Upload File

grc components

4

Click here to load reader

Upload: krbkcl

Post on 20-Apr-2015

30 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: GRC Components

GRC Components– Work module of GRCGRC

Compliant User Provisioning

Compliant User Provisioning (CUP) is a capability of SAP GRC Access Control. It provides compliant user

provisioning across enterprise systems. Included are access request self-service, approvals, compliance checks,

proactive resolution of access controls, and provisioning.

CUP also provides standard reports.

Both CUP and RAR capabilities introduce a configurable reporting data mart that enables customized reporting by

integrating your reporting tool of choice.

The data mart extracts the relevant data from the RAR and CUP and converts the data for reporting purposes

The data mart is nonhistorical

Data mart schema are published, which enables customers to integrate with any reporting tools.

CUP combines predefined roles and permissions with configurable workflow capabilities, thus automating and

expediting user provisioning throughout an employee’s lifecycle with the company.

CUP prevents violations of separations of duty (SoD) and helps to ensure corporate accountability and compliance

with Sarbanes-Oxley, and other laws and regulations.

Users can request system access using a context-based selection of role descriptions that are defined using the

Enterprise Role Management (ERM) functionality, another capability in the SAP BusinessObjects Access Control

application.

When a user requests access to a system, CUP automatically forwards the access requests to designated managers

and approvers within a predefined workflow that is customized for the enterprise. The CUP workflow engine

considers the functional responsibility of the requestor and the type of access request being made, and automatically

determines the appropriate routing for access approval.

CUP prevents access-approval delays by routing requests to back up approvers when primary approvers are

unavailable or have not responded.

CUP automates the following user provisioning activities:

Creating users

Changing users

Deleting users

Locking/Unlocking users

Resetting user passwords

Assigning roles to users

Removing and changing role validity for users

User access review

=======================================

Risk Analysis and Remediation

Page 2: GRC Components

The Risk Analysis and Remediation (RAR) capability is a fully automated rules-based security audit and segregation

of duties (SoD) analysis tool used to identify, analyze, and resolve risk and audit issues that relate to regulatory

compliance.

Features

The Risk Analysis and Remediation capability:

Enables all key stakeholders to work in a collaborative manner to build ongoing SoD risk and audit compliance

at all levels. This compliance includes User, Role, Profile, and HR Object levels.

Empowers security administrators, business process owners and internal auditors to prepare their SAP

systems, and all other systems, for an audit.

Provides user friendly summary and drill-down reports, making the identification and resolution of Risks and

audit issues a painless process.

o RAR produces Risk Analytical Reports for selected users, user groups, roles, and profiles, allowing user

administrators to identify potential risk issues before assigning a new role to a user, group or profile.

o RAR produces reports on critical actions, critical permissions, critical roles, and profiles.

Introduces a configuable reporting data mart that enables customized reporting by integrating your reporting

tool of choice (for both RAR and CUP):

o The data mart extracts the relevant data from the RAR and CUP and converts the data for reporting

purposes

o The data mart is nonhistorical

o Data mart schema is published, which enables customers to integrate with any reporting tools.

Includes an expandable starter set of rules, and enables risks to be identified and created in the system so that

an administrator can correlate them with functions and associate each function to a business process. And

then, the Risk Analysis and Remediation capability generates the rules to offset your identified risks, thus

building on your rule set.

Provides comprehensive risk management functionality and powerful, easy to use, functionality to document

Risk Mitigation Controls.

o RAR enables you to perform a risk analysis to identify risks associated with a user, role, profile, or HR

object. If you cannot eliminate a risk, you can use the capability to define mitigation controls. You also

define monitors and approvers, assign them to specific controls, and create business units to help

categorize mitigating controls.

Uses custom tables to store SoD data. It also ensures there is no interference with existing security processes

and procedures.

=============================

Enterprise Role Management

Enterprise Role Management (ERM) is a capability of the GRC Access Control application. The other Access Control

capabilities interact with ERM.

Enterprise Role Management automates the definition and management of roles, allowing you to manage enterprise

roles with a single unified role repository. The roles can be documented, designed, analyzed for control violations,

approved, and then automatically generated.

Page 3: GRC Components

This capability enables preferred practices to ensure that role definitions, development, testing, and maintenance are

consistent across the entire enterprise.

ERM provides SAP security administrators, role designers, and role owners with a simplified means of documenting

and maintaining important role information for better role management.

The features include:

Tracking progress during role implementation.

Monitoring the overall quality of the implementation.

Performing risk analysis at role design time.

Setting up a workflow for role approval.

Providing an audit trail for all role modifications.

Maintaining roles after they are generated to keep role information current.

=========================

Superuser Privilege Management

In emergencies or extraordinary situations, Superuser Privilege Management, a capability of SAP GRC Access

Control, enables users to perform activities outside their roles under Superuser-like privileges in a controlled,

auditable environment.

A temporary ID is assigned that grants the user privileged, yet regulated, access. This transfer of privileges from one

person or role to another is called firefighting. Such a firefighting event might occur, for example, if an employee is

injured and another employee has to perform the injured employee’s duties.

Superuser Privilege Management is an ABAP and Web-based capability that tracks, monitors, and logs the activities

that are performed by a Superuser with a privileged user ID. Superuser Privilege Management also automates

firefighting tasks such as defining firefighter IDs and assigning owners and controllers.

This capability is a back-end systems activity with limited interfacing to Compliant User Provisioning where related

reports may be generated. For reports and other information, see the Compliant User Provisioning topics in this

application help.


IBM OpenPages GRC Platform Version 6.2.1: Report Author's ...public.dhe.ibm.com/.../6.2.1/Report_Authors_Guide.pdfThe IBM Cognos 10 Business Intelligence components available include:

GRC ITD TOPICS FOR CFP#12 - Clean · PDF fileOptimised helicopter fuselage design provided by GRC consortium Existing reference model components and ... inside a simulated aircraft

SAPience 20151201 SAP GRC Integration · PDF fileAgenda Setting the scene GRC – IdM integration GRC – IdM demo GRC – Solution Manager integration Q&A 2 SAP GRC Identity Management

Resumen GRC

NEW BOUNDARIES - The Straits Times...Jul 25, 2015  · Marsiling-Yew Tee GRC Sembawang GRC Nee Soon GRC Ang Mo Kio GRC Pasir Ris-Punggol GRC Tampines GRC East Coast GRC Aljunied GRC

GRC Alsace MOPA GRC 31 mars 2016

ARCHITECTURAL GLASS REINFORCED CONCRETE - GRC … GRC July 2011.pdf · THE WORLD OF GRC Glass Reinforced Concrete (GRC) ... (GRCA) Specification recognises three grades of GRC, Grade

Building an Effective GRC Process with TrustedAgent GRC

Glassfibre Reinforced Concrete (GRC) - GRC - Gulf · PDF fileGlassfibre Reinforced Concrete (GRC) Glassfibre Reinforced ... GRC gives the architects a unique and unrivalled opportunity

SAP GRC Online Training | SAP GRC tutorials | SAP GRC TRAINING COURSE, USA

Roberts GRC

GRC Annual Meeting & GEA GeoExpo+ - GRC Sponsorships

We Implement GRC Solutions Using Oracle GRC Applications Oracle Independent Consultants Oracle GRC Professionals 5/1/2015We Implement GRC Solutions Using

SAP Access Control 10.1 Master Guide - SAP Help Portal · PDF fileOptional GRC 10.1 Java Components SAP GRC AC Portal Plug-in Back end systems Integration of SAP Access Control with

Demystifying GRC - The GRC Bluebook · PDF fileDemystifying GRC Understanding Governance, ... GRC is an acronym describing an integrated approach to ... Oracle

Insights on grc grc technology au1488

GRC Annual Meeting - GRC Sponsorships

GRC Krawangan GRC Kepala Kolom GRC Cover Menaragrcbangunpersada.com/wp-content/uploads/2014/11/Product-Catalogu… · grc kubah grc lisplank grc cladding grc kepala kolom grc cover

GRC Applications Overview/ NCOAUGesoaug.communities.oaug.org/.../Presentations/GRC_Apps_Overview.pdfGRC Applications Overview/ NCOAUG ... Oracle GRC Process Management GRC Application

SAP GRC bei E.ON. - Riscomp · SAP GRC Access Control 22 SAP GRC bei E.ON – SAP GRC Forum 2014 Konsolidierung zweier GRC AC 5.3 Systeme in ein GRC AC 10 System Ein GRC Mandant für

Implementing a GRC Solution to Manage and Enhance Auditing ... · GRC Implementation - Roadmap 1. Review your GRC framework to iden tify existing components and gaps 2. Select a GRC

SAP GRC bei E.ON. - Riscomp | Your GRC Experts · Inhalt. 1. Überblick E.ON 2. SAP GRC Process Controls 3. SAP GRC Access Controls 2 SAP GRC bei E.ON – SAP GRC Forum 2014

GRC Base Parcel GRC Base Point

School of Health Studies Building - GRC … · School of Health Studies Building GRADE 18 GRC ADVANTAGES n ... GRC fixing detail ... particularly Grade 18 engineered GRC cladding

SAP GRC 10.1 - Access Control Project Lessons · PDF fileSAP GRC Components Implemented 4 SAP User Process Controls * Provision & Manage Users (PMU) Analyze & Manage Access Risk (AMR)

GRC LeaderCon - GRC Software for Risk, Compliance, and Audit

Implementing an integrated GRC approach with SAP GRC · PDF fileImplementing an integrated GRC approach with SAP GRC Sumit Sanyal(PwC) GRC Conference 26. November 2013 in Moscow

Grc Whitepaper

GRC Foundation: Transforming Data to Information · Navigating Your GRC Journey MetricStream GRC Summit Europe 2014: Case Study GRC Foundation: Convergence and Alignment The objective

New GRC Additive Manufacturing Strategic Vision · 2019. 8. 31. · – Inconel 625 • Additively Manufactured Turbomachinery Components – Gamma’ Nickel-base superalloys. Materials

ESPECIFICACIONES GRC

2015 GRC MATURITY SURVEY - Workiva | Cloud Platform€¦ · An OCEG Benchmark on GRC Maturity within Organizations 2015 GRC MATURITY SURVEY HOW THE APPROACH TO GRC STRATEGY & …

GRC Additive Manufacturing Strategic Vision - NASA · GRC’s Roles in Additive Manufacturing of Metallic Components GRC POC: Susan Draper • Characterization Database for Additively

Calumex grc

Auf dem Weg zum GRC - · PDF fileAuf dem Weg zum GRC – 27.10.2009 17 GRC Architecture ... GRC Reference Framework General Template based on KPMG 2009. Auf dem Weg zum GRC –