SAPLIB

Checklist and Step by Step template for SAP Governance Risk Control Implementation Toolkit

1. Document the control environment. What are you doing? What are your processes? Where are the risks?
2. Test: Implement the process and access controls needed to address the risks identified.
3. Remediate: Resolve exceptions found by the controls.
4. Analyze: Use the information gathered to gain a deeper understanding of the business.
5. Optimize: Improve both GRC and business processes as insights are gathered.

Popularity: 12% [?]

2 Security and access protection
2.1 Objective
An access protection system and the ability to grant individual authorizations basically serves four purposes:
- To protect confidential data against unauthorized disclosure
- To protect the data against unauthorized, but also against unintentional, changes or deletion
- To facilitate the transparency of the procedures by tracing exactly who did what in the system, and when.
- To guarantee that applications can be audited.

According to commercial law, these measures (i.e. preemptive controls in the internal control system) should prevent violations of any legal restrictions on the erasure of electronically stored data. They should also guarantee legally required audit trail traceability and ensure that no violations against complete and orderly accounting occur. These measures ensure, then, that no data which is unauthorized, incomplete, incorrect, or posted to the wrong period or account is entered into the system.

2.2 Requirements
The access protection system must ensure that only authorized individuals have access to the system and to particular data. It must be possible to key in the corresponding codes (passwords) without others being able to see them. The system should ensure that:
- only passwords of a defined minimum length are accepted,
- certain sequences of characters that could be easily guessed are not accepted,
- the password may be defined and altered by the user only,
- the system automatically demands the password to be changed at defined intervals,
- passwords are protected against being divulged to anyone other than the user him/herself. (more…)

Popularity: 28% [?]

Perhaps the most well known of the Virsa tools this is often used synonymously for the other tools and indeed interacts intensively with the Firefighter and Access Enforcer tools.

Virsa Compliance Calibrator: supports real-time compliance by stopping security and controls violations before they occur. With the most comprehensive library of SOD rules available for SAP, the application makes it easy for business-process owners to deploy rules applicable to your organisation and eliminate risks from inappropriate access to SAP.

The key benefits as described by SAP are: (more…)

Popularity: 8% [?]

Virsa FireFighter for SAP: enables super-users to perform emergency activities outside the parameters of their normal role, but to do so within a controlled, fully auditable environment. The application assigns a temporary ID that grants the super-user broad yet regulated access, and tracks and logs every activity the super-user performs using that temporary ID.

Popularity: 45% [?]

Virsa Role Expert: centralises and standardises enterprise wide role management, eliminating manual errors, providing an audit trail for changes, and enforcing best practices. Using the application, business managers can define functional roles, and IT managers can define the associated technical permissions.

Popularity: 7% [?]