03 Service

Business processes documented and confidential data processed by the SAP systems of a company must be protected against falsification, improper use, and theft. For more than 20 years, I have offered the following services supporting you in the field of user and authorization management, depending on business specific requirements:

  • SAP authorization concepts (ERP, S4 HANA)
  • Governance, Risk & Compliance (GRC, SAP)
  • Identity Management (GRC, SAP, SUIM)
Performance of a risk analysis and subsequent review

Through a comprehensive preliminary investigation, I will analyze system security and authorization aspects, as well as current business processes with reference to relevant guidelines – e.g. the Sarbanes-Oxley Act. I will support you in complying with legal provisions such as the generally accepted accounting principles (GAAP) and in achieving GR compliance. Results of the preliminary investigation will be documented in a detailed report. Based on this document, measures and strategies will be suggested to eliminate the detected risks and other business-specific threats, with the purpose of achieving a sustainable security level.

Creation of an authorization concept

According to the operational processes of your business, an individual authorization concept based on segregation of duty rules and other internal provisions and regulations will be created. Which user has access to what data; which information may be accessed globally and which may be used only locally? Such questions and authorization issues must be solved in a sustainable fashion, since they may be essential for the success of any globally active enterprise.

Support of roles and users during and after installation and configuration of the authorization concept

A complex SAP authorization system requires regular care even after implementation. Authorization reviews and the performance of internal audits are processes arising from daily business activities using authorizations. I will gladly support you in the care and further development of your authorization landscape.