Choose your language

EN
Thought Leadership

Building More Effective Access Control Through Business-Centric GRC

Building More Effective Access Control Through Business-Centric GRC

If your SAP roles and rule sets are sound, your access control solution is set up for success

This article is based on a Tech Insights brief by Craig powers, Research Analyst at SAPinsider. The Brief takes a deeper look into what is needed to set an organisation up for success when it comes to access control.

Read a summary of Craig’s findings below or download the full SAPInsider Tech Insights Brief.


SAPInsider’s Tech Insights Brief highlights:
  • Business-centric access control engages business users in the access risk management process to help align access better with business needs.
  • SAP role clean-up and GRC rule set customisation are vital foundational elements to a successful access control solution.
  • Companies can significantly reduce access risk and access over-allocation through greater business involvement in access control.

Companies utilise access control solutions to identify risk within their user base. These solutions and processes are often technical and driven from audit and IT perspectives with very little input from business users who might find the technical GRC language hard to decipher. That’s where the idea of business-centric GRC comes into play for access control—providing the business with easier to understand, less technical language so that they can better interpret the data.


Understanding risk = greater ownership

If business users understand the access risks presented to them, they are more likely to ultimately take ownership of it. And when the business users take ownership of access risk, they can be held accountable.

 However, creating business-centric access control is difficult to do internally. More often than not it requires a solution that speaks to business users, such as Soterion’s Access Risk Manager, which features user-friendly interfaces and business process flows for easy risk remediation and effective access control management. 


Building a solid access control foundation

While it may take the right business-centric GRC solution to get business users invested in access control, it’s a mistake to view the software as a silver bullet.  
First, correcting the SAP role design within SAP must be done to optimise any technology investment. Once the organisation has implemented a good SAP role design, they must then ensure their GRC rule set is customised to align with their unique access and risk requirements.   

If your SAP roles and rule sets are sound, your access control solution is set up for success. The question then becomes: How do you measure success in access control? One way to do this is by gauging how well business users carry out access risk management activities.

The problem is that often business users need to perform certain GRC functions, but they understand very little about GRC itself. They complete the tasks to tick an audit box rather than to address a specific need within the organisation. This is why having business user engagement is so important.

 

Top 4 access control requirements and strategies

There are a few reasons organisations use an access control solution.

  1. Firstly, they need to ensure that their SAP systems are secure, often driven by internal and external audits. These audits seek to monitor if people are         assigned appropriate access and determine fraud risk associated with improper access.
  2. Companies are also concerned about improving efficiencies of their SAP user provisioning processes and making it easier to manage authorisations. The goal is to get business users to perform compliance tasks and access risk management activities much more efficiently.
  3. Complying with regulations is also a top priority for implementing access control processes and solutions, especially when it comes to data privacy. There is a significant amount of sensitive personal data in SAP. Understanding where that data resides and who has access to it is important—especially when complying with data privacy regulations
  4. Finally, companies see the need to move access risk responsibility away from IT departments to business users. This shift means moving beyond using GRC solutions solely as back-end tools and becoming more business-centric in managing access risk.

To accomplish these objectives, companies should look to streamline provisioning processes and utilise automation to improve efficiencies. One example is to make use of Business Roles.

This is a collection of SAP access from a number of SAP systems. When a Business Role is assigned to an SAP user, all the required access from the various SAP systems (including DEV and QAS) for that user is assigned. This reduces the effort and time taken to assign appropriate access.


Benefits of business-centric access control

There is such a tendency to over-allocate access in SAP. This is either due to SAP users inheriting roles as they move internally, or a user being assigned an SAP role that has 50 transaction codes where the user only needs to use one transaction code (SAP authorisation creep).

 A business-centric GRC solution will ensure compliance tasks such as a User Access review are more effective, and can result in much of the over-allocated access being removed resulting in an SAP authorisation solution that is well-aligned to what the users are doing in the SAP system. This remediation effort will reduce the effort required to carry out any future user access reviews i.e. with a well-aligned solution, the business users will have far fewer user–role relationships to review which can have a significant cost saving to the organisation.

