Ensuring compliance with Sarbanes-Oxley (SOX), and other regulation, can place a heavy burden on any company’s internal controlling mechanisms. Putting the right processes in place is just the first step: verifying, documenting, and identifying violations is the hard part. SUIM’s Compliance Enforcer controls for rule violations and alerting risk owners to any potential infringements. Compliance Enforcer not only checks for the potential risks linked to authorizations, it can also analyse information about actual risks that have occurred, using data recorded by SUIM’s Application Tracer and Emergency Handler.
“SUIM’s Compliance Enforcer allows the verification of an entire SAP portfolio from a central system. Results can be displayed and stored centrally. It not only covers authorization-objects but also roles, profiles, BI-profiles, system parameters, and, in particular, business roles.”
In everyday use, your users should only have appropriate authorizations for their jobs and areas. This is true for ordinary users, as well as for administrators, developers, and your on-call support. In special cases, however, expanded authorizations are necessary. For such situations, SUIM’s Emergency Handler (EH) allocates users greater authorization rights for limited period. During this period, all user actions are recorded for audit purposes.SUIM’s Emergency Handler also offers a possibility of running control scans, using SUIM’s Compliance Enforcer’s rule-set, to identify unauthorized actions after an emergency has been dealt with.
“With its alert option, Emergency Handler issues us with a warning message and records automatically every action carried out by anonymous users (e.g. DDIC or SAP*), giving us greater oversight”
Some organizations or units need to periodically revalidate particular user permissions in certain systems.
The frequency and duration of such checks can vary according to a range of different factors (level of risk of roles, applications..).
Some checks must be conducted by line managers, others by the business role managers, others by both.
SUIM’s Business Role Validator is an application that allows you to generate and send all workflow tasks automatically, at the right time and to the right people.
“The Workflow Owner receives a consolidated list of users flagged for revalidation, making it easier to validate/deny existing permissions, in compliance with internal regulations, and resulting in considerable time-saving.”