Key
Insights

Expert Insights - SAP Security FAQ's

Our consultants have put together a comprehensive list of common enquiries and responses to SAP security issues to help with basic troubleshooting and simple problem solving. These expert insights also provide useful background data to IT administrators about to start an SAP initiative.

If you have a question which is not listed here, please contact us. Your inquiry will be addressed by one of our consultants as promptly as possible.

Help us make this site better

favourites contact us forward page

CLIENT SUCCESS

SAP Application Case Study Premier Foods

Securing SAP systems during a business divestment

SAP implementation: A Worldwide Supplier of Office Products

An implementation of SAP IdM alleviates heavy administrative burden

A Major Global Office Products Supplier

Implementation of SAP GRC minimises conflicts and reduces audit pain

Client Success

BLOGS

6 Aug 2015

Do you have trust issues?

 

 

 

So, knowing that trust is defined as “having confidence in the veracity, integrity or other virtues of someone or something”, how would you rate the trust you have in the following:

  • The accuracy of your data?
  • Integrity of the systems which store your data?
  • Security of communication between systems?
  • The integrity of the people in your organisation?
  • The organisations which work to support you?
  • The processes which are in place?

If any of the above gave you pause for thought, you are probably not alone! I have seen examples of all of these being called into question at some point and, like all of us, have worked to improve the trust in the people, companies, systems and processes involved.

Once trust or confidence has begun to be eroded, it can be extremely difficult to re-establish, if it can be regained at all. It is possible to handle a lack of trust, establishing proper governance and control processes, supported by tools can help us to continue to operate in environments where trust is an issue.

Trusting the people

We trust the employees in our company with the data they require to perform their job function. We do, however, still establish mechanisms to protect both the organisation and the employees themselves from the ability to realise risk. It is important that this protection is understood to work both ways – the company can have faith that “John Doe” cannot commit fraud and “John” is confident that he will be blameless in the event that fraud were to happen. Establishing the employees’ responsibilities in managing risk are key to achieving our governance and compliance goals.

Maintaining control of segregation of duties risks, whether through role design, or supplemented with GRC access controls, is one mechanism by which we can establish trust between the employer and the employee. This is even more relevant for managed service organisations, where they are being trusted as the custodians and protectors of their clients’ business-critical information and systems.

Trusting the systems

Ensuring the integrity of the systems and data your business relies upon is key. Anything which undermines confidence in those systems needs to be addressed and there are a number of procedures which can improve the reliability of, and confidence in, those systems.

Ensuring correct change controls are in place for enhancements should ensure that nothing untoward is introduced into the live systems, however this needs to be backed up by robust testing from the correct stakeholders, with particular emphasis on integration testing, as nothing will erode trust in new systems faster than negative UAT or live issues.

We often see cases where functionality tested (and working) in isolation in pre-production systems does not “play well” with live data, or other functionality. Making sure that issues with integration are addressed before go-live will increase business confidence in the IT systems and the organisation which supports them.

The bottom line is: Ensure you have the processes in place to protect the people and systems your business needs, supported by the appropriate tools and you will improve the trust, truth and confidence in those people, systems and your own organisation.

Please feel free to comment on your own trust issues, or examples of what’s worked well using the link below:

View all Key Insights