# Configuring SPR (QMS)

<a href="/en/gr/78610/">QualityOne Vaults</a> support the management of the <a href="/en/gr/679351/">Supplier Periodic Review (SPR) process</a>, an evaluation of the performance of a supplier, including the supplier's services, delivery times, quality of products, and key performance indicators. The final SPR report generated as the output of this process compiles data from multiple sources, along with the summarized results of the review and the recommendations from distinct subject matter experts.

SPR is part of the Periodic Reviews feature that provides shared functionality to let users perform different types of periodic reviews in Vault. See <a href="/en/gr/679530/">Periodic Reviews Overview</a> for more details.

## Configuration Overview {#configuration}

Configuring your Vault to use SPR involves the following steps:

1. [Set up SPR document types][1]
2. [Configure SPR document fields][2]
3. [Add the _Generate Merged PDF Document_ user action to the _SPR Lifecycle_][3]
4. [Configure the _SPR_, _Organization_, and _Periodic Review Template_ objects][4]
5. [Configure actions on object lifecycles][5]
6. [Configure user permissions][6]

<div class="note-border alert-info">
  <div class="alert alert-info" role="alert">
    <div><i class="far fa-info-circle"></i></div>
    <div class="alert-text">
      <p><strong>Note</strong>: Depending on your Vault’s creation date and which features are currently enabled and configured, some of the steps described in this article may be unavailable or already complete in your Vault.</p>
    </div>
  </div>
</div>



## Setting Up SPR Document Types {#doc-types}

To use the SPR functionality, you must <a href="/en/gr/618/#EnablingDocTypes">activate the following document types</a>:

* _SPR_
* _SPR Binder_
* _Final Report_

## Configuring SPR Document Fields {#doc-fields}

Before [configuring document generation actions][3], you must <a href="/en/gr/4884/#use-shared-field">add a field</a> referencing the _SPR_ object to each document type to include in the final report. When a user runs the document generation action, Vault populates this field with a link to the originating _SPR_ record.

## Configuring the Document Lifecycle {#doc-lifecycle}

You must <a href="/en/gr/2357/">define document lifecycle states</a> on the _SPR Lifecycle_ according to your organization's business needs. Then, <a href="/en/gr/12339/">add the _Generate Merged PDF Document for SPR_ action</a> to the appropriate states in the _SPR Lifecycle_ document lifecycle. Add this action only to states in which all documents and data for the SPR have been finalized.

The following limitations apply to the _Generate Merged PDF_ action:

* You can only configure the _Generate Merged PDF_ action on the _SPR Lifecycle_ document lifecycle, and users can only run it from the on an _SPR Binder_ record.
* The document output of the _Generate Merged PDF_ action can only be of the _Final Report_ document type.

## Configuring Objects {#config-objects}

To use SPR, you must make changes to the following objects in your Vault.

### Organization {#org}

To use SPR, add the following fields to the _Organization_ object <a href="/en/gr/26387/#related-object">layout</a> and ensure they are <a href="/en/gr/32857/#assign">assigned</a> to the required _Organization_ object types:

* _Next Audit Date_
* _Risk Classification_

### Periodic Review Template {#prt}

You must make the following changes to the _Periodic Review Template_ object to support the SPR process:

* Activate the _SPR_ object type.
* Add the _Create Record From Template_ <a href="/en/gr/43127/#assign-actions">user action</a>.
* Insert the _Periodic Review Template Item_ related object section in the <a href="/en/gr/26387/#related-object">layout</a> for the _SPR_ object type.

You can optionally <a href="/en/gr/15057/#how_to_add_object_fields">configure fields</a> as required to transfer data from the _Periodic Review Template_ object and into a new _SPR_ record when users create _SPRs_ using the _Create Record from Template_ action. If you do this, you must also add identical custom fields to the _SPR_ object. 

### SPR {#spr}

Make the following changes to the _SPR_ object to support the SPR process:

* Add the _Generate SPR Binder_ <a href="/en/gr/43127/#assign-actions">user action</a>.
* Add the _Update SPR Fields_ <a href="/en/gr/43127/#assign-actions">user action</a>.
* Insert an _SPR Item_ related object section in the _SPR_ object <a href="/en/gr/26387/#related-object">layout</a>.
* <a href="/en/gr/47850/#how-to-set-atomic-security-on-fields">Configure atomic security</a> on the _Last Audit Date_, _Risk Level_, and _Last Risk Classification_ fields.

If you configured custom fields on the _Periodic Review Template_ object, you must also configure them on the _SPR_ object for data transfer to be successful. 

### SPR Item {#spr-item}

Make the following changes to the _SPR Item_ object to support the SPR process:
* Activate the _Display Order_ and _Document_ fields for the _Document_ object type.

