cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Convert from Compliance Calibrator 4.0 to Risk Analysis and Remediation 5.2

Go to solution
Former Member

on ‎03-09-2011 8:05 PM

0 Kudos

Hello Forum,

I'm looking for other opinions on converting Compliance Calibrator (CC) 4.0 to Risk Analysis and Remediation (RAR) 5.2 (formerly CC)

I have inherited responsibility for RAR and need to upgrade it to the 5.2 level; our current ECC level prevents us from going to 5.3

I found a process that will unload the data from CC 4.0 and be imported into RAR 5.2

I want to understand the definitions that comprise the RAR and was thinking about recreating the definitions in 5.2 based on what is already defined in the CC 4.0 system; I have time to do this since there is no definitive deadline that would make it impossible to meet

Currently, I have the following definitions:

Business Process 6 entries

Functions 47 entries

Risks 147 entries

Mitigating Controls 40 entries

Would others find this approach acceptable and reasonable even though I would be entering all the information? Basically, it would be like defining the data for the very first time if this was NEW software

I would expect to come away with a good understanding of how everything ties together; at this point, I am only looking to create the necessary data that would allow for producing SOD reports that show all users with "risks" have been mitigated with acceptable controls

Thanks for your responses in advance

Jerry

Ryerson, Inc

630-758-2021

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

frank_bannert
Active Participant
‎03-10-2011 8:57 AM
0 Kudos

Hi Jerry,

sounds good to me, but keep in mind that AC 5.2 comes also with it's default ruleset which you might want to consider using in addition to what you have defined in CC 4.0.

For the migration process there is a guide on Service Marketplace:

http://service.sap.com/~form/sapnet?_SHORTKEY=00200797470000088133&_SCENARIO=01100035870000000202&_O...

Best,

Frank

Show replies
Show replies
Former Member
‎03-10-2011 2:14 PM
0 Kudos

Thanks for the reply

I have the migration guide and have reviewed it; I have actually played around a bit with obtaining the file from CC 4.0; I found that the data records may need some adjustments to be compatible with RAR 5.2; one of the reasons that may be leading me to do everything from scratch

The definitions currently defined were completed by an outside source and the mitigated controls were defined by the Internal Audit area

I'm not sure if they were mixed with the defaults

I'm not sure at this point what impact or changes I would experience if I use the "default" supplied rules set but I expect to find out

Thanks again for your reply

Jerry

Answers (2)

Answers (2)

Former Member
‎03-11-2011 4:49 PM
0 Kudos

Thanks for the replies

The scope of this question has been answered

Show replies
Show replies
koehntopp
Product and Topic Expert
Product and Topic Expert
‎03-10-2011 10:35 AM
0 Kudos

Hi Jerry,

what exactly is your ECC level?

Kind regards,

Frank.

Show replies
Show replies
Former Member
‎03-10-2011 2:20 PM
0 Kudos

Frank,

Sorry about the confusion; we are currently running r/3 at the 4.7 level; ECC terminology was introduced I believe with ECC 6

My understanding is that the GRC products at 5.3 require ECC 6

For what it's worth, my GRC 5.2 products are up to date with the latest SP levels

We are in the process of putting a plan together for upgrading to the ECC level but that may be some time yet before it becomes reality;

I would like to get the RAR 5.2 working to replace CC 4.0 prior to the ECC upgrade

Jerry

koehntopp
Product and Topic Expert
Product and Topic Expert
‎03-10-2011 2:58 PM
0 Kudos

That's why I was asking.

5.3 will work just fine with 4.7....

Frank.

Ask a Question