the employee file. When the document is due for disposition, it will send a purge command to OpenText Archive Server (the underlying storage server) to fully delete the document.
Custom Records Management module
A valid alternative for using OpenText Content Server in combination with OpenText EFM, is building a custom records management module in SAP that works directly with OpenText Employee File Management.
Deloitte has built a module that offers all the essential records management functionalities required to correctly retain and dispose employee documents.
This module offers:
- 3 types of retention schedules that can be set per document type: (a) Date of origin + x years: keep the document for a certain amount of time after its creation, (b) Employee separation + x years: keep the document for a certain amount of time after the employee has left the company, (c) Permanent preservation: never delete the document.
- Holds management: put the employee file on hold avoiding deletion of documents, based on the creation of a subtype (with start and end date).
- Automatic or manual disposition: a transaction can be run to delete all documents due for disposition; this disposition will remove the link to the document in SAP but will also delete the actual document from OpenText Archive Server.
- Integration in OpenText EFM's deletion workflow: the deletion workflow will check for holds on the employee file before processing the deletion.
- Extensive reporting: see which documents were deleted, which holds are active and who ran the disposition transaction.
This custom module in SAP was developed by Deloitte as a valid alternative for the installation of OpenText Content Server. This avoids the costs of additional hardware and maintenance, but it also minimizes exposure of sensitive information outside SAP. Although OpenText Content Server is a secure solution, its administrators could access the document or its meta data (which could reveal a lot about the employee, e.g. if an employee has a document stored related to a court order or a criminal record). By using this module within SAP, all access to documents and meta data is limited to SAP, where SAP Security and EFM activity logging provide the security required to store, retrieve, retain and dispose of documents in a secure and compliant manner.
Deloitte has built a module, fully integrated in SAP, that offers all the essential records management functionalities required to correctly retain and dispose employee documents.
Want to know more?
Deloitte offers various advisory and implementation services for the following topics:
- Using OpenText Employee File Management to support document management in SAP
- Using Deloitte's records management module to support ECM governance and compliance
Interested? Get in touch, we'll be happy to discuss with you how we can help you solve some of your business problems. Submit an RFI or reach out to one of our ECM for HR experts. Contact details can be found by clicking "Next steps" on the right or one of the profiles below.