We are implementing cybersecurity in our company which covers IT and OT security. Can anyone please advise if we can leverage GRC 10.X mitigation controls capability and include our cybersecurity controls ?
If it in anyway concerns someones SAP authorisation accesses, you should be able to.
Are you planning to utilise the Mitigating Control library to document non-SAP risks? Or are you utilising SAP reports to monitor non-SAP related security issues?
No harm in using the GRC AC mitigating controls repository like a documentation library, but it will just sit there as a definition and have no real monitoring ability, even in the forms of a GRC report.
Unless you are using 3rd party connectors to connect to the Non-SAP system and analyse Action level violations.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.