Managing SAP security is not a simple task. It requires enforcing controls at multiple levels. However, security is often an afterthought in many SAP implementation projects.
Adequate focus may not have been placed on designing appropriate and compliant security controls, or security testing may have been compromised due to time or budget constraints.
How we can help
Turnkey offers two SAP risk assessment options that help organisations address these challenges by providing a current view on your security model and a tailored high-level roadmap to increase your security risk posture:
The SAP Access Risk Assessment
This is primarily focused on risks related to user access in SAP systems and covers Segregation of Duties (‘SoD’) risks as well as sensitive and critical access risks. This also covers a high-level assessment of SAP role design, access to privileged access in SAP and user/role management procedures.
The SAP Cybersecurity Risk Assessment
This primarily focuses on cybersecurity risks in your SAP platform, including security configurations, security vulnerabilities, missing patches, interface controls, and custom code security.
The three options for the SAP Access Risk Assessment
- One-time SAP access risk assessment covering both SoD risks as well as sensitive/ critical access risks along with actual execution details
- Out Of The Box (‘OOTB’) ruleset
- One SAP production system
- Assessment of your SAP user and role administration processes
- SAP security roadmap covering areas of highest priority, tailored to your organisation
- Detailed data allowing you to take remediation actions
- Approx. 2 – 3 weeks
- Quarterly SAP access risk assessment
- One-time ruleset customization
- Maintain Mitigation Control (‘MC’) risk register
- Continuous SAP access risk assessment
- Access to SAP access risk compliance dashboard
- Preventive controls (i.e., access request workflow with preventive access risk assessment)
- Emergency access manager with activity logs
- Periodic SAP User access review manager
The three options for the SAP Cybersecurity Risk Assessment
- One-time SAP cybersecurity risk assessment covering almost 2,000 checks and missing security patches
- One SAP production system line
- Overview of risks in your SAP interfaces
- A security roadmap covering areas of highest priority, tailored to your organisation
- Approx. 2 – 3 weeks
- Three SAP production system lines
- Quarterly SAP cybersecurity risk assessment
- Automated implementation of missing SAP security notes (where possible)
- Continuous SAP cybersecurity risk assessment
- Custom SAP code security review
- Real-time SAP cybersecurity threat assessment
- Integration with your SIEM solution
Get in touch
Fill out this contact form, and we'll get in touch to discuss our SAP Risk Assessment packages in more detail.