Digital approval processes must be reliable and transparent in order to comply with security requirements. For this reason, the SAP System offers the following:

• You can lock users after a customer-specific number of unsuccessful attempts has been reached.
• You can monitor security-relevant activities that occurred during the signature process.
• You can analyze all activities performed in the context of the signature process.

When a signature is executed, unsuccessful attempts can take place for a number of different reasons (for example, the user has entered the wrong password, the user is not authorized to execute the signature, or the system could not verify the signature). After a certain number of unsuccessful attempts has been exceeded, the user is locked as follows:

• When a user signature is executed, the user is locked by the external security product. The lock only applies to the digital signature. The number of allowed unsuccessful attempts is managed by the external security product.

Any failed signature attempt is logged in the Security Audit Log along with other security-relevant events of the SAP System. The system documents, for example, the reason for the error, date and time, and the signatory's user ID. The security administrator can use the CCMS alert monitor to evaluate the Security Audit Log.