SlideShare a Scribd company logo

GRC DEMO 12.pptx

Download as PPTX, PDF
F
fathimashaik86

GRC 12 TRAINING DEMO

Technology
1 of 25
GRC Training Fathima Shaik Ankalu Maddika Aamod Chembukar July 20, 2023
Agenda - GRC 12 Upgrade Landscape of GRC Introduction to Governance, Risk and Compliance Components of GRC GRC Access Control Components Configuration of GRC AC
Governance, Risk and Compliance
What is SAP GRC?  SAP GRC is an integrated set of applications that enable companies to manage its risks and controls in real time across the enterprise  Compliance with regulations / obligations through better risk management  Establishment of necessary governance to carry out risk assessment, controls , mitigating actions and monitoring  Management of series of activities from information access management to process risk controls with a streamlined, cost effective approach Governance Risk Complian ce
GRC - Governance, Risk & Compliance Governance : ensuring how an organization is run by the people in charge complete & accurate management information & providing controls on the execution of management strategies Risk : Identifying and considering events or situations that could impact on the achievement of objectives related to strategic choices, your economic environment, injury & loss, data leakage, external factors, that may jeopardize the realization of the organization‘s. Compliance: ensuring external laws and regulations and internal policy directives are being complied with at a level consistent with corporate morality and risk tolerance with financial & trade regulations, data privacy legislation, contractual agreements.
GRC Landscape
ACCESS CONTROL COMPONENTS
SAP GRC Introduction to Components of Access Control: • Access Risk Management (RAR) • Access Request Management (CUP) • Business Role Management (ERM) • Emergency Access Management (SPM)
SAP GRC Access Request Management: ‒ Define the Workflows for Access Request ‒ Define the Agents / Process /Rule ID’s ‒ Standard Configuration / MSMP Workflows ‒ Customization of Access Request Management ‒ Business Process / Sub-Process /Functional Area / Roles /Role Owners
Access Risk Analysis a. Configuration of Access Risk Management b. Global SOD Matrix – Risk Rules c. SOD Review d. Mitigation Process< e. Remediation Process f. Customization of Access Risk Management g. Monthly Reports h. Weekly Reports i. Review the Risk Analysis Reports j. Business Process Owners / SOX Controllers /SOX Audits
Business Role Management: a. Define the Methodology b. Define the Workflow for Role Maintenance c. Business Process / Sub-Process /Functional Area / Roles /Role Owners d. Customization of Business Role Management
Emergency Access Management: a. Configuration of Emergency Access Management b. Define the FF ID, FF Owner, FF Controller c. Define the Workflow for Super User Access / Configure Log Reports
EMERGENCY ACCESS MANAGEMENT
Emergency Access Management Terminology The following concepts have not changed since the previous release and are mentioned here for completeness: • Firefighter: User requiring emergency access • Firefighter ID: User IS with elevated privileges; it can only be accessed in the GRC srver using tcode GRAC_SPM • Firefighting : The act of using a Firefighter ID • Owner: User responsible for a firefighter ID and ther assignment of controllers and firefighters. • Controller: Reviews and approves (if necessary) the log files generated by a firefighter.
Emergency Access Management Firefighter Application Types • ID Based Firefighter: The firefighter ID created in the remote system will be assigned to the user in the GRC system, either manually or via an access request. The firefighter accesses their assigned firefighter ID in the GRC srver using the SAP GUI and tcoe GRAC_SPM. The firefighter ID for all remote systems assigned to the firefighter will be accessed from this transaction. • Role Based Firefighter: The fire fighter roles created in the remote system will be assgined to the user in the GRC server. The firefighter directly logs into the remote system using their user id and performs activities which are provided in the uesr's role and firefighter role assigned to the user. • This is configured in IMG using parameter 4000(Application Type) • Only one application type can be configured at a given time.
Architecture Remote Component: Plug-in • There is a component called plug-in which is installed in the remote system • Emergency Access Management accesses the plug-in using RFC
Centralized Firefighting Overview Access Control 10.0 provides a centralized logon pad for accessing the firefighter IDs in all connected backend systems. • The centralized logon pad allows: • Displaying all firefighter ID assigned to the user • Logging in to all connected backend systems • Sending messages to other firefightes who are using a specific firefighter ID • Unlocking a firefighter session not closed properly
Configuring a firefighter ID Step Summary • Emergency Access Management Configuration • Maintain Owners and Controllers in Central Owner Maintenance • Assign Owners to Firefighter IDs • Assign Controllers to Firefighter IDs • Assign Firefighter Users to Firefighter IDs • Maintain Reason Codes • Monitoring Emergency Access • Review a Log Report
ACCESS REQUEST MANAGEMENT
ACCESS RISK ANALYSIS
ACCESS RISK ANALYSIS

