05-21-2010 5:12 PM
Hello,
I am on a project performing the consolidation of our current ERP solution onto a single outsourced SAP platform.
What I am looking for are any sort of questionnaire / security requirements document around SAP security, specifically for an eternally hosted SAP environment.
Can anyone share any sort of documentation/checklist, or provide a URL to such a document/checklist?
Thank you.
05-23-2010 2:27 PM
Does SDN feels like training oriented forum?? A comprehensive training might serve your purpose...
06-04-2010 4:32 AM
hi ben
look for the SAP security guides - but i fear they are a bit oversized for your actual question.
http://service.sap.com/security
follow the link "SAP Security Guides"
security is a very complex concept, and can not be covered in general wit a simple checklist.
based on the security guides, you may of course create your own checklist. but, expect several days of work ahead ....
cheers,
sebastian
06-04-2010 7:24 AM
>expect several days of work ahead ....
Several weeks seems more realistic to me !
Regards,
Olivier
06-04-2010 9:32 AM
Sometimes it takes several years to rollback again, only to be followed by the next wave of cost cutting experiments...
Specifically for security, you are sometimes limited to the boundary of contractual terms so I would concentrate on that first - otherwise each customer would be able to do a datacenter audit, etc. You should ensure that the important company policies are covered by the contract and governance aspects are clear for the provider, with penalties for failure. Generally a SAS70 report does the trick and verify who performed the audits.
Sometimes customers even perform joint-audits on a periodic basis or the SAS70 audit is performed completely independently by more than just checklist-auditors. Then the water starts turning murky with topics like password management, access from home, open ports, etc...
Cheers,
Julius
Edited by: Julius Bussche on Jun 4, 2010 10:37 AM