Minimising Business Risk for a Commercial Aviation Provider with SAP S/4HANA Security

Challenge

During the recent implementation the team were looking to improve their internal security model. New to SAP, having previously deployed a non-SAP ERP, the firm needed to be able to monitor business risks within its new system.

There was a requirement to ensure that the system-controlled user access, to improve internal control and implement segregation of duties (SoD). SAP S/4HANA delivered substantially more access controls than SAP ECC6 and required more configuration within each application and transaction.

Solution

L3Harris contacted Turnkey Consulting to address this security requirement, to exploit their established experience with the SAP S/4HANA architecture.

“We needed access to expertise in SAP security controls as well as experience in SAP Fiori and SAP S/4HANA. Turnkey Consulting was recommended by our internal IT team, who had prior knowledge of the firm through SAP Forums,” explains Gini Gill, SAP Security Analyst, CTS, L3Harris.

A Turnkey security consultant was engaged for an initial period of three months to develop the firm’s role designs and incorporate SoDs into its SAP S/4HANA solution. The consultant quickly became the lead SAP security consultant and the engagement was extended to support the firm through to post go-live hypercare period.

Turnkey carried out a review of user roles and verified business process owners. Risks for potential SoD issues were identified and reported. The project team worked together to amend the roles and instigate a series of iterations for each business module. User acceptance testing (UAT) then took place, with further iterations to ensure the controls on each role were as efficient and effective as possible.

Following a successful go live, the hypercare period ran for approximately six weeks, during which time Turnkey remained in place with L3Harris to provide BAU support while the firm transitioned. Once this was complete, a hand-over took place.

“Turnkey analysed our roles in a logical way to ensure we get the most out of our application in terms of business-wide security and the right access and controls. The project was a real success and it’s testament to Turnkey that we’ve had very few authorisation issues from our user base since we went live,” highlights Gini Gill, SAP Security Analyst, CTS, L3Harris.

At present, the solution is being deployed at three of the L3Harris’ sites in the UK, with plans to roll it out further in the UK and internationally in the future.

Benefits 

• L3Harris has a secure set-up for its roles and responsibilities at the sites 
• The solution allows SAP S/4HANA to work seamlessly whilst effectively managing the firm’s business risks
•  The training and support received from Turnkey means that changes are easy to make, both for the UK and US support teams
• The solution has brought stability into the security and authorisations element of the firm’s SAP S/4HANA solution – “the implications of this not being in place are significant