Recognising the critical need for a robust and streamlined access management framework, Ørsted embarked on a pivotal migration project from SAP Identity Management (IDM) to SAP Governance, Risk, and Compliance (GRC) for Access Provisioning. Ørsted had previously relied on SAP IDM for access provisioning.
With SAP IDM’s impending decommissioning, however, the organisation sought to transition to SAP GRC for enhanced capabilities and efficiency.
The transition presented Ørsted with a series of multifaceted challenges. Firstly, the impending decommissioning of SAP IDM necessitated swift action to ensure continuity in access provisioning processes.
Secondly, the intricate automation interplay between SAP IDM and SAP GRC posed complexities, particularly concerning risk analysis during access provisioning.
Additionally, the operational landscape was burdened by the maintenance and troubleshooting demands associated with managing multiple portals.
Ørsted commenced a transformative migration project, partnering with Turnkey to fortify its SAP network with a comprehensive security and access management solution. Before this initiative, Ørsted’s GRC landscape included modules such as Access Risk Analysis and Emergency Access Management (EAM). As part of the transition, Ørsted aimed to incorporate four new modules: Business Role Management (BRM), Access Request Management (ARM), User Access Review (UAR), and SoD Risk Review to augment its access management framework.
Collaborating closely with Ørsted, Turnkey meticulously aligned services to meet Ørsted’s unique business requirements. Through a series of workshops involving the Ørsted team, Turnkey gathered comprehensive information to define access provisioning workflows, streamlining of role methodology, and enablement of user and SoD review.
Another aspect of the solution involved the redesign of Ørsted’s Segregation of Duties (SoD) Ruleset within SAP GRC. Recognising the importance of mitigating access risks, Turnkey thoroughly reviewed and updated the SoD ruleset, using the industry’s best practices to address potential inadequacies and strengthen Ørsted’s defences against access risks.
Furthermore, Turnkey implemented Fiori apps for GRC AC, enhancing user experience and accessibility, fostering intuitive interaction paradigm. This seamless integration empowered users to navigate the access management framework with ease, marking a significant milestone in Ørsted’s security and access management strategy.
Revolutionising access management across the organisation With Turnkey’s support, Ørsted underwent a transformative migration to SAP GRC for Access Provisioning, a significant milestone in its access management framework.
This implementation swiftly empowered Ørsted to automatically identify across its entire SAP ecosystem. The addition of SAP Fiori further enhanced reporting capabilities, offering a user-friendly interface tailored for users at all levels to access SAP Access Control functionalities seamlessly.
Together, Turnkey and Ørsted migrated over 6,000 end users to SAP GRC, involved key users from testing phase onwards and provided training for a seamless transition. This project effectively transformed Ørsted’s enterprise-wide access provisioning, significantly reducing lead times and boosting operational efficiency. Turnkey developed comprehensive reporting and intuitive dashboards for stakeholders to monitor compliance initiatives effectively.
The automated User Access Review (UAR) and SOD Risk Review processes implemented through SAP GRC ensured that user authorisations aligned seamlessly with their roles and responsibilities (UAR) and remediating or mitigating risks (SOD Risk Review) effectively. This migration enables Ørsted to meet regulatory standards and internal policies with ease, ensuring access, visibility, and transparency organisation-wide.