cancel
Showing results for 
Search instead for 
Did you mean: 

What do you mean by Role Remediation

Former Member
0 Kudos

Guys, I want to know clearly that what does this Role Remediation means.. Pls let me know as I am little bit confused on this.!

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hello Ramu

Role Remediation refers to the measures, to address the SOD (segregation of duties) conflicts associated with the Roles in the ERPs.

For example, an SOD Conflict / risk which is associated with a single role, can be removed (remediated) by splitting into two different roles, if it is feasible. This is one way of remediation of the role.

Where ever it is not possible to split the roles or remove the roles from the system, a mitigation control can be identified for such SOD risk associated with the role, to reduce the impact to some extent ( mitigation control is generally defined in such a way that some user in the system would be monitoring the usage of such role on a periodic basis). This is one more way of remediation. Defining the mitigation control depends on the criticality of the SOD risk, as maintaining mitigation controls involves efforts and cost.

One more way is to give access to such role through super user access (if the usage of the role is not regular).

The best practice in the remediation would be to start with the single roles remediation as it automatically removes the SOD violations in the composite roles as well as violations associated with the users with such roles.

I just wrote few ways of remediation to give you a brief idea of role remediation.

Regards

Swarna

Answers (1)

Answers (1)

Former Member
0 Kudos

Dear Ram,

When ever there are SoD Conflicts in a role, there are 2 ways for addressing these SoD risks.

a) Role Remediation - Removing the t-codes which are conflicting in nature from the role and ensuring role is SoD free

b) Role Mitigation - Even though there are SoD conflicts, these t-codes might be necessary for that particular role to perform the business function. In this scenario, mitigation controls will be provided by the business management to address the SoD conflicts identified. Here t-codes will be retained in the role but conflicts will be addressed in GRC through Mitigation Controls

Thanks and Best Regards,

Srihari