Compliance

Re­view and re­struc­ture your au­thor­iz­a­tion concept

Compliance with RBE Plus

IT com­pli­ance fig­ures high on cor­por­ate agen­das. These days em­ploy­ees are stor­ing, edit­ing and shar­ing ever in­creas­ing volumes of data in SAP sys­tems. Our RBE Plus ana­lyses are es­sen­tial tools that sup­port your com­pany in com­ply­ing with laws and reg­u­la­tions, and doc­u­ment­ing this com­pli­ance. What’s more, we’ll help you re­view and re­struc­ture your au­thor­iz­a­tion concept and tail­or your li­cens­ing concept to your spe­cif­ic needs.

Access

Se­cur­ity and com­pli­ance re­quire­ments are in­creas­ing, but man­aging ac­cess au­thor­iz­a­tion is tricky. Prob­lems must be de­tec­ted and remedied im­me­di­ately.

An in­dustry-in­de­pend­ent study con­duc­ted by IBIS Prof. Thome shows that on av­er­age, em­ploy­ees have far more au­thor­iz­a­tions than they need. Ap­prox­im­ately 23 per­cent of these proved wholly un­ne­ces­sary. In the or­gan­iz­a­tions ex­amined, em­ploy­ees were typ­ic­ally as­signed more than 5,000 non-es­sen­tial func­tions and/or trans­ac­tions.

This reck­less dis­tri­bu­tion of au­thor­iz­a­tions gives em­ploy­ees ac­cess to activ­it­ies in the sys­tem that they don’t need and shouldn’t have – and worse still, this ac­cess can­not be re­li­ably mon­itored. Be­sides neg­at­ively im­pact­ing busi­ness pro­cesses, in­dis­crim­in­ate dis­tri­bu­tion of au­thor­iz­a­tions can res­ult in massive breaches in data se­cur­ity, not to men­tion un­war­ran­ted costs.

RBE Ac­cess ana­lys­is helps you:

  • es­tab­lish au­thor­iz­a­tion man­age­ment that con­forms to your company’s needs and meets com­pli­ance and se­cur­ity re­quire­ments
  • en­sures that em­ploy­ees’ phys­ic­al and net­work ac­cess matches cur­rent task pro­files and activ­it­ies

License

Cut­ting costs by reg­u­larly check­ing li­censes against user activ­it­ies and re­as­sess­ing the need for pur­chased li­censes.

The SAP li­cens­ing mod­el is us­age-based, so li­censes should re­flect the users’ ac­tu­al activ­it­ies. We ad­vise cor­por­a­tions to gear their pur­chases to­ward what we term the “least-li­cense” prin­ciple – keep­ing li­cens­ing to a min­im­um by as­sign­ing users only the li­censes they need.

When sys­tem con­fig­ur­a­tion does not re­flect real needs, you’re at risk for over-li­cens­ing. But as­sign­ing li­censes based on ac­tu­al sys­tem us­age re­quires peri­od­ic re­views and re­as­sess­ment of li­cens­ing needs. Thanks to RBE Plus, this is simple.

The ana­lys­is makes it easy to fit users with the prop­er num­ber and types of li­cense. What’s more, it re­veals short­com­ings in your cur­rent li­cens­ing strategy and points out how to im­prove them.

SoD

Ac­cess to com­pany-crit­ic­al data must be strictly reg­u­lated and mu­tu­ally in­com­pat­ible func­tions se­greg­ated.

As cor­por­a­tions em­brace all that the di­git­al age has to of­fer – with in­creas­ing quant­it­ies of data be­ing stored, ed­ited and shared across the world – se­greg­a­tion of du­ties takes on great­er sig­ni­fic­ance than ever be­fore. Be­cause ERP sys­tems store masses of com­pany-crit­ic­al data, ac­cess to this data must be strictly reg­u­lated and mu­tu­ally in­com­pat­ible func­tions se­greg­ated.

The SoD ana­lys­is helps you:

  • to se­greg­ate func­tions to com­ply with in­tern­al and ex­tern­al reg­u­la­tions.
  • to check activ­it­ies ex­ecuted
  • to pro­act­ively re­view and de­tect breaches en­abled by em­ploy­ees’ ac­cess au­thor­iz­a­tions

Checking physical and network access against your security regulations

Key fig­ures, de­tailed eval­u­ations and in­teg­rated re­com­mend­a­tions help you match phys­ic­al and net­work ac­cess au­thor­iz­a­tions to cor­por­ate se­cur­ity reg­u­la­tions.

Restructuring the licensing model

Use RBE Plus SAP ana­lyses to re­struc­ture your li­cens­ing mod­el to re­flect your cur­rent cor­por­ate needs

Preventing SoD violations

Veri­fy­ing that SoD rules are ob­served is not enough. Define your role concept to pre­vent vi­ol­a­tions.

RBE Plus SAP ana­lyses give us pro­found in­sight in­to user be­ha­vi­or in our sys­tem.”

Tor­sten J. Somann, IT-Chef (Witzen­mann Group)

You would like to know more about Compliance? Get in touch with us:

12 + 14 =