## Configuring Object Lifecycle Actions {#lifecycle-actions}

The SPR process relies on several <a href="/en/gr/59885/">actions</a> configured on the appropriate object lifecycle states.

### SPR Lifecycle {#spr-lifecycle}

To configure the _SPR Lifecycle_, do the following:

* Add the _Generate SPR Binder_ <a href="/en/gr/43127/#assign-actions">user action</a> to one (1) or more states in the _SPR_ object lifecycle. Make sure the action is only on states in which users are finished creating all _SPR Items_. 
* Add the _Update SPR Fields_ <a href="/en/gr/43127/#define-entry-action">entry action</a> to the lifecycle's initial state to populate fields on _SPR_ records with values from the _Organization_ object, and as a user action to the states that users need to repopulate the _Organization_ data for accuracy.
* Add the _Finalize SPR Fields_ entry action to the steady state in which users will finalize the SPR data. When an _SPR_ enters a lifecycle state with this action configured, Vault does the following:
  * The _Next Audit Date_ is populated on the _SPR_.
  * The _Last Audit Date_, _Last Risk Classification_, and _Risk Level_ fields are validated and updated with the latest values if needed.
  * The _Risk Classification_ and _Next Audit Date_ fields are populated on the related _Organization_ record.

### SPR Item Lifecycle {#spr-item-lifecycle}

Configure the <a href="/en/gr/553725/#report-action">_Generate Document from Report_ user action</a> on the appropriate states in the _SPR Item_ lifecycle. Depending on the expected content of the resulting documents and availability of the sourced data, you can add them as user actions to the _Initial_ and _In Progress_ states, or to other states as required by your organization's process.

### Periodic Review Template Lifecycle {#prt-lifecycle}

Add the _Create Record From Template_ <a href="/en/gr/43127/#assign-actions">user action</a> to the _Periodic Review Template Lifecycle_ in an appropriate state so that users can create SPRs from established templates.

## Configuring User Permissions {#user-permissions}

You must ensure users have the appropriate read and create <a href="/en/gr/22824/">permissions</a> to access the appropriate objects and object fields in addition to the permissions outlined below:

* For the _Periodic Review Template_ object and its object types: _Create_, _Edit_, and _Delete_ permissions.
* For the _Periodic Review Items_ object and its object types: _Create_, _Edit_, and _Delete_ permissions.
* For the _SPR_ object and its object types: _Create_, _Edit_, and _Delete_ permissions.
* For the _SPR Items_ object and its object types: _Create_, _Edit_, and _Delete_ permissions.

### Configuring Document Type Permissions for SPR {#doc-type-permissions}

You must ensure users have the appropriate document type permissions to use the SPR feature in addition to the <a href="/en/gr/618/#settings-at-all-levels">related permissions outlined</a>:

<table>
  <tr>
    <td><strong>Type</strong></td>
    <td><strong>Permission</strong></td>
    <td><strong>Controls</strong></td>
  </tr>
  <tr>
    <td>Document Types created by QualityOne Document Generation Actions (SPR)</td>
    <td>Create Document</td>
    <td>Ability to create documents for <em>SPR Items</em></td>
  </tr>
  <tr>
    <td>Document Type (SPR Binder)</td>
    <td>Create Binder</td>
    <td>Ability to create an <em>SPR Binder</em> with the <em>Generate SPR Binder</em> action</td>
  </tr>
  <tr>
    <td>Document Type (Final Report)</td>
    <td>Create Document</td>
    <td>Ability to create a <em>Final Report</em> document using the <em>Generate Merged PDF</em> action</td>
  </tr>
</table>

## Related Permissions {#related-permissions}

You can complete all the steps in this article with the standard _System Administrator_ or _Vault Owner_ security profile. If your Vault uses custom security profiles, your profile must grant the following <a href="/en/gr/22824/">permissions</a>:

<table>
  <tr>
    <td><strong>Type</strong></td>
    <td><strong>Permission</strong></td>
    <td><strong>Controls</strong></td>
  </tr>
  <tr>
    <td>Security Profile</td>
    <td>Admin: Configuration: Document Lifecycles: Edit</td>
    <td>Ability to modify document lifecycles.</td>
  </tr>
  <tr>
    <td>Security Profile</td>
    <td>Admin: Configuration: Document Types: Edit</td>
    <td>Ability to modify document types.</td>
  </tr>
  <tr>
    <td>Security Profile</td>
   <td>Admin: Configuration: Object Lifecycles: Edit</td>
   <td>Ability to modify object lifecycles.</td>
  </tr>
  <tr>
   <td>Security Profile</td>
   <td>Admin: Configuration: Objects: Edit</td>
   <td>Ability to modify Vault objects.</td>
  </tr>
</table>

[1]: #doc-types
[2]: #doc-fields
[3]: #doc-lifecycle
[4]: #config-objects
[5]: #lifecycle-actions
[6]: #user-permissions