Definition of SoDs & Critical Access Risk Rules

Each and every company and its situation are unique – too unique to fulfill all relevant requirements with a standardized  SoD Matrix. The need for proper Segregation of Duties (SoD) Risk Definitions can start with compliance focus (risk reporting, remediation / cleanup and mitigation strategy), down to day-to day operations: ongoing provisioning of authorizations, roles re-design or maintenance, ongoing workflow-based user access review etc.. In both Get Clean and in Stay Clean phases it is crucial to have reliable and complete SoD Risk Rules. There are several aspects influencing your unique SoD Risk Rule definitions: ERP landscape, business processes, ICS and other compliance requirements, custom developments and custom authorizations maintenance. Be also aware of further important details like system performance and dealing with false positives.

Service: We can help you to develop and upload your Risk Rules into SAP GRC covering all relevant SAP-aided business processes. Non-SAP applications can be covered as well. SoD Risk rules can also support cross-system analysis.

Benefit from our experience combining both sides – compliance and security. Establish and upload audit – proof SoD and critical access Risk Rules. Best practice Risk Rules based on SAP Standard and Greenlight – along with our developments – can be used as a starting point. Our experience in development and operations for authorization concepts helps you to consider SoD requirements for the lifecycle of authorization concepts in the most efficient way.