Remerciez-le!

Remerciez @Admin pour avoir partagé cet document gratuitement, de la manière la plus simple, en partageant sur les réseaux sociaux.

Eam guide 1 www pwc be SAP GRC Access Control Emergency Access Management April CPwC provides end-to-end SAP consulting services Value through SAP strategy design implementation QA Human Capital Governance Risk Compliance Finance Treasury PwC SAP Consulti

www pwc be SAP GRC Access Control Emergency Access Management April CPwC provides end-to-end SAP consulting services Value through SAP strategy design implementation QA Human Capital Governance Risk Compliance Finance Treasury PwC SAP Consulting Enterprise Assets Value chain Technology Security PwC April Slide CPwC ? s SAP security GRC services Increase quality pro ?tability with PwC services SAP technology PwC April Slide CAgenda SAP security What why SAP GRC Access Control overview Emergency Access Management deep-dive Live demo Implementation good practices Question answer PwC April Slide CSAP security What why PwC April Slide CSAP authorisations PwC ? s ?ve guiding principles for an e ?ective design Task based methodology SoD free E ?ective SAP security Smart technical design Quality technical build Know your control points PwC April Slide CPwC ? s holistic view on SAP security SAP GRC as an enabler for a sustainable authorisation model ??Get clean stay clean ? Use the right tools and processes to support your SAP authorisation concept Security Provisioning Processes Org Structure Governance SAP Role Architecture E ?ective SAP M Security Design PwC April Slide CSAP GRC Access Control overview PwC April Slide CSAP GRC Access Control Four modules which enable controlled SAP authorisations Access Risk Analysis GRC Access management technology Emergency Access Management Access Request Management PwC Business Role Management April Slide CEmergency Access Management deep-dive PwC April Slide CHow to handle those midnight emergency calls ? ? without opening security gates permanently Your challenges Access to sensitive transactions is not controlled ? Recent audits demonstrated that your SAP users in IT and Business had access to sensitive SAP transactions or tables on a permanent basis whilst the access was not required to support the user ? s day-to-day job activities This sensitive access was granted to these users to allow them to support the business in case of incidents and or emergency requests but resulted in an uncontrolled usage of sensitive SAP access Your desired response SAP GRC to meet IT business and internal contdrdodlsdrequirements You want to address above challenges by implementing appropriate controls on the usage of sensitive SAP access in support of incidents and emergency requests and by installing regular risk- based SAP access reviews SAP GRC Access Control technology has been identi ?ed as an important enabler for these controls PwC April Slide CSAP GRC Emergency Access Management An enabler for controlled management of elevated access Key Functionality ? Pre-de ?ne emergency access for approved users ? Activity monitoring for all emergency users ? Enables compliance-focused emergency access for SAP Key Bene ?ts ? Avoid business obstructions with faster emergency response ? Reduce audit time ? Reduce time to perform ? Work ow based log Review ? Compliant Emergency access management process PwC Super user SAP ALL New session Firecall ID SD New session Firecall ID MM New session Firecall ID FICO New session Firecall ID ? Log Log Log ? Pre assigned ?re ?ghter IDs ? Access restrictions ? Validity dates and expiry ? Field-level changes tracked