Soterion has seen organisations reduce access risk by as much as 80%, significantly minimising the potential for fraud. One way business-centric access control reduces risk is that business users make informed decisions as to whether their users need specific SAP access or whether it poses too significant a risk to the organisation. This informed decision-making process results in only assigning only appropriate access to the users, which reduces the potential for fraud in the organisation.


What does this mean for you?

Here are three key takeaways to consider when planning your business-centric GRC and access control strategy:

  1. Properly defining your SAP roles and GRC rule sets are essential. 
    If your SAP roles and GRC rule sets aren’t adequately set up and customised to your organisation, it becomes difficult to assign appropriate access. If that’s the case, it doesn’t matter how great your GRC solution is because it won’t correctly assess risk without accurate role and rule set data.
  2. Make access control accessible to business users.
    While many companies rely on IT to carry out access control through GRC software, the business users must carry out proper access risk management processes. Provide business users with user-friendly interfaces and easy-to-understand (read: non-technical) language around necessary risk management. They will be more engaged and more likely to limit access risk effectively.

  3. Go beyond audits when measuring GRC effectiveness. 
    It’s tempting to rely on audits to do the heavy lifting when it comes to measuring the effectiveness of your GRC and access control programs and technologies. However, that’s more of a measurement of the result, not the process. Companies can get ahead of audits by looking at how well business users are performing their access risk management duties along the way.

 

How can Soterion Help You?

Soterion is the market leader in business-centric GRC. By converting the technical GRC language into a language the business users can understand, we facilitate business buy-in and accountability.

Feel free to email us on [email protected]. Let us help you take your GRC to the next level.

 

Event

Mastering SAP Conference – 21 to 22 July 2022

Mastering SAP Conference – 21 to 22 July 2022

Live is back! Soterion will be at the in-person Mastering SAP event hosted by the Eventful Group in Melbourne.

We are planning a sweet surprise at our stand so come and visit us at our stand!

In partnership with the Mastering SAP, Dudley Cartwright, Soterion CEO, will be hosting a session on SAP User Access Provisioning (IAM vs GRC solutions) discussing and debating the options available to GRC/security practitioners.


More about the event:

More about our presentations:

Presentation 1: SAP User Access Provisioning (IAM vs GRC) – Understand your options

This topic will be hosted  by Dudley Cartwright, CEO of Soterion

Assigning SAP user access via an Identity Access Management solution versus the Access Control (GRC) solution. The pros and cons of both provisioning methodologies, as well as when to consider a hybrid approach. Identity Access Management solutions can bring about great efficiencies in the user access provisioning process but are less well equipped to identify access risk. On the other hand, access control solutions are well equipped to identify access risk but are less powerful at user provisioning.

What you’ll learn in this session:

In this session we will discuss some scenarios where the benefits of provisioning SAP access using an IAM solution outweigh that of GRC solution, as well as other scenarios where provisioning access using the Business Role concept (of the access control / GRC) solution are more beneficial than that of the IAM solution.

Gain an understanding of the advantages / disadvantages of each solution for user provisioning and user access reviews with an understanding of your organisation’s business objectives, be in a position to recommend the most appropriate provisioning strategy for your organisation

———

Presentation 2: Scaling the SunRice group’s security landscape for change

This topic will be presented by Ben Murphy, IT Architecture Manager at SunRice Group

In April 2019, the SunRice Group listed on the ASX. To adhere to the stringent compliance requirements that came along with that listing SunRice reviewed and expanded their GRC footprint in the SAP space. Already using the Access Risk Manager tool from Soterion to control their Segregation of Duties (SOD) risks, SunRice have now implemented the Elevated Rights and License Auditing modules from the same suite of products.

SunRice recently instigated a role review with the aim of tidying up over 20 years of role development and better structuring roles in preparation for the arrival of SAP S/4HANA. The review achieved tighter control of SOD risk without needing massive systems, enablement of production troubleshooting for the functional and Basis teams in a user and auditor friendly way, streamlined annual SAP License audit process and a reduction in SAP Professional license allocation.

