GRC Expert

SAP governance, risk and
compliance — concepts, technology,
and best practices

Part of the
SAP Experts
knowledgebase

This article was printed from the GRC Expert knowledgebase. You can find the original version here: http://www.grcexpertonline.com/article.cfm?id=4502

Reproduction of this article is strictly prohibited.

Combat Chaos with a Lock-Down Security Policy in 12 Key Areas of Your SAP Environment

by Kehinde Eseyin, Systems Support Manager, TOTAL Nigeria PLC, Nigeria (June 2009)

Security policies and procedures should be a central concern of all employees of an organization. Review important areas of the SAP ERP system that has to be driven by effective security policies.

Key Concept

A security policy is a formal statement of principles, rules, goals, and objectives of an organization aimed at securing the assets of the company and reducing process variation via effective procedures that define best practices for achieving specific tasks.

To establish internal controls, you need to define and document security policies and procedures that clearly state what should be done, how it should be done, when it should be done, and by whom it should be done.In an integrated system such as an SAP ERP system, processes are closely related, if not totally interwoven, and information is centrally processed. A security flaw at any stage is capable of undermining the integrity of the system.

SAP security policies are made up of a set of standards and procedures that are required for implementing security and control in an SAP environment. The essence of SAP security policies and procedures is to keep users abreast of their obligations, especially as they relate to transaction processing, access control, management, and system administration in SAP systems.

I’ll point out the 12 key subject areas in which you need to define security policies and procedures in your SAP system.

Would you like to see the full version of this article?

If you are an electronic license holder to GRC Expert, please click here to log in.

If you would like information about becoming an electronic license holder — and having 24/7 unrestricted access to all articles and content in the GRC Expert online knowledgebase — click here to see the available subscription options.

Or call 1-781-751-8799 to speak directly with a subscription and licensing specialist about customized access for you and your team.

Isn't your SAP implementation worth world-class information support?

Copyright © 2010 Wellesley Information Services. All rights reserved. Email: customer.service@grcexpertonline.com.
GRC Expert, 20 Carematrix Drive, Dedham, MA 02026, USA.
Sales and Customer Service: 1-781-751-8799
SAP and the SAP logo are trademarks or registered trademarks of SAP AG in Germany and several other countries.