Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Need document re. SAP security, specifically for eternally hosted SAP

Former Member
0 Kudos

Hello,

I am on a project performing the consolidation of our current ERP solution onto a single outsourced SAP platform.

What I am looking for are any sort of questionnaire / security requirements document around SAP security, specifically for an eternally hosted SAP environment.

Can anyone share any sort of documentation/checklist, or provide a URL to such a document/checklist?

Thank you.

4 REPLIES 4

arpan_paik
Active Contributor
0 Kudos

Does SDN feels like training oriented forum?? A comprehensive training might serve your purpose...

sebastian_broll
Explorer
0 Kudos

hi ben

look for the SAP security guides - but i fear they are a bit oversized for your actual question.

http://service.sap.com/security

follow the link "SAP Security Guides"

security is a very complex concept, and can not be covered in general wit a simple checklist.

based on the security guides, you may of course create your own checklist. but, expect several days of work ahead ....

cheers,

sebastian

0 Kudos

>expect several days of work ahead ....

Several weeks seems more realistic to me !

Regards,

Olivier

0 Kudos

Sometimes it takes several years to rollback again, only to be followed by the next wave of cost cutting experiments...

Specifically for security, you are sometimes limited to the boundary of contractual terms so I would concentrate on that first - otherwise each customer would be able to do a datacenter audit, etc. You should ensure that the important company policies are covered by the contract and governance aspects are clear for the provider, with penalties for failure. Generally a SAS70 report does the trick and verify who performed the audits.

Sometimes customers even perform joint-audits on a periodic basis or the SAS70 audit is performed completely independently by more than just checklist-auditors. Then the water starts turning murky with topics like password management, access from home, open ports, etc...

Cheers,

Julius

Edited by: Julius Bussche on Jun 4, 2010 10:37 AM