Ben will explain:

  • Why you don’t need to write your own SOD/GRC tool! (Your ABAPers may be awesome, but they can do better things with their time)
  • You may not need as many SAP Professional Licenses as you think you do
  • The next time your auditors ask you about your IT Team’s access in Production, be ready.

About Mastering SAP

The Mastering SAP conference is a platform for customers, partners, and technology experts to gather, find answers to pressing challenges, showcase solutions, and demonstrate how to harness the power of SAP.

Mastering SAP provides a forum for Security professionals to discuss: Security Awareness, Ownership & Accountability, SAP Identity Access Management (IAM) & Access Governance, Data Privacy, Protection and GDPR, Secure by Design, Security and the Cloud and Development Security.

We look forward to connecting with everyone in the Melbourne.


———


How can Soterion Help You?

Soterion is the market leader in business-centric GRC. By converting the technical GRC language into a language the business users can understand, we facilitate business buy-in and accountability.

Read more about our offerings. Soterion’s GRC modules include Access Risk ManagerBasis Review ManagerElevated Rights ManagerPeriodic Review Manager, Password Self-Service, and SAP Licensing Manager.

 

Feel free to email us on [email protected]. Let us help you take your GRC to the nexts

 

 

Event

VNSG Security Event – 16 June 2022

VNSG Security Event – 16 June 2022

Soterion will be at the in-person Security Event hosted by the VNSG, held in Utrecht. Come and visit us at our stand.

In partnership with the VNSG (Vereniging Nederlandstalige SAP Gebruikers) Emile Steyn, Business Unit Director for Soterion Benelux, will also deliver a presentation on SAP User Access Provisioning (IAM vs GRC solutions) discussing the options available to GRC/security practitioners.


More about the event:

More about our presentation:

Topic: SAP User Access Provisioning (IAM vs GRC)  and understanding your options

Presented by: Emile Steyn, Unit Business Director at Soterion Benelux

Assigning SAP user access via an Identity Access Management solution versus the Access Control (GRC) solution. The pros and cons of both provisioning methodologies, as well as when to consider a hybrid approach. Identity Access Management solutions can bring about great efficiencies in the user access provisioning process but are less well equipped to identify access risk. On the other hand, access control solutions are well equipped to identify access risk but are less powerful at user provisioning.

In this session we will discuss some scenarios where the benefits of provisioning SAP access using an IAM solution outweigh that of GRC solution, as well as other scenarios where provisioning access using the Business Role concept (of the access control / GRC) solution are more beneficial than that of the IAM solution.


About VNSG

The Vereniging Nederlandstalige SAP Gebruikers has been promoting the exchange of knowledge and experience between their members through networking since 1988. VNSG annually organises content-rich conferences, meetings and other network meetings in order to promote the members’ opportunities to exchange experiences and expand their knowledge in the use of SAP.

The VNSG has over 750 members. These are companies that all use one or more SAP products. Over 200 of these companies are SAP Business One (SBO) users.

We are proud members of the VNSG.

———

We look forward to connecting with everyone in the Utrecht.

If you require any further information or have any questions about the event, please email  [email protected]

——–

How can Soterion Help You?

Soterion is the market leader in business-centric GRC. By converting the technical GRC language into a language the business users can understand, we facilitate business buy-in and accountability.

Read more about our offerings. Soterion’s GRC modules include Access Risk ManagerBasis Review ManagerElevated Rights ManagerPeriodic Review Manager, Password Self-Service, and SAP Licensing Manager.

Feel free to email us on [email protected]. Let us help you take your GRC to the next

Customer Success Story

Driving Governance at Bridgestone

Discover how Bridgestone Australia use Soterion’s GRC solution to effectively maintain segregation of duties

For Bridgestone Australia, one of the most well-known tyre manufacturers in the country, dealing with risk is a daily reality. Part of their brand promise is reducing risk for their customers who trust them to manufacture high-quality tyres to keep their families safe on the road.