Recommended

How can managed services improve your SAP security and compliance? [Webinar]
How can managed services improve your SAP security and compliance? [Webinar]How can managed services improve your SAP security and compliance? [Webinar]
How can managed services improve your SAP security and compliance? [Webinar]
akquinet enterprise solutions GmbH
 
What if a hacker has already broken in when your IT auditor is at the door? H...
What if a hacker has already broken in when your IT auditor is at the door? H...What if a hacker has already broken in when your IT auditor is at the door? H...
What if a hacker has already broken in when your IT auditor is at the door? H...
akquinet enterprise solutions GmbH
 
Ascent overview deck_sep_25_2013
Ascent overview deck_sep_25_2013Ascent overview deck_sep_25_2013
Ascent overview deck_sep_25_2013
Bindu Rathore
 
SAP GRC
SAP GRC SAP GRC
SAP GRC
Kellton Tech Solutions Ltd
 
shravan
shravanshravan
shravan
shravan kumar
 
AdaptiveGRC_Solution_Overview
AdaptiveGRC_Solution_OverviewAdaptiveGRC_Solution_Overview
AdaptiveGRC_Solution_Overview
Rob Johnston, MBA
 
081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc
hkodali
 
Enterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slidesEnterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slides
EnterpriseGRC Solutions, Inc.
 

Recommended

How can managed services improve your SAP security and compliance? [Webinar]
How can managed services improve your SAP security and compliance? [Webinar]How can managed services improve your SAP security and compliance? [Webinar]
How can managed services improve your SAP security and compliance? [Webinar]
akquinet enterprise solutions GmbH
 
What if a hacker has already broken in when your IT auditor is at the door? H...
What if a hacker has already broken in when your IT auditor is at the door? H...What if a hacker has already broken in when your IT auditor is at the door? H...
What if a hacker has already broken in when your IT auditor is at the door? H...
akquinet enterprise solutions GmbH
 
Ascent overview deck_sep_25_2013
Ascent overview deck_sep_25_2013Ascent overview deck_sep_25_2013
Ascent overview deck_sep_25_2013
Bindu Rathore
 
SAP GRC
SAP GRC SAP GRC
SAP GRC
Kellton Tech Solutions Ltd
 
shravan
shravanshravan
shravan
shravan kumar
 
AdaptiveGRC_Solution_Overview
AdaptiveGRC_Solution_OverviewAdaptiveGRC_Solution_Overview
AdaptiveGRC_Solution_Overview
Rob Johnston, MBA
 
081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc
hkodali
 
Enterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slidesEnterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slides
EnterpriseGRC Solutions, Inc.
 
Adaptive grc life_sciences_case_study
Adaptive grc life_sciences_case_studyAdaptive grc life_sciences_case_study
Adaptive grc life_sciences_case_study
Rob Johnston, MBA
 
GLOBAL LIFE SCIENCES COMPANY USES ADAPTIVEGRC SUITE TO MANAGE RISK & COMPLI...
GLOBAL LIFE SCIENCES COMPANY USES ADAPTIVEGRC SUITE TO MANAGE RISK & COMPLI...GLOBAL LIFE SCIENCES COMPANY USES ADAPTIVEGRC SUITE TO MANAGE RISK & COMPLI...
GLOBAL LIFE SCIENCES COMPANY USES ADAPTIVEGRC SUITE TO MANAGE RISK & COMPLI...
D. Scott Clark
 
VEHICLE MANAGEMENT SYSTEM
VEHICLE MANAGEMENT SYSTEMVEHICLE MANAGEMENT SYSTEM
VEHICLE MANAGEMENT SYSTEM
Kalpam Srivastava
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
Tuan Phan
 
GRC
GRCGRC
GRC
BearingPoint
 
Integrated GRC
Integrated GRCIntegrated GRC
Integrated GRC
Transcendent Group
 
Presentaion final
Presentaion finalPresentaion final
Presentaion final
M Shehan Perera
 
Leveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on securityLeveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on security
Mike Lemire
 
Chase Cooper Overview
Chase Cooper OverviewChase Cooper Overview
Chase Cooper Overview
Aoife Brennan
 
Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15
Jay Steidle
 
How much does it cost to be Secure?
How much does it cost to be Secure?How much does it cost to be Secure?
How much does it cost to be Secure?
mbmobile
 
ERP Security as a Service 2017
ERP Security as a Service 2017ERP Security as a Service 2017
ERP Security as a Service 2017
Jane Jones
 
Enterprise Governance Risk and Compliance (GRC) Management Solution in India
Enterprise Governance Risk and Compliance (GRC) Management Solution in IndiaEnterprise Governance Risk and Compliance (GRC) Management Solution in India
Enterprise Governance Risk and Compliance (GRC) Management Solution in India
LexComply
 
aCCelerate Brochure
aCCelerate BrochureaCCelerate Brochure
aCCelerate Brochure
annaliselythgoe
 
Crafting an End-to-End Pharma GRC Strategy
Crafting an End-to-End Pharma GRC StrategyCrafting an End-to-End Pharma GRC Strategy
Crafting an End-to-End Pharma GRC Strategy
Cognizant
 
20170912_Identity_and_Access_Management.pptx
20170912_Identity_and_Access_Management.pptx20170912_Identity_and_Access_Management.pptx
20170912_Identity_and_Access_Management.pptx
Anand Dhouni
 
Mitul Jain SAP GRC Security
Mitul Jain SAP GRC SecurityMitul Jain SAP GRC Security
Mitul Jain SAP GRC Security
mitul jain
 
The Good, the Bad and the Ugly: A Different Perspective on Identity Governance
The Good, the Bad and the Ugly: A Different Perspective on Identity GovernanceThe Good, the Bad and the Ugly: A Different Perspective on Identity Governance
The Good, the Bad and the Ugly: A Different Perspective on Identity Governance
IBM Security
 
MCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_FinalMCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_Final
William McBorrough
 
Cisa domain 4
Cisa domain 4Cisa domain 4
Cisa domain 4
ShivamSharma909
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
Srushith Repakula
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
GDSC PJATK
 

More Related Content

Similar to GRC DEMO 12.pptx

Chase Cooper Overview
Chase Cooper OverviewChase Cooper Overview
Chase Cooper Overview
Aoife Brennan
 
Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15
Jay Steidle
 
How much does it cost to be Secure?
How much does it cost to be Secure?How much does it cost to be Secure?
How much does it cost to be Secure?
mbmobile
 
20170912_Identity_and_Access_Management.pptx
20170912_Identity_and_Access_Management.pptx20170912_Identity_and_Access_Management.pptx
20170912_Identity_and_Access_Management.pptx
Anand Dhouni
 
Mitul Jain SAP GRC Security
Mitul Jain SAP GRC SecurityMitul Jain SAP GRC Security
Mitul Jain SAP GRC Security
mitul jain
 
The Good, the Bad and the Ugly: A Different Perspective on Identity Governance
The Good, the Bad and the Ugly: A Different Perspective on Identity GovernanceThe Good, the Bad and the Ugly: A Different Perspective on Identity Governance
The Good, the Bad and the Ugly: A Different Perspective on Identity Governance
IBM Security
 
MCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_FinalMCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_Final
William McBorrough
 

Similar to GRC DEMO 12.pptx (20)

Adaptive grc life_sciences_case_study
Adaptive grc life_sciences_case_studyAdaptive grc life_sciences_case_study
Adaptive grc life_sciences_case_study
 
GLOBAL LIFE SCIENCES COMPANY USES ADAPTIVEGRC SUITE TO MANAGE RISK & COMPLI...
GLOBAL LIFE SCIENCES COMPANY USES ADAPTIVEGRC SUITE TO MANAGE RISK & COMPLI...GLOBAL LIFE SCIENCES COMPANY USES ADAPTIVEGRC SUITE TO MANAGE RISK & COMPLI...
GLOBAL LIFE SCIENCES COMPANY USES ADAPTIVEGRC SUITE TO MANAGE RISK & COMPLI...
 
VEHICLE MANAGEMENT SYSTEM
VEHICLE MANAGEMENT SYSTEMVEHICLE MANAGEMENT SYSTEM
VEHICLE MANAGEMENT SYSTEM
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
 
GRC
GRCGRC
GRC
 
Integrated GRC
Integrated GRCIntegrated GRC
Integrated GRC
 
Presentaion final
Presentaion finalPresentaion final
Presentaion final
 
Leveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on securityLeveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on security
 
Chase Cooper Overview
Chase Cooper OverviewChase Cooper Overview
Chase Cooper Overview
 
Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15
 
How much does it cost to be Secure?
How much does it cost to be Secure?How much does it cost to be Secure?
How much does it cost to be Secure?
 
ERP Security as a Service 2017
ERP Security as a Service 2017ERP Security as a Service 2017
ERP Security as a Service 2017
 
Enterprise Governance Risk and Compliance (GRC) Management Solution in India
Enterprise Governance Risk and Compliance (GRC) Management Solution in IndiaEnterprise Governance Risk and Compliance (GRC) Management Solution in India
Enterprise Governance Risk and Compliance (GRC) Management Solution in India
 
aCCelerate Brochure
aCCelerate BrochureaCCelerate Brochure
aCCelerate Brochure
 
Crafting an End-to-End Pharma GRC Strategy
Crafting an End-to-End Pharma GRC StrategyCrafting an End