Your SlideShare is downloading. ×
0
Risk free authorization provisioning with sap grc access control 10.0 @ the national lottery belgium
Risk free authorization provisioning with sap grc access control 10.0 @ the national lottery belgium
Risk free authorization provisioning with sap grc access control 10.0 @ the national lottery belgium
Risk free authorization provisioning with sap grc access control 10.0 @ the national lottery belgium
Risk free authorization provisioning with sap grc access control 10.0 @ the national lottery belgium
Risk free authorization provisioning with sap grc access control 10.0 @ the national lottery belgium
Risk free authorization provisioning with sap grc access control 10.0 @ the national lottery belgium
Risk free authorization provisioning with sap grc access control 10.0 @ the national lottery belgium
Risk free authorization provisioning with sap grc access control 10.0 @ the national lottery belgium
Risk free authorization provisioning with sap grc access control 10.0 @ the national lottery belgium
Risk free authorization provisioning with sap grc access control 10.0 @ the national lottery belgium
Risk free authorization provisioning with sap grc access control 10.0 @ the national lottery belgium
Risk free authorization provisioning with sap grc access control 10.0 @ the national lottery belgium
Risk free authorization provisioning with sap grc access control 10.0 @ the national lottery belgium
Risk free authorization provisioning with sap grc access control 10.0 @ the national lottery belgium
Risk free authorization provisioning with sap grc access control 10.0 @ the national lottery belgium
Risk free authorization provisioning with sap grc access control 10.0 @ the national lottery belgium
Risk free authorization provisioning with sap grc access control 10.0 @ the national lottery belgium
Risk free authorization provisioning with sap grc access control 10.0 @ the national lottery belgium
Risk free authorization provisioning with sap grc access control 10.0 @ the national lottery belgium
Risk free authorization provisioning with sap grc access control 10.0 @ the national lottery belgium
Risk free authorization provisioning with sap grc access control 10.0 @ the national lottery belgium
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Risk free authorization provisioning with sap grc access control 10.0 @ the national lottery belgium

1,339

Published on

In 2012, the National Lottery Belgium went live with SAP GRC Access Control 10.0 as one of the first Belgian companies. During the first half of 2013, the “Business Role Management” module (BRM) was …