But when it came to managing financial risk in their SAP system, they faced challenges.
With a growing team, maintaining access controls within their SAP system had become time-consuming, inefficient and costly.


High growth and legacy ERP set-up no longer sustainable

Bridgestone Australia has used SAP since 1998 and over the years the volume of users has increased significantly. In 2008 they had a small number of SAP users due to running two systems within the company, namely SAP and iSeries. Due to the volume of users being fairly small, managing segregation of duties was relatively simple.

The turning point came in 2013/14 when all Bridgestone users needed to be migrated to SAP and many new processes were introduced.

With a large number of users and the complexity of the process, the team knew this process needed to move from the existing manual processes to automation.


The search for a commercial solution

Having investigated several options, Bridgestone decided that a custom solution was the way to move forward. Leading the charge for a fit-for-purpose solution was Jess Barnes, Senior Business Analyst in the SAP team at Bridgestone Australia.

Jess understood the complexity required to create a custom program that would handle the needs of the business and the plan was for her to write IT specifications for the program during the first quarter of 2015.

It was then at the Mastering SAP Conference Australia that Jess came across Soterion, and discovered their solution could do everything she needed it to do, presenting the data beautifully, and meeting budgetary requirements.

After three days of training, the Soterion team worked closely with Bridgestone’s infrastructure team to set up a Soterion server to talk to their SAP server. After a proof of concept, in 2016 Bridgestone Australia started using the Soterion solution.

The tool is very useful to us because it gives us a clear picture and transparency of our financial risk in the business and the team is able to present the stats to the risk committee and executive team providing peace of mind to all” – Jess Barnes, Senior Business Analyst,


Adjusting the solution makes it more powerful

Although Soterion’s solution can be used out-the-box, there were certain setups that Jess and the Bridgestone team needed to do to customise it to their specific requirements and integrate into the company’s risk and governance control policies.

1. Reviewing the rule set 

The first thing the Bridgestone team did was to review the risk level and relevancy of the standard rule set. They decided to create their own Bridgestone rule set so that they could add their own set transactions to the list.

The out-the-box solution shows low, medium, high or critical risk levels. In the system, Bridgestone found that certain risk levels which were marked as ‘high’ they saw as ‘medium’, however, a relevancy checkbox allowed the team to keep oversight of all risks regardless of the levels.

2. Segregation of Duties (SOD)

The second activity the team embarked on was to review all the risks that they have in the business by looking at all their users. They needed to define a mitigating control for each of them, something that the business and auditors would both agree on.

After running the SOD risk details within the Soterion solution, users who had a particular risk were highlighted together with a long description function that defined the risk. The team were then able to record a mitigating control.

Role simulation and user simulation were used on a daily basis. When creating a new role the team could instantly check whether there was any segregation of duties, look into their risk definition details and allocate a mitigating control, ready for audit.


Key lessons from Bridgestone’s implementation
  • Once a mitigating control has been decided on, it is a good idea to review it regularly. Bridgestone Australia does this on a yearly basis to ensure their mitigating controls are still relevant.
  • When setting up roles, ensure there are no conflicts in the same role. Revoking a role is difficult to do once the role has been set, especially with a large number of users. Setting this up correctly from the very beginning is crucial.
  • There is no need to develop a custom solution. Solutions such as Soterion’s GRC software can do everything and more, and brings with it expert knowledge which has been built up over years.

     

Click here to download the PDF of this Customer Story.

How can Soterion Help You?

Soterion is the market leader in business-centric GRC. By converting the technical GRC language into a language the business users can understand, we facilitate business buy-in and accountability.

Feel free to email us on [email protected]. Let us help you take your GRC to the next leve

 

 

Event

Event – UKISUG Connect 2021 – 29 to 30 Nov

Visit us at UKISUG Connect 2021

Come and visit our booth at UKISUG Connect 2021. We are looking forward to connecting with delegates in person this year. We have also partnered with UK & Ireland SAP User Group (UKISUG) to bring to you an informative session on ‘How to improve the organisation’s risk awareness with business-centric GRC’ presented by Emile Steyn, Business Unit Director at Soterion Benelux.

