Site icon ExpressGRC | SAP Cyber Security Software for SAP Compliance

Step one in your SAP SOD Implementation Process

SAP SOD Rules

SAP SoD rules that are currently enforced or not. Most of the companies have SAP Rule set analyzed by a Tool or SUIM report or custom report. The Functional owners need to understand the what can be analyzed and monitored

SAP SOD Transaction Conflicts

SAP Transactions Conflicts that may be important but not currently enforced. When you use a third-party tool they come with the Standard Ruleset. Most of the companies do not review the rule as it easy to deploy and get the report without much work. This will provide a baseline of risk to be monitored and change control applied going forward.

SAP Sensitive Transactions

SAP SOD Conflicts and SAP Sensitive Transactions that are not relevant. This will depend on your business process and the industry.  For example, if you are not implementing SAP HR Functionality then you may want to make the HR Risk a low priority? We do not want to recommend disabling the risk as we want to make sure this risk not present to any user or role. Because if the functionality not being used then the risk should not be in any role or user. When the risk is in the role or user then the functional owner can identify them and remove.

SAP SOD Risk

SAP SOD Conflicts and SAP Sensitive Transactions that are low risk based on company’s Business Model. It better to make the risk low than to disable them. As you want to be aware of risk if it is in the users.

SAP SOD Custom Transactions

Unique Application Customization for which conflicts need to be identified. This is mainly the Custom table and Custom programs which are written.  As a good practice if these are the SAP custom transactions or custom tables have to be assigned to proper authorization groups and assigned to transactions.  This way the user need not use SE38/ SA38 and SM30/SE16

SAP SOD Risk Classification

Known conflicts that exist for business reason: Once of the questions you may have to explain the external auditors are why certain risk not turned on and why some of the risks are classified as low. It will be good to have documentation and approvals documented using a ticket.  Most of the company’s will make the changes as part of the change control process.

[vc_row css=”.vc_custom_1512575306373{margin-top: 50px !important;}”][vc_column width=”1/3″][vc_cta h2=”Free Step by Step SAP License Optimization Guide” shape=”square” add_button=”bottom” btn_title=”click here” btn_style=”flat” btn_color=”default” btn_i_icon_fontawesome=”stm-diamond” btn_css_animation=”left-to-right” css_animation=”left-to-right” btn_add_icon=”true” css=”.vc_custom_1512579904776{padding-top: 50px !important;padding-right: 35px !important;padding-bottom: 50px !important;padding-left: 35px !important;background-color: #3a80f1 !important;}” btn_link=”url:http%3A%2F%2Fexpressgrc.com%2Ffree-sap-license-optimization-guide%2F||” el_class=”c_action”]SAP Customer is liable to pay 70 Million additional SAP licensing fees as a result of what is broadly known as Indirect Access.[/vc_cta][/vc_column][vc_column width=”1/3″][vc_cta h2=”Free SAP GRC 10.0 Step by Step Guide” shape=”square” add_button=”bottom” btn_title=”download here” btn_style=”flat” btn_color=”default” btn_i_icon_fontawesome=”stm-diamond” btn_css_animation=”left-to-right” css_animation=”bottom-to-top” btn_add_icon=”true” css=”.vc_custom_1512579856805{padding-top: 50px !important;padding-right: 35px !important;padding-bottom: 50px !important;padding-left: 35px !important;background-color: #f1b500 !important;}” btn_link=”url:http%3A%2F%2Fexpressgrc.com%2Fsap-grc-10-1-step-step-guide%2F||” el_class=”c_action”]Are you fed up with being not able to get job? Tired of being disappointed in yourself, because you just can’t seem to get started in the career as SAP  GRC Consultant?[/vc_cta][/vc_column][vc_column width=”1/3″][vc_cta h2=”Financial Loss due to Fraud Risk” shape=”square” add_button=”bottom” btn_title=”click here” btn_style=”flat” btn_color=”default” btn_i_icon_fontawesome=”stm-diamond” btn_css_animation=”left-to-right” css_animation=”right-to-left” btn_add_icon=”true” css=”.vc_custom_1512579731433{padding-top: 50px !important;padding-right: 35px !important;padding-bottom: 50px !important;padding-left: 35px !important;background-color: #1d9e3f !important;}” btn_link=”url:http%3A%2F%2Fexpressgrc.com%2Ffree-sap-process-control-step-step-guide%2F||” el_class=”c_action”]Using the right kind of SAP Controls in the right way can be trans formative for any SAP System[/vc_cta][/vc_column][/vc_row]

Exit mobile version