smartSoD

SoD matrix risk repository and sensitive access

smartSoD - proper segregation of duties

smartSoD is a template access risk repository for segregation of duties risks and sensitive technical access. The library has been developed during security projects delivered for over 12 years for more than 100 customers from various industry and sectors (telecommunication, FMCG, retail, entertainment, production, chemistry, pharma). It works as project accelerator when user access reorganization is required and first project effect are required to be delivered fast It contains a list of over 125 segregation of duties risks and 50 instances of sensitive access.

When is it worth it?

Not defined segregation of duties risk matrix as the basis for provisioning user rights.
No list of critical access (IT & business)
Lack of consistency - many roles and authorisations, created in different time periods by different consultants, motivated by various project initiatives.
Recurring auditing recommendations to control this sphere better / more attentively.

Complete database content - SoD and sensitive transactions

Summary - why is it worth using?

smartSoD delivers segregation of duties matrix repositories and sensitive access in SAP ERP class systems. It helps to accelerate the process of implementing the proper segregation of duties in SAP permissions.

Main functionalities of smartSoD

A central business repository containing a list of sensitive transactions and segregation of duties risks and conflicts.
An engine that allows to import of data regarding permissions from different SAP systems (ECC / S4CORE) and field-specific systems via XML.
Application support for the definition of dictionary objects, users can easily add new definitions of custom transactions.
Support for work with spreadsheets (importing of data to a matrix from an Excel sheet).
Easier start of permission restructuring projects.

smartSoD screen gallery

References

FAQ – find out more about smartSoD

smartSoD is an indispensable service from the perspective of security of processes and business actions executed in a SAP system. Below you may find the answers to the most frequently asked questions about our solution.

1. Is smartSoD a separate system or a native ABAP program?

The smartGRC application is a separate stand-alone system, which can be installed in your personal environment or made available from the cloud. Installation of the system requires preparing an application server (Windows) and a database server (SQL).

2. How does the application connect with SAP systems?

The smartGRC application connects through a SAP interface dedicated to JAVA systems – a JCo connection. Standard SAP programs are used to download data from the SAP system, launched for reading data with parameters set by smartGRC.

3. What is the average time needed to implement and install smartSoD?

3-4 weeks, assuming a standard process and no more than 10 administrators and consultants accounts for 2-3 SAP systems. A greater number of accounts or SAP systems generates additional complexity in the implementation process (configuration, training, and transition of knowledge), which grows with the number of stakeholders and operated SAP systems. However, the duration of more complex projects does not exceed 3 months.

4. How does this product differ from other products on the market? What advantages does it offer?

The product has a wider spectrum of reported information realized during special / emergency sessions than its market alternatives, such as creating financial or storage documents, and a detailed documentation of changes, among others. such as creating financial or storage documents, and a detailed documentation of changes, among others. It has built-in safeguards for when an administrator attempts to start an emergency session bypassing smartSoD (usage is reported). It is intuitive in use, based on the familiar environment of a web browser.

5. Does the smartGRC application support other ABAP systems as well?

Yes, it can support any given system, including ones not based on ABAP technology, but in such a case it is necessary to prepare a dedicated connector, which may extend the implementation and installation process. Currently the system includes connectors to: Active Directory, Remedy, and Service desk.