Scribd Logo
Upload

Welcome to Scribd!

  • 490 views

    GRC Overview

    Uploaded by

    Trinadh Bokka
    The document provides an overview of SAP's GRC (Governance, Risk, and Compliance) suite of solutions. It summarizes the key components and features of Access Control 5.3 & 10.0, including user access management, business role management, and emergency access management. It also describes the technical differences between GRC 5.3 and 10.0, focusing on the transition from Java to ABAP platforms.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd

    GRC Overview

    Uploaded by

    Trinadh Bokka
    490 views17 pages
    The document provides an overview of SAP's GRC (Governance, Risk, and Compliance) suite of solutions. It summarizes the key components and features of Access Control 5.3 & 10.0, including user access management, business role management, and emergency access management. It also describes the technical differences between GRC 5.3 and 10.0, focusing on the transition from Java to ABAP platforms.

    Original Description:

    GRC PWC

    Original Title

    GRC Overview.pptx

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document provides an overview of SAP's GRC (Governance, Risk, and Compliance) suite of solutions. It summarizes the key components and features of Access Control 5.3 & 10.0, including user access management, business role management, and emergency access management. It also describes the technical differences between GRC 5.3 and 10.0, focusing on the transition from Java to ABAP platforms.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd
    Download as pptx, pdf, or txt
    490 views17 pages

    GRC Overview

    Uploaded by

    Trinadh Bokka
    The document provides an overview of SAP's GRC (Governance, Risk, and Compliance) suite of solutions. It summarizes the key components and features of Access Control 5.3 & 10.0, including user access management, business role management, and emergency access management. It also describes the technical differences between GRC 5.3 and 10.0, focusing on the transition from Java to ABAP platforms.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd
    Download as pptx, pdf, or txt
    of 17
    At a glance
    Powered by AI
    The document discusses the various components and features of SAP Governance, Risk, and Compliance (GRC) including Access Request Management, Risk Analysis, Business Role Management, and differences between versions 5.3 and 10.0.

    The main components of SAP GRC discussed are Access Request Management, Risk Analysis and Remediation, Business Role Management, and Super User Privilege Management.

    Some of the key features of Access Request Management discussed are automated provisioning, testing for segregation of duties issues, streamlining approvals, and incorporating multi-stage multi-path workflows.

    SAP Governance, Risk & Compliance

    Overview

    SAP GRC The Solutions Access Control 5.3 & 10.0


    Compliant User Provisioning/ Access Request Manag: User Access Management Enterprise Role Management/ Business Role Manag: Business Role Governance Super user Privilege Management/ Emergency Access Manag : Super user Risk Analysis and Remediation/ Access Risk Analysis : Risk Analysis

    GRC Process Control GRC Risk Management

    GRC Global Trade Services


    GRC Sustainability GRC Environmental Health & Safety Compliance

    What is difference..
    From a technical perspective, SAP has moved from Java programming language to the Advance Business Application Programming (ABAP) platform, which enable consistent security and standardize configuration settings between GRC 10.0 products. This standardization allows centralized support across all components, and the solution`s new platform improves changes management processes by leveraging SAP`s standard transport system and background job scheduling and archiving features.
    GRC 5.3 GRC 10

    Netweaver ABAP/JAVA

    Netweaver ABAP/Java

    SAP ECC/ R/3

    SAP ECC/ R/3

    Access Request Management

    Automates provisioning Tests for segregation of duties issues Streamlines approvals to unburden IT staff

    GRC
    ECC

    BI

    CRM

    Few Imp features of GRC ARM:


    AC product includes some pre-delivered workflows for user access management: One significant enhancement is the ability to incorporate MSMP workflow configuration into user access approval routing MSMP : Multi Stage Multi Paths One initiator rule ID Agents/Approver : Role, Custom Group, Agent ID & User group Mass user Creation.

    Access Request Analysis

    ARM

    ARA

    EAM

    BRM

    Risk Analysis and Remediation , which supports real-time compliance to detect, remove and prevent access and authorization risks by preventing security and control violations before they occur. Real-time compliance to detect, remove, and prevent access and authorization risk by controlling violations before they occur The ability to perform mass mitigation of SoD risks at the user or risk level will allow business users and control owners to experience increased productivity by reducing time spent on the mitigating access risks

    Why ARA

    Build Rules

    Risk Analysis at Action / permission levels Reports

    Remove access Or Mitigate

    Free from violations

    Ability to filter, Save reports and run multiple and custom risk analyses simultaneously custom risk analyses simultaneously : transaction code and permission level User can save risk reports in PDF file.

    Crystal Reports is not integrated in GRC 10.0 solution, enabling report customization and the user of charts and graphs to represent risk analysis
    GRC 10 give mass mitigation of SoD risk at the user or risk level will allow business users and control owners to experience increased productivity by reducing time spent on mitigation access risks. In previous versions of the GRC suite, mitigation only could be applied to one user across all systems (instead of a subset of system)

    Centralized Emergency Access

    No SAP_ALL

    SD FF ID Log

    MM FF ID Log

    FICO FF ID Log

    PP FF ID Log

    Preassigned firefighter IDs Access restrictions Validity dates Field-level changes tracked in audit log Easy Monitoring

    GRC 10.0

    ECC 6

    BI system

    CRM system

    ECC 6

    Super-user monitoring capabilities have been moved to a centralized environment in GRC 10.0 Previously Firefighter had to be installed and configured for each target system. This will allows monitoring of emergency access from one GRC system and streamlining of the administration process

    Business Role Management


    The Business Role Management component of the GRC solution automates role definition and management of roles

    Provides SAP Security Administrators, Role Designers, and Role Owners with a simplified means of documenting and maintaining important role information
    Access Control can be the central repository for all SAP systems connected in the landscape

    Business Role Management is tightly integrated with the Access Request Management engine, Roles are maintained in BRM, these same roles are updated immediately for use in access requests

    Ensure consistency in naming conventions

    Track the status of the role during maintenance


    Be the central repository for role management Identify duplicate or nearly duplicate roles

    Identify roles that may no longer be needed

    GRC 10.0 BRM Sample Screen

    You might also like