03-12-2008 5:26 AM
I would like to know what teams are involved to carry out a SAP Security Implementation project.
i.e I am aware of team involved in Role Built,team of functional consultants,,,etc,,can anybody tell me in detail about type of human resource involved.
I have heard of GRC team also ?What is it about?
03-12-2008 8:10 PM
Hi Ajit,
GRC is for SOD finding out conflicts in roles after Go live .user
will submit for user acess forms and get approved using VIRSA ACESS ENFOCER and Requestor can also run a Risk Analysis to see if the roles being requested for will have any Segregation of
Duty conflicts and get conflicts like "Risk B019"
He can choose to mitigate the risk, assign a Mitigating Control or he can remove roles.
that are causing the conflict.
Compliance Calibrator for SAP is a fully automated Security Audit and Segregation of Duties (SoD) Analysis Tool.
03-12-2008 8:22 PM
> ... fully automated Security Audit and Segregation of Duties (SoD) Analysis Tool.
There is a hell of a lot more to Security Auditing (let alone automation of it...) than downloading tables with user and role definition data in them, which are possibly the wrong tables anyway....!, and then interpreting single fields of data in them, offline....
Cheers,
Julius