Case Study – Media and Communications Industry
Client
- Media and telecommunications industry
- System: SAP ERP, SAP HCM, SAP EWM, SAP APO
- Area systems: Spectrum, Single View, DWH / Teradata, MBS, Oracle “1.0”, IFRS 15, customer card, DTH billing.
Challenge
- No SoD matrix.
- External audit guidelines for the privileged access management process.
- Audit requirements for the regular review of user authorisations.
- Checking and eliminating redundant user permissions.
- High organizational, procedural and technological complexity.
- More than 200 participants in the credentials review
- Hundreds of gigabytes of data for permissions that need to be verified.
Effect
- Building a matrix of chapter duties for over 100 risks of distribution of duties and sensitive access.
- Implementation of an automated process of periodic verification of permissions for SAP systems and other specialist systems.
- Gradual elimination of the risk that SoD’s responsibilities are divided by redundant user rights.
- Improving the management process for accessing emergency accounts
- Monitor activity on selected special accounts.
- Implementation of the smartGRC modules: smartAccess, smartReview, smartReport, smartSod, smartAdmin
- Integration with REMEDY.
- Integration with REMEDY.
- SSO
Characteristics of the project
- The project is divided into several phases, an agile approach focused on prototyping new functionalities and demonstrations.
- 8 months for the installation and introduction of the entire system (modules smartReport, smartSoD, smartAdmin).
- 5 persons in the GRC team.
- 7 persons involved on the side of the customer
- Get to know the customer – order a reference appointment.
- Get to know the implementation costs – ask for a discussion with a GRC.
References