About UKISUG CONNECT 2021

UKISUG Connect is the largest annual gathering of SAP Professionals across the UK & Ireland.

This event, held at The ICC Birmingham, is spread over three days and is the ‘go-to’ for all SAP users, with knowledge-rich keynotes, engaging breakout sessions and an exhibition hall of over 70 SAP
partners and various interactive sessions.

About Our Breakout Session:

  • Date: 29 November 2021
  • Time: 16:30 – 17:10 BST
  • Venue: Level 2, Hall 9
  • Register: Online
  • Find out more

What to Expect from the Session

Organisations have been struggling to derive value from their GRC investment since the inception of GRC solutions. Coupled with this, business users often perform compliance tasks with minimal intent and/or consideration to the impact on business. The technical nature and complexity of SAP security and GRC means that ownership typically remains an IT problem.

In this session we will articulate the techniques and strategies to successfully shift access risk from IT to the business, thus enhancing business accountability and buy-in. This will ultimately improve an organisation’s overall risk awareness and ability to manage their risk.

Emile Steyn will share his extensive experience in the field of Access Risk management. The GRC challenge is growing with more incidents taking place around the globe. Organisations will benefit from learning how SAP access risk is related to business risk and addressing it as a business risk leads to enhanced accountability and a security culture. Emile will share tips and tricks that will benefit the audience in how they address the challenges in their organisation.

——–

If you require any further information or have any questions about the event or Emile Steyn’s presentation please email [email protected]

Event

Virtual Event – SAPSA IMPULS 2021 – 8 to 9 November 2021

Soterion has partnered with SAP Swedish User Association (SAPSA) to bring to you a presentation on the User Access Assigned via an Identity Access Management and/or an Access Control (GRC)


About SAPSA

SAPSA – SAP Swedish user association – is an independent and non-profit association that since 1990 promotes the exchange of knowledge and experience between our members through networking.  SAPSA annually organises content-rich conferences, meetings and other network meetings in order to promote the members’ opportunities to exchange experiences and expand their knowledge in the use of SAP.

Event Details

Here’s what you’ll take away from our sessions:

User Access Assigned via an Identity Access Management and/or an Access Control (GRC)
Tuesday 9 November 14:00 – 14:30 CEST
Presented by: Emile Steyn, Unit Business Director at Soterion Benelux

Identity Access Management solutions can bring great efficiencies in the user access provisioning process but are less well equipped to identify access risk. On the other hand, access control solutions are well equipped to identify access risk but are less powerful at user provisioning. Learn about the benefits of provisioning SAP access using an IAM solution outweigh that of GRC solution, as well as other scenarios where provisioning access using the Business Role concept (of the access control / GRC) solution are more beneficial than that of the IAM solution.

Orkla Solved GRC in a Quick and Efficient way
Monday 8 November 10:00 – 10:30 CEST
Presented by: James Quinn, GRC Manager, Orkla Group & Karin Ejstrup, Business Unit Director, EPI-USE Labs

Orkla needed a fast implementation of GRC when moving to S/4HANA. Hear what challenges Orkla IT group had with  requirements from the business side, how they implemented Soterion GRC in an S/4HANA context and how they managed to please both internal and external auditors.

—–

We look forward to connecting with everyone virtually.

If you require any further information or have any questions about the event, please email  [email protected]

Read more about our offerings. Soterion’s GRC modules include Access Risk ManagerBasis Review ManagerElevated Rights ManagerPeriodic Review Manager, Password Self-Service, and SAP Licensing Manager.

Webinar

Webinar – Managing Security and Authorisations for SAP S/4HANA in a Changing World – 17 Nov 2021

Soterion has partnered with BR1GHT to bring you a free 1-hour webinar on the very current and pressing topic – Managing Security and Authorisations for SAP S/4HANA in a Changing World. We look forward to hearing from our guest speakers at BR1GHT, PwC and Soterion.

