smartReview

Intelligent review of risks
Periodic verification of entitlement status

Info

Gallery

Request a demo

See references

User-friendly verification of access and SoD risks

Aplikacja smartReview umożliwia inteligentny przegląd uprawnień i dostępów w różnych systemach IT (SAP ERP, S/4 HANA, HCM, Active Directory, Teradata, Wyrocznia, Biling, Spectrum, MSSF). The main focus in on segregation of duties risks that exists in users system access. The application builds a history of decisions made, monitors the implementation of decisions
in end systems. It supports the review process by informing the decision-maker which instances of access were used often or rarely.

When is it worth it?

  • Frequent rotation of employees between jobs / departments in a company, resulting in assigning access permissions which are no longer required for a user.
  • Multiple IT / ERP systems, large number of users, which hinders effective and up-to-date control of access permissions.
  • Auditing recommendations to cyclically review user rights in the SAP system.
  • Necessity of monitoring the results of periodic reviews and ensuring that the recommendations and decisions from the business have been entered into IT systems.

What the process may look like - ready solution

Summary - why is it worth using?

smartReview will carry out a quick, simple, and cyclical recertification of permissions held by users in systems, taking into account their current role in business processes.

SmartReview's main functionalities:

  • Meet audit requirements and guidelines through full tool support for an automated, friendly and controlled cyclic entitlement review process
  • Presentation of data regarding user rights in systems that is transparent and understandable for the business side.
  • Control mechanisms built into the process (the ability to transfer the decision-making position only to persons chosen in the process).
  • Mechanisms facilitating the work of verifiers (the ability to display and copy a previously taken decision).
  • Adjusting user rights adequately to their duties (participation in processes).

smartReview screen gallery

References

FAQ – find out more about smartReview

A review of authorisations in the system has so far required a great amount of work and time to carry out, and posed a heavy burden on the organisation as a result. Thanks to smartReview, a process of complete analysis can now be fully automated, and conducted according to individually set criteria – the application supports the user during every step of the review process.

The smartGRC application is a separate system that can be installed in your environment or be available in the cloud. Installation of the system involves the preparation of an application server (Windows) and a database server (SQL).

The smartGRC application connects via a dedicated SAP interface for JAVA systems – the JCo connection. Standard SAP programs run to retrieve data from SAP are used to read data with the parameters indicated by smartGRC.

Implementation of an application for user privilege review in SAP takes 6-8 weeks on average. It often depends on the organization’s expectations and input (implementation of SoD’s own risk matrix / use of ours – a standard matrix defined based on GRC’s experience and best practices gained during numerous projects) Implementation of an application for privilege review of a system other than SAP generates additional complexity in the implementation process (definition of risks, data import, additional programming work) which extends the review implementation time.

The application supports the entire process from preparing the data for review, assigning people to review accesses and then once the decision for the access is obtained – it allows to track the progress of implementing the decision in the end systems. The application supports decision makers during the implementation of the authorization review by being able to display the frequency of triggering transactions in SAP, being able to display decisions made in previous reviews, copying decisions between items which gives the application an advantage over other alternative products. Jest intuicyjny w użyciu w oparciu o znane środowisk przeglądarki internetowej.

Yes the system can handle any system, including those based on ABAP technology, but in such a situation it is necessary to prepare a dedicated connector which can prolong the implementation and installation process. At this point, the system has connectors for: Active Directory, Remedy and Service desk.

Have another question - write to us!

I want to see how smartReview works

Fill out the form below and we will contact you with a presentation of our offer and the capabilities of the module.

  • smartReview
  • SAP security
  • Periodic review of entitlements
  • Review of entitlements
  • Access control
  • Certification of authority