Background

key
insights

Key Insights

Throughout our work, we've uncovered the most effective procedures, techniques, and methodologies for effectively delivering SAP Security and GRC solutions. We proactively share this knowledge through our Key Insights programme - a series of roundtables, webinars and thought leadership activities aimed at promoting discussion with peers and experts around best practice and to generate an informative forum for knowledge sharing.

Insight Events

SAP Security and Auditing Workshop

SAP Security and Auditing Workshop

Singapore

A 2-day SAP Security and Auditing training workshop will be conducted in Singapore by Turnkey Consulting on 30th - 31st March 2016. The workshop will cover SAP BASIS and IT general controls; Authorizations and SoD in SAP; and Business Process Controls in SAP purchasing process. Please email us at training.sq@turnkeyconsulting.com for more details or to register.

Read more
SAP Security and Auditing Workshop

SAP Security and Auditing Workshop

Singapore

A 3-day SAP Security and Auditing training workshop will be conducted in Singapore by Turnkey Consulting on 6th April - 8th April 2016. The workshop will cover SAP BASIS and IT general controls; Authorizations and SoD in SAP; and Business Process Controls in SAP purchasing process. Please email us at training.sq@turnkeyconsulting.com for more details or to register.

Read more

Expert insights

What is auditing?

FAQ Topic - SAP Auditing

Why does GRC action usage stats show usage of transactions that are not available to the user?

FAQ Topic - SAP GRC AC

FAQ Topic - SAP GRC PC

FAQ Topic - SAP GRC Risk Management

Service - Operational Effectiveness

Service - Strategy & Direction

Simon Persin

Data security – a barrier to GRC as a service?

4 Feb 2016

Posted by Simon Persin

 

 

 

When it comes to security of data, I believe it important to split the discussion between cloud and managed services. With cloud, there isn’t really a difference in traditional on-premise deployments. Regardless of whether the solution is hosted in your own data centre or someone else’s data centre, the requirements for securing the information remains the same. Business critical applications have been hosted in cloud based servers for many years and with the right level of encryption, this can be equally secure as a physical server.

Make a Comment
Tom Venables

Least Privilege: Stand up for your principles!

21 Jan 2016

Posted by Tom Venables

 

As you know, this principle states that users, programs and systems should be given the least privileges, access and authorisations required to complete a task or job. This can take the form of restricted roles in SAP, or simply locking down access to an employee’s computer so they can’t install software – in both cases, we’re restricting what they can do to minimise risk.

Make a Comment
Simon Persin

Cost – a barrier to GRC as a service?

13 Jan 2016

Posted by Simon Persin

 

 

 

 

Many people refer to “cloud” and “managed services” synonymously. However, in this instance, they are vastly different. Cloud computing has been around for a long time with organisations virtualising servers in order to run multiple applications from a smaller physical server estate. There are significant savings to be had by continuing to look for cheaper hosting rather than having to purchase physical servers for every sizing increase or application purchase.

Make a Comment

"The Key Insight sessions are an ideal way of sense checking your current ways of working."

Chris Haigh, Global SAP Security Specialist, Kimberly Clark Corporation & Chairman of SAP GRC User Group

"I found the session to be very useful, informative and well facilitated."

Olu Adeosun, Compliance Manager Enterprise Systems, BP plc

"The session I attended was indeed very interesting with a lively and stimulating round table discussion."

SAP Project Manager - Global Petrochemical company

"It was a well facilitated event, would happily recommend future events to others and would hope to attend again."

Mike Bonsor, Head of Project Management, SThree Plc

"I took away some good knowledge and would clear my diary to attend another one of the sessions."

Olu Adeosun, Compliance Manager Enterprise Systems, BP plc

"Key Insights added significantly to my knowledge of the topic discussed."

SAP Project Manager - Global Petrochemical company

"The points debated were most useful in applying to our own circumstances"

Mike Bonsor, Head of Project Management, SThree Plc

"Key Insights allows you to find out from others what does and does not work well."

Chris Haigh, Global SAP Security Specialist, Kimberly Clark Corporation & Chairman of SAP GRC User Group

"The points debated gave the opportunity to avoid pitfalls that others had made."

Mike Bonsor, Head of Project Management, SThree Plc

"The session I attended was indeed very interesting with a lively and stimulating round table discussion."

SAP Project Manager - Global Petrochemical company