CSItools MetaBlogHeader2018 20180518 v03

  • You are here:  
  • Home
  • Meta's Blog Home

Protection of personal data for GDPR within SAP

Details
Published: Wednesday, 15 June 2016 11:17

The European Commissions’ regulation for data protection rules (GDPR - General Data Protection Regulation, AVG in Dutch) in the EU shall apply from 25 May 2018. The objective of this new set of rules is to give control back to citizens over their personal data and to simplify the regulatory environments for business in the EU. SAP systems contain business critical and sensitive data including personal data which needs to be protected. Companies must follow GDPR rules for their SAP systems to ensure they are protecting Personally Identifiable Information (PII). 

According to the new GDPR regulations, a breach of data protection occurs if an employee gains access to data that is not required for their occupational activity. This blog defines the four steps on how to protect this data for SAP systems and get and remain compliant for GDPR.

(SOx) Governance, Risk and Compliance with CSI tooling

Details
Published: Thursday, 02 July 2015 11:52

Due to pressure of local regulatory compliance issues and/or corporate governance demands there is a growing awareness of Governance Risk and Compliance among executive management. Use CSI tools to document all (SOx) governance principles on the fly, test and get insight in the status of the current access governance and remediate the risks.

SAP support packages keeping me busy

Details
Published: Tuesday, 05 May 2015 10:14

A patch is a code-correction for a specific version of an SAP product. Support Packages are a collection of one or more patches. We all have experienced the time and work that can come with implementing new SAP support packages. I would like to take the support packages that are related to transaction codes as an example.

Role building with (non) organizational values in SAP

Details
Published: Tuesday, 17 March 2015 13:33

All role administrators are familiar with the challenges that come with making a SAP role concept efficient and effective. Since organizations are always changing, the role concept must be easy to adjust to these changes as well. SAP has some features to help role building and maintenance like master – derived roles, single and composite roles.

CSI Authorization Auditor instead of manual control

Details
Published: Friday, 23 May 2014 14:01

Due to pressure of local regulatory compliance issues and/or corporate governance demands there is a growing awareness of Governance Risk and Compliance among executive management. But what do we need to do to get (and stay) in control?

Reverse Engineering for the SAP security concept

Details
Published: Thursday, 01 May 2014 13:29

Is the organization secure with the current set up of the roles in SAP? Are your users happy with the assigned authorizations? If they are, the auditor probably is not happy with the assigned authorizations to the roles and users.

Maybe there are already plans to redesign the current authorization concept? How easy would it be if you can redesign the authorization concept with reverse business engineering? Instead of thinking and designing which authorization should be included in which role from scratch, just have a look at the authorization the users have and analyze the functionality the users have been using (or wanted to use) based on the executed transactions and assign these needed authorizations to the roles.

How to perform critical authorizations and SoD checks in SAP systems

Details
Published: Friday, 28 February 2014 14:45

This blog describes how you can set up the Segregation of duties (SoD) analysis for the SAP security concept. I compare 2 methods. The first one is using the standard SAP report RSUSR008_009_NEW and the second one is using CSI Authorization Auditor.

Who is doing what in your SAP system?

Details
Published: Friday, 27 December 2013 11:39

People who are using a SAP system all know the term "transaction code". SAP data is restricted using role based access controls. Users that get access to the SAP system via a Graphical User interface (I include portal-like functionality just to keep it simple) and the restriction of SAP table data for the users is managed by the assigned authorizations of this user.  If users want to have access to functionality in the SAP system, the transaction code is the front door to get access to this functionality.

Fine tuning your GRC filter set with Custom transactions

Details
Published: Tuesday, 10 December 2013 13:47

Sometimes it is necessary to create new (custom) transactions in the SAP systems. These customized transactions should always be taken into account when doing an audit/analysis on the authorizations concept.How to identify the authorization checks for these custom transactions?

Display roles - are they really display only?

Details
Published: Monday, 04 November 2013 13:26

Sometimes I come across roles within the SAP system that are setup and assigned as a display role. However, when further analyzing the roles it seems that the roles are not really display roles (any more). The first focus while setting up display roles is probably removing the non display ACTVT values for the corresponding authorization objects. The list of ACTVT values and meaning of the values can be found in table TACT.

Cookies help us with providing you our services. By using our services, you agree with our use of cookies.
OK Decline
More information