The 4 Factors to a successful Security and

Segregation of Duties implementation in

PeopleSoft

Agenda

• Smart ERP Solutions, Inc

• 4 Factors

• Opportunities

• Handouts

• Q&A

About SmartERP

Oracle Platinum Partner

Best practices and expertise in strategic planning, implementation, upgrade and add-on / customization services

Unique blend of Solutions and Services

‘Clients for Life’ – High level of client satisfaction and loyalty

200+ Clients across various industries

350+ Employees

Global Locations:Headquarters in Pleasanton, CAOffices in Atlanta GA, Hyderabad, Chennai and Bangalore (India)

Founded in 2005 by former Oracle Architects, Executives and Consultants

Achieve Best-In-Class PerformanceOur mission is to provide innovative, configurable, flexible, cost-effective solutions

to common business challenges, enabling our clients to save time,

increase productivity, minimize costs, and maximize their return on investment.

SolutionsBusiness applications that

offer organizations an

end-to-end solution

providing the right design

and implementation from

start to finish.

ServicesA 24/7 seasoned and

experienced staff of

experts to help you

implement your business

solutions efficiently and

effectively at a cost-

effective rate.

CloudCloud applications

provide solutions built on

proven enterprise class

architecture that enable

high configurability and

ease of monitoring.

About SmartERP

Unique Smart Solutions Unique Smart Services

Employee Onboarding

Electronic Personnel Action and other HR Forms

E-Verify Integration with DHS

ERP Gadget for User Productivity / Experience

Embedded Analytics

Configurable advanced workflow on all transactions

Security/Segregation of Duties

Smart Doc’s such as Smart Voucher, Smart PO

ERP Implementations and Upgrades

Anything Oracle, some SAP and MS

Managed Services including PUM’s for PeopleSoft

Business Intelligence Services

Onshore/Offshore Services

Application and Database Management

Tax Automation Solutions

Oracle Cloud Consulting Services (SaaS, PaaS, IaaS)

Sample clients in various industries:

The 4 Factors

4 Factors

• Ownership

• Working Together

• The Process

• The ‘Outsiders’

Poll

Who owns the Access/SoD Reviews for you currently?

• Security

• Audit

• Functional Users/Managers

• A combination of the above

• None of the above

Ownership

• IT supports the Application

• Finance/HR own the Application

• Security secures the Application

• Audit want to know what has changed and if the Controls are effective

The Task of reporting and implementing Controls is

usually directed to IT/Security, with the question – “who

should be responsible instead?”

Working together

The answer - All of the above

• Steering Committee should be established

before starting this project.

• You need an Executive sponsor

• Business Users most heavily involved to

start with

• Be prepared to re-design Security

The Process

Decide who should have what and what should be removed.

Conflicts within a Role versus Conflicts across a Role

Exceptions granted – sometimes Users need to break the Rules

Create Vendor

Approve Vendor

Create Vendor &

Approve Vendor

Poll 2

• How do you manage security analysis and SoD currently?

• Third party Solution

• Manual based process

• No solution in place

• Don’t know

The Outsiders

Third party Vendors, Contractors

In all Access reviews by Smart ERP, third parties had open access in Production

User Accounts often generic, not tied to an individual

No point in securing Employees when the Outsiders can do what they want!

The Outsiders - Solutions

• Establish who from the third party is authorized to access your systems

• Remove ALLPAGES access, either:

– Implement Break-glass, give specific access when required

– Implement specific access for key personnel

• Auditing too difficult to switch for all of user activity

Opportunities

• Software – Capital Expenditure, Training and self deployment

• Software as a Service – recurring fees to include services for deployment, management and advisory

• 100% Service – No software to be deployed, you send the data for review

Effective Segregation of Duties

SoD

Proactive SoD

Reactive SoD

Mitigation

Written in Peopletools

Software, Service or Both

Over 100 Rules for FSCM,

Over 45 for HCM

Role level

• Create matrix of all active system roles

• Identify all roles that should not be linked to the same user

– Such as purchasing and payments

Permission List / Business Process level

• Include Application security & processing options

• Add to / modify as needed

Component / Page and User Preference level

• Add in any custom or modified processing

• If creating your own rules

– Start with most important controls & gradually add to them

Creation of SoD Rules

Over 200 Rules across FSCM and HCM

Pre-defined and ready to use on Day 1!

Analytics and Reports

• Gain insight into Users with too much

access

• Mitigate Users who need access or to

break a Rule

• View SoD and Access results over time

with trending information

Security Analysis Services

Extract your Data or deploy the software on-premises with services to manage the process.

Objectives: Identify the issues and provide the easiest root cause analysis

Example Security Analysis

Violations by Role Report

Establish which Roles

are responsible for

granting Access in

PeopleSoft

Q&A

• Please send any questions using the Questions feature

• Recordings and Slides available

• Want to discuss your Security and planning?

• Copy of the Analysis available on request

Next Webinar

Register: http://www2.smarterp.com/smartI9webinar

For more informationsmarterp.comsmartonboarding.comanalytics.smarterp.com