01-30-2007 8:56 PM
Hi SAP Gurus,
I have multiple questions.
first, let me explain situation
- New implementation of NW04S + ECC5
- Used are BI7 only , GL,FI/CO,TR ( all financial products)
- Small-medium size company with 3-4 company codes.
- SOX is a big issue but no Versa.
- CUA implemented, (don't know why land scape is very small)
Question 1
I need a security strategy template to out line a security strategy.
If some on have an example that I can follow, will appreciate it, other wise if I can be pointed in right direction.
Question 2
What should be my security design strategy, any suggestions in this kind of situation.
Thanks
T.Jay
01-31-2007 3:21 PM
Hi,
1. Security strategy is company specific and its company property.
2. Design your self.
yes. SOX is a big issue.
first be specific about the job roles(positions) and gather required transactions.
then create roles or you can copy predefined roles.
then find out the critical and conflict transactions across the business roles, and try to exclude them.
it s not that much easy to prepare and implement, but it s possible.
Thanks,
Praveen.
01-31-2007 3:21 PM
Hi,
1. Security strategy is company specific and its company property.
2. Design your self.
yes. SOX is a big issue.
first be specific about the job roles(positions) and gather required transactions.
then create roles or you can copy predefined roles.
then find out the critical and conflict transactions across the business roles, and try to exclude them.
it s not that much easy to prepare and implement, but it s possible.
Thanks,
Praveen.
01-31-2007 4:25 PM
Hi TJ,
Check this info ..can be helpful...
http://www.sapsecurityonline.com/sox_sod/sod_matrix_fi.htm
Br,
Sri
Award points for helpful answers
01-31-2007 11:37 PM
Hi,
Some of the following links would give you an over view.
http://www.auditnet.org/sapaudit.htm
http://help.sap.com/saphelp_erp2005vp/helpdata/en/3f/857e41564c020de10000000a1550b0/frameset.htm
http://www.law.uc.edu/CCL/SOact/toc.html
http://www.auditnet.org/sarbox.htm
http://www.isaca-kc.org/doc/Segregation%20of%20Duties.pdf
I will try to share more info.
Cheers
Soma
02-06-2007 9:49 PM
Thank you all for your inputs.
Security document is in fact a part of functional / management team responsibility in which you help them with your inputs and thoughts as it varies with business processes.
Thank you again.
TJ
Message was edited by:
Tee Jay