About the webinar

S/4HANA is on the horizon for many organisations.

For SAP end-users, the new Fiori functionality will provide an improved user experience. However, this benefit comes at the cost of more complexity from a security perspective. Coupled with this, organisations are under increased pressure from internal and external auditors to ensure that their SAP security provides an adequate level of control. The S/4HANA project provides a great opportunity to prioritise security from the outset (security-by-design) and implement a robust security solution that adequately addresses your organisation’s security requirements for years to come.  

During this free 1-hour webinar, experts from BR1GHT, PwC and Soterion will provide insights needed to identify these challenges and pro-actively address issues before and during the S/4HANA migration.

What to expect:

  • Meindert Keuning (BR1GHT) will share his vision on how organisation’scan minimise their SAP security risks and save costs through an SAP authorisation service concept. 
  • Steven Hordijk (PwC) will provide insights on trends and why better set-up and use of tools like Soterion is essential. Steven will discuss key risks that should be managed, highlight key focus areas from auditors and explain why S/4HANA transition is the moment to invest in compliance. 
  • Emile Steyn (Soterion) will explain how Soterion’s business-friendly solutions can help companies remove these challenges and pro-actively address their current issues.

Webinar Details

  • Date: Wednesday, November 17, 2021
  • Time: 10:00am – 11:00am (CET)
  • Register Here

 

More about our speakers:

Meindert Keuning – BR1GHT – Responsible for the continuous monitoring and SAP propositions at BR1GHT. He gained his hands-on experience from his 15 year tenure at KPMG as an IT advisor and IT auditor.  

Steven Hordijk – PwC – Director at PwC Risk Assurance supporting clients globally with their internal control and automation challenges.  

Emile Steyn – Soterion Benelux – Business Unit Director and an SAP security specialist with experience in retailing, manufacturing, agriculture, mining and healthcare.
 

 

 —–

We look forward to connecting with everyone virtually.

If you require any further information or have any questions about the event, please email  [email protected]

Webinar

SAUG Solution Series – SAP Access Risk – Cross Company-Code Control – 9 Nov 2021

Soterion has partnered with SAP Australian User Group (SAUG) to bring to you a 45-minute Solution Series Webinar on SAP Access Risk – Cross Company-Code Control, presented by Soterion CEO, Dudley Cartwright.

 

About SAUG

The SAP Australian User Group (SAUG) is an independent not-for-profit industry association that provides information, access, and advocacy for SAP customers and professionals (including SAP acquired companies – SuccessFactors, Ariba, BusinessObjects, Concur, hybris and Fieldglass). With a member base of over 6,000 individuals from 300+ companies, SAUG is the only SAP-endorsed user group in Australia.

SAUG’s vision is to be a strategic partner of the Australian SAP community to help each other achieve business goals by gaining the insights and influences required to utilise and improve SAP and close the gap between strategy and execution.


About the webinar

 This 45-minute webinar, presented by Dudley Cartwright from Soterion, will impart valuable insight on how to easily identify users with incorrect Organisational Level access.

  • Date: Tuesday, November 9, 2021
  • Time: 2:00PM – 2:45PM AEST
  • Register Here (Webinar open to SAUG Members only)

Managing access risk is typically done by highlighting users with segregation of duties or critical transactions. However, many organisations have a requirement to control users to their respective Company Codes, Plants, Purchasing Organisations and Sales Organisations.

In this session we will demo Soterion’s new Organisational Level Group functionality which highlights each user’s SAP access by Organisational Level using graphically displays such as location maps. This business-friendly reporting functionality ensures business users can easily identify SAP users with incorrect Organisational levels access.

This webinar is open to SAUG members only, be sure to log into the website to register. If you are interested in joining SAUG, head to their Membership Page.

—–

We look forward to connecting with everyone virtually.

If you require any further information or have any questions about the event, please email  [email protected]

Read more about our offerings. Soterion’s GRC modules include Access Risk ManagerBasis Review ManagerElevated Rights ManagerPeriodic Review Manager, Password Self-Service, and SAP Licensing Manager.

Webinar

SAUG Webinar – SAP User Access Provisioning (IAM vs GRC) – 19 Oct 2021

Soterion has partnered with SAP Australian User Group (SAUG) to bring to you a 1-hour webinar on SAP User Access Provisioning (IAM vs GRC) – understand your options, presented by Soterion CEO, Dudley Cartwright.

 

About SAUG

The SAP Australian User Group (SAUG) is an independent not-for-profit industry association that provides information, access, and advocacy for SAP customers and professionals (including SAP acquired companies – SuccessFactors, Ariba, BusinessObjects, Concur, hybris and Fieldglass). With a member base of over 6,000 individuals from 300+ companies, SAUG is the only SAP-endorsed user group in Australia.

SAUG’s vision is to be a strategic partner of the Australian SAP community to help each other achieve business goals by gaining the insights and influences required to utilise and improve SAP and close the gap between strategy and execution.


About the webinar

This 1-hour webinar, presented by Soterion CEO, Dudley Cartwright, will impart valuable insight into assigning SAP user access via an Identity Access Management solution (IAM) versus the Access Control (GRC) solution. We will discuss the pros and cons of both provisioning methodologies, as well as when to consider a hybrid approach.

  • Date: Tuesday, October 19, 2021
  • Time: 2:00PM – 3:00PM AEST
  • Register Here (Webinar open to SAUG Members only)

Identity Access Management solutions can bring about great efficiencies in the user access provisioning process but are less well equipped to identify access risk. On the other hand, access control solutions are well equipped to identify access risk but are less powerful at user provisioning.

We will discuss some scenarios where the benefits of provisioning SAP access using an IAM solution outweigh that of GRC solution, as well as other scenarios where provisioning access using the Business Role concept (of the access control / GRC) solution are more beneficial than that of the IAM solution.

Key takeaways

  • Pros and cons of user provisioning of the different methodologies
  • Understanding your organisation’s business objectives to help you decide on the most appropriate provisioning strategy

This webinar is open to SAUG members only, be sure to log into the website to register. If you are interested in joining SAUG, head to their Membership Page.

—–

We look forward to connecting with everyone virtually.

If you require any further information or have any questions about the event, please email  [email protected]

Read more about our offerings. Soterion’s GRC modules include Access Risk ManagerBasis Review ManagerElevated Rights ManagerPeriodic Review Manager, Password Self-Service, and SAP Licensing Manager.

Webinar

UKISUG Webinar: Business-centric GRC – User Access Review by Business Process – 15 Sept 2021

UKISUG Webinar: Business-centric GRC – User Access Review by Business Process

Effective GRC is measured by how well the business users carry out their access risk management activities. Join our webinar to learn more!

Soterion has partnered with UK & Ireland SAP User Group (UKISUG) to bring to you a 1-hour Webinar on Business-centric GRC – User Access Review by Business Process presented by Soterions CEO, Dudley Cartwright.

About UKISUG

Founded in 1988, The UK & Ireland SAP User Group (UKISUG) is an independent ‘not for profit’ organisation. UKISUG comprise of over 600 organisations and 5,000 professionals, are an independent voice for SAP users in the UK and Ireland and provide a channel for SAP to communicate to customers.

Webinar Details

  • Date: Wednesday, 15 September 2021
  • Time: 2:00 PM – 3:00 PM BST
  • Register: Online
  • Note: This webinar is open to all. If you are interested in joining, please be sure to visit UKISUG’s website to book as a guest, or if you are a member login to reserve your place
  • Find out more

What to Expect from the Session 

In this webinar, we will discuss the importance and interrelationship between the components of effective GRC, namely the role design, rule set, and access control solution. We will explain how a combination of design, process improvements, and the right solutions will enable the SAP user access review to be performed effectively and efficiently.

We look forward to connecting with everyone virtually.

If you require any further information or have any questions about the event, please email  [email protected]

1235