The smartGRC application was developed in 2010 and has since significantly reduce the effort required to work with excesive authorizations in over 20 companies in Poland.
Our GRC team of more than 20 people specialises in the authorization and security area for ERP systems.
Our knowledge and experience allows us to continuously develop the smartGRC application to solve real project challenges.
The purchase of a smartGRC licence provides access to a knowledge repository (SoD segregation of duties risk matrix) and premade solutions to challenges in the field of SAP authorization.
About the application
The smartGRC application was created as a response to the challange related to mass data processing in ERP systems (SAP) by users with segreagation of duties conflicts resulting from excessive authorizations.
Properly configured access authorization and user permissions can be an effective management solution to cyber security threats. Correctly adjusting user authorizations is not easy as it requires deep understanding of the weaknesses of ERP class (SAP) systems.
These weaknesses create the risk of losing control over the accuracy, correctness and integrity of processed data in ERP (SAP) systems in the company.
The smartGRC application evens the odds for the company in this battle. It was designed with the goal of automating processes related to authorization management in SAP systems, and it is currently being successfully used in other systems as well.
Main features
- Developed in 2010
- Can function in the client's personal or cloud environment
- Has 4 main functional areas
- Average implementation period of 1-3 months
- Fulfills most audit requirements in the field of SAP permissions
- Built-in SSO
- Integrates with the Active Directory module and HR systems
- Built-in segregation of duties risk repository
- Has a list of sensitive access in the SAP system
- Integrates with ticket systems: Remedy & Jira
- Supports non-SAP systems: Spectrum, Single View, DWH / Teradata
- MBS Oracle „1.0” IFRS 15, Billing DTH
WHAT MAKES US SPECIAL?
Expert and hands-on exprience with SAP security and authorization area gathered during the realization of the largest GRC implementation projects in Poland and in EU regions
In 2022, we obtained the 'Recognized Expertise' title in the GRC area from SAP, making us the right experts to consult in the SAP security and authorizations domain
Business case – what kind of problems do we solve?
Our customer reviews
The smartGRC application implemented an overhaul for 10 partitioned systems and 6 SAP systems within 4 weeks. More than 300 auditors participated in the review, who occasionally shared their opinions with other auditors. Despite its large scale, the review process was fully automatic and fully transparent for the participants. This would not be possible without the support of smartGRC.
The automatic implementation of permissions in SAP and the preventive risk analysis of task allocation have improved our certification process. It is implemented more quickly and at the same time we comply with the guidelines of the external audit.
The smartGRC application has provided us with management information on current risk exposure segregation of duties and redundant SAP system accesses, which, combined with useful information on usage statistics became the basis for us in terms of deciding on the direction of improvement of the situation. The GRC team provided us with knowledge of the separation of duties risk base and helped smoothly lay out the project and then supported us in its implementation. All within the agreed deadline and budget. Definitely recommend to work together.
The ongoing analysis of the risks of task allocation conflicts (SoD) and the reporting of the causes of task allocation conflicts have facilitated the process of converting certificates.
GRC Advisory provided us with experts with many years of experience in roles and authorizations which translated into the high quality of the authorizations developed.
The GRC team provided us with knowledge of the risk base of separation of duties and helped to smoothly lay out the project and then supported us in its implementation.
All within the agreed time and budget.
Strongly recommend to work together on these complex and complicated issues in SAP roles and permissions.