Check your safety concept
Is your security concept sound? Is your sensitive SAP data really reliably protected against unwanted access? A compliance check reveals weaknesses in your SAP authorization concept, prevents expensive problems and optimally prepares you for an audit.
What is a Compliance check?
A compliance check examines whether there are critical security gaps in your authorization concept.
In particular, this includes whether certain authorizations and authorization combinations contradict established audit rules and thus involve the risk that individual persons could cause major financial damage by having too much authority.
This risk assessment also examines whether the existing security measures are suitable for preventing improper access to data in your systems.
Why is a compliance check important?
A well thought-out assignment (and restriction) of authorizations is an essential component for data security on the one hand and the control of decisions on the other within a company. Under the umbrella term of Segregation of Duties (SoD), this ensures that no user alone can cause major damage to the company through their decisions - whether by accident or malice.
The separation of functions therefore serves the purpose of avoiding conflicts of interest and accumulations of authorizations. Sensitive, critical authorizations should only be granted if absolutely necessary.
A compliance check is used to examine the security concept and compare it with the existing, real assignment of authorizations. A regular check can prevent additive authorization assignment from creating combinations of authorizations that could be dangerous for the company. At the same time, you also comply with legal duties of care and regulations.
The systematic execution of compliance checks also means that you are optimally prepared for an audit by auditors. A good tool documents any problems found as well as the steps taken to resolve them. It provides all the necessary information for the auditors, thus supporting you in the tasks and obligations arising for the audit and saving you a lot of time and work.
Test our Compliance Quick Check now!
With hundreds of proven audit queries from our many years of experience, our test quickly determines whether there are conflicts in your authorization concept. Recommendations for their elimination are also provided.
Ensure security with the SIVIS Compliance Quick Check
The Compliance Quick Check from SIVIS gives you a clear overview of any security gaps in your SAP environment in the shortest possible time.
How we proceed
We first implement an extractor in your system that collects and matches audit-relevant data such as user and role assignments. This information is then audited according to our established and proven audit rules.
What we check
Our Quick Check checks your SAP systems holistically for possible compliance violations and audit conflicts. The following parameters and criteria, among others, are taken into account, tailored to your requirements and specifications:
- Critical authorizations
- SoD conflicts due to authorizations
- Non-permitted access permissions
- Rules for identities, user names and passwords
- Access methods
- Customizing and system parameters
- Emergency management
- User processes
WHAT WE PROPOSE
We present the results of our audit in more detail in a presentation prepared for you. Our services include preparing appropriate solutions and possible steps for SoD conflicts as well as for other security issues that come to our attention during the risk analysis. We want you to minimize your risks.
In particular, we make precise proposals for a sustainably usable security concept, which you can then use as a basis for controlling your rights assignment and processes and enforcing compliance rules in the longer term.
At the same time, the concept is also suitable as a basis for further compliance checks. After all, a good concept can only be the basis on which regular compliance checks must nevertheless take place - because practice always deviates somewhat from theory (and often for good reasons).