Estimating Security Resources Needed for Support Organization
As our implementation winds down, I've been tasked with the pleasure of defining the security resource requirements needed for the future state support organization.
Some high level details of the environment:
-ECC 6.0, SCM SNC 7.1, BI, XI/PI; expected to be approximately 10 instances in stable environment between DEV, Q, Prod
-100 business roles; 1000 single roles
-Custom security for one area that will require incremental additions of sales group/sales office across the BI, SNC and ECC systems in the roles (not too often)
-90 day password reset enforcement
-Manual access request forms
-Use of SPM and RAR
I've done some searches and found a fair amount of forum postings, but I'm seeing all types of different responses. While I understand it can vary, I am curious if any of you have (from your experience) developed a helpful equation that can help us deteremine whether 2, 3 or 10 resources are needed.
Please let me know if there is any more context I can provide. If you are aware of another thread that already discusses this, please let me know. Thanks in advance.