Compliance Enforcer (CE)

The big picture

To ensure and verify the conformity with the Sarbanes-Oxley-Guidelines (SOX) and other regulatory law specifications, an enterprise has to install, document and proove internal controlling mechanisms. SUIM’s Compliance Enforcer is the tool to ensure and proof the conformity with regulatory law specifications. It does not only consider the potential risks caused by changes but analyzes the information about occurred risks from Application Tracer data as well .

In combination with SUIM’s Access Manager or Identity Manager, SUIM’s Compliance Enforcer works as an “integrated permanent system investigator”. It verifies in real time every mapping of an authorization element based on the stored rules and standards and identifies developing risks.

What is CE used for?

SUIM’s Compliance Enforcer allows the verification of the entire SAP portfolio from a central system. The results are displayed and stored centrally.

CE goes further than to check authorization objects, roles and BW-profile-values. By checking system parameters and the integration of an open interface for Non SAP-Systems, SUIM’s Compliance Enforcer is a  comprehensive solution for all IT Controls.

Your Internal Audit Team

  • The simple and clear structure based on the definition of rules in SUIM’s Compliance Enforcer allows an ergonomic creation and monitoring  of risks.
  • In order to categorize and document rules and risks, as many attributes as needed can be maintained.
  • Rules and risks have time based mitigations and refusal of mitigations allowing for flexible and reliable risk mitigation strategies.

Your Authorization Team

  • Before an authorization-element is assigned a risk check can determine risks that this would create.
  • Before an authorization element is modified, a simulation of the potential risks on user level and authorization level can be carried out.
  • All assignments in the landscape as well as unauthorized role modifications can be monitored.

Features

Rules and Risks

Multiple Rule Types exist to cover your requirements

  • SAP-authorization-objects, SAP-roles, SAP-profiles, system parameter (RZ10)
  • AM/AMSO organizations, SUIM systems, AM/AMSO organization type – organization level
  • AM/AMSO roles, BI authorizations
  • Open API

Customizing wizard

The ergonomic customizing workplace for the configuration of Compliance Enforcer makes creating rules and risks simple and intuitive.

Workflow scenarios

CE comes with multiple preventive or reactive workflows for risk owners and managers.

Open Interface

An open interface is delivered for enhancing CE with non-SAP rules and risks.

Alerts

Alerts can be configured if risks occur within an emergency access.

AIM Integration

A full integration into AIM allows

  • Scanning of Emergencies for risks in EH
  • Scanning of occured risks in historical data with AT
  • Preventive risk checks in AM and AMSO
  • Risk cockpit and risk check in IM

Security

The use of trusted RFC for communication between the central and client systems is recommended, but is not a requirement. It is also possible to use a technical user. However, it is strongly advised not to use a dialog user as a technical user.

The use of trusted RFC ensures that the user who performs CE remote functions on a source system is also logged on to the remote system with his or her user.

Technical requirements

SUIM’s Compliance Enforcer consists of a central Package to be imported on your Central System, and of a small client package to be imported on each satelite system.

In order for CE to be fully utilized, the release of the central system on which it is operated should be in the minimum NetWeaver 7.3.

The release level of the client systems does not affect the functionality of CE, but should still be in the minimum SAP 7.3.

Non-SAP systems could be integrated using the open API for rules. These custom developments are not part of the delivered product.