smartSoD

Repozytorium ryzyk matryca SoD i dostępy wrażliwe

smartSoD - proper segregation of duties

smartSoD is a template access risk repository for segregation of duties risks and sensitive technical access. The library has been developed during security projects delivered for over 12 years for more than 100 customers from various industry and sectors (telecommunication, FMCG, retail, entertainment, production, chemistry, pharma). It works as project accelerator when user access reorganization is required and first project effect are required to be delivered fast It contains a list of over 125 segregation of duties risks and 50 instances of sensitive access.

When is it worth it?

Not defined segregation of duties risk matrix as the basis for provisioning user rights.
No list of critical access (IT & business)
Lack of consistency - many roles and authorisations, created in different time periods by different consultants, motivated by various project initiatives.
Recurring auditing recommendations to control this sphere better / more attentively.

Complete database content - SoD and sensitive transactions

Summary - why is it worth using?

smartSoD provides knowledge about the definition of separation of duty (SoD) matrix and sensitive accesses in SAP ERP systems. It helps you get started faster in implementing the right separation of duty in SAP entitlements.

Headline smartSoD functionalities:

A central business repository containing a list of sensitive transactions and segregation of duties risks and conflicts.
An engine that allows to import of data regarding permissions from different SAP systems (ECC / S4CORE) and field-specific systems via XML.
Application support for the definition of dictionary objects, users can easily add new definitions of custom transactions.
Support for work with spreadsheets (importing of data to a matrix from an Excel sheet).
Easier start of permission restructuring projects.

smartSoD screen gallery

References

FAQ – find out more about smartSoD

smartSoD is an indispensable service from the perspective of security of processes and business actions executed in a SAP system. Below you may find the answers to the most frequently asked questions about our solution.

1. Is smartAccess a separate system or a native ABAP program?AP?

The smartGRC application is a separate system that can be installed in your environment or be available in the cloud. Installation of the system involves the preparation of an application server (Windows) and a database server (SQL).

2. How does the application connect with SAP systems?

The smartGRC application connects via a dedicated SAP interface for JAVA systems – the JCo connection. Standard SAP programs run to retrieve data from SAP are used to read data with the parameters indicated by smartGRC.

3. What is the average time needed to implement and install smartSoD?

3-4 weeks, assuming the use of a standard process and no more than 10 accounts for administrators and consultants in 2-3 SAP systems. A larger number of accounts or SAP systems generates additional complexity in the implementation process (the process of configuration, training and knowledge transit), which increases as the number of stakeholders and SAP systems supported increases. However, the duration of more complex projects does not exceed 3 m-c.

4. How is this product different from others on the market? What is its advantage?

Produkt posiada szersze spektrum raportowanych informacji realizowanych w trakcie sesji specjalnej / awaryjnej niż alternatywne produkty na rynku. Są to między innymi utworzone dokumenty finansowe lub magazynowe oraz szczegółowe dokumenty zmian. Posiada wbudowane zabezpieczenia w sytuacji kiedy administrator próbuje wykonać sesję awaryjną z pominięciem smartSoD (raportowane są użycia). Jest intuicyjny w użyciu w oparciu o znane środowisk przeglądarki internetowej.

5. Does the smartGRC application support other ABAP systems as well?

Yes the system can handle any system, including those based on ABAP technology, but in such a situation it is necessary to prepare a dedicated connector which can prolong the implementation and installation process. At this point, the system has connectors for: Active Directory, Remedy and Service desk.