In 2012, the National Lottery Belgium went live with SAP GRC Access Control 10.0 as one of the first Belgian companies. During the first half of 2013, the “Business Role Management” module (BRM) was implemented, further leveraging the “Analyze & Manage Risks” (AMR) and “Provision & Manage Users” (PMU) modules. The combination of these modules allowed the National Lottery Belgium to mitigate all open risks, provision business roles to HR positions (using business language) and implement fully workflow-driven approval processes for business role changes and business role assignments involving single role owners (process owners), business role owners (managers) and risk owners.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,339
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
25
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Risk free authorization provisioning with SAP GRC Access Control 10.0 @ the National Lottery Belgium Your logo Gert De Pauw The National Lottery Belgium Chris Walravens Expertum SAPience.be TECHday’13 1
  • 2. Agenda The Players Project Triggers / Challenges SAP GRC Access Control Implementation Phases Project Benefits SAPience.be TECHday’13 2
  • 3. The National Lottery Kanalisatie Wet van 19 april 2002 + het beheerscontract tussen de Belgische Staat en de Nationale Loterij: “sociaal verantwoordelijke en professionele aanbieder van spelplezier” met twee essentiële doelstellingen : • het spelgedrag kanaliseren en zo een alternatief bieden voor privé en/of illegale spelen • de bestaande gebruikers van loterijen en kansspelen aantrekken met een modern en aantrekkelijk aanbod, zonder evenwel de omvang van de markt uit te breiden Financiële steun aan organisaties en manifestaties van publiek belang: Grootste mecenas van België Op een verantwoorde manier • 225,3 miljoen euro aan subsidies rond de thema's sociaal, sport, cultuur, familie, wetenschap en nationaal prestige worden door de ministerraad goedgekeurd. Sinds 2002 stort de Nationale Loterij 27,44% van het globale jaarlijkse subsidiebedrag rechtstreeks aan de drie (Vlaamse, Franse en Duitstalige) Gemeenschappen. • Sociale of naamsponsoring van initiatieven ten voordele van de integratie en het welzijn van minderbegoede bevolkingsgroepen (b.v. Restos du Coeur, eindejaarsdiners, bezoeken aan evenementen en tentoonstellingen aan verminderd tarief) Actief en op een autonome manier bijdragen tot de preventie en behandeling van gokverslaving dankzij de steun aan initiatieven in die richting SAPience.be TECHday’13 3
  • 4. The National Lottery One of the biggest retail networks in Belgium 5240 Stores Independents working on commission and selling our products SAPience.be TECHday’13 4
  • 5. Delaware History • Founded in 1981; has been part of Bekaert, Andersen and Deloitte • Independent partnership since 2003 Today • 850+ professionals • Belgium, China, Singapore, France, Luxembourg, The Netherlands & US Recipe • Aligning business and technology • Combining strengths, delivering solutions Philosophy • Entrepreneurship, Care, Respect, Team spirit, Commitment SAPience.be TECHday’13 5
  • 6. Expertum History • Founded in April 2006 by 2 ex-SAP BeLux employees • Partnerships Today • Team of 50+ SAP Experts and Project Managers Mission • Exceed client expectations by providing top-quality expertise • Provide our people a safe environment for personal and professional growth Strength • Highly skilled & experienced SAP consultants in all SAP areas, combined with a wide industry knowledge in several domains SAPience.be TECHday’13 6
  • 7. Expertum Competence Areas Focus GRC team Project Management (PM) Supply Chain Management (SCM) Finance & Controlling (FI/CO) Business Intelligence (BI:BW/BO + HANA) Knowledge Management Product & Service Development Governance, Risk, and Compliance (GRC) • SAP Security & Authorizations • SAP GRC Access Control Product Lifecycle Management (PLM) Application Lifecycle Management (SolMan +NW) SAPience.be TECHday’13 • SAP GRC Process Control • SAP Identity Management 7
  • 8. Project Triggers / Challenges Transparency Segregation of Duties Automated Processes Monitoring & Reporting Audit Trails Risk Prevention Controlled Access Business Ownership SAPience.be TECHday’13 8
  • 9. SAP GRC Access Control Self service emergency access activation Centrally approve and manage emergency access or all SAP systems Detailed usage logs for comprehensive emergency access reviews Accurately identify and analyze access risk violations in real-time Remediate and mitigate conflicts for users and roles Continuously monitor access risks and user assignments across the enterprise Analyze & Manage Risks (AMR) Emergency Access Management (EAM) Business Role Management (BRM) Provision & Manage Users (PMU) Self service user access request process Preventive risk analysis in user provisioning Automated workflow for efficiently approving requests Streamline and automate reviews of user access Centralized business role management Enforced compliancy to format & SOD rules Automated role governance process involving business & technical owners SAPience.be TECHday’13 9
  • 10. SAP GRC Access Control First Belgian Company Using all 4 Modules SAPience.be TECHday’13 10
  • 11. Implementation Phases Analyze & Manage Risk Emergency & Access Management Provision & Manage Users Phase 2 Phase 1b Phase 1a 01/11/2011 01/07/2012 31/12/2012 SAPience.be TECHday’13 01/10/2013 11
  • 12. Analyze & Manage Risk Bridge Business - IT Analysis Engine Proactive Risk Analysis Root Cause Analysis Rule Set Detailed Reporting SAPience.be TECHday’13 12
  • 13. Emergency Access Mgmt Automated Notifications Logging Activities Controlled Access Only Approved Access SAPience.be TECHday’13 13
  • 14. Provision & Manage Users Automated Provisioning Audit Trails Role & Risk Ownership Eliminate IT Involvement Workflow Based Approvals Preventive Risk Analysis SAPience.be TECHday’13 14
  • 15. Implementation Phases SOD Remediation HR Trigger Approval Delegation Phase 2 Phase 1b Phase 1a 01/11/2011 01/07/2012 31/12/2012 SAPience.be TECHday’13 01/10/2013 15
  • 16. Intermediate Phase Delegation of Approvals Automated User Creation Clean-up of Access Rights Triggered by Onboarding SAPience.be TECHday’13 16
  • 17. Implementation Phases Technical role design Business role design (Composite roles) Position Based Security Business Role Management Phase 2 Phase 1b Phase 1a 01/11/2011 01/07/2012 31/12/2012 SAPience.be TECHday’13 01/10/2013 17
  • 18. Business Role Management Automated Notifications Transparency Automated Access Removal Workflow Based Approvals Embedded Risk Analysis Centralized Role Documentation Role & Risk Owners SAPience.be TECHday’13 18
  • 19. Risk Reduction SAPience.be TECHday’13 19
  • 20. Project Benefits Rule Set Transparency Segregation of Duties Workflow Based Approvals Bridge Business - IT Automated Processes Audit Trails Only Approved Access Logging Activities Monitoring & Reporting Clean-up of Access Rights Controlled Access Delegation of Approvals Analysis Engine Risk Prevention Root Cause Analysis Business Ownership Automated Notifications SAPience.be TECHday’13 Eliminate IT Involvement 20
  • 21. LEARN FROM THE EXPERTS info@expertum.net www.expertum.net/expertsessions SAPience.be TECHday’13 21
  • 22. Thank you! Gert De Pauw Chris Walravens Senior SAP Manager The National Lottery GRC Competence Lead Expertum +32 2 238 46 72 gert.depauw@nationale-loterij.be www.nationale-loterij.be +32 474 475 983 chris.walravens@expertum.net www.expertum.net www.expertum.net SAPience.be TECHday’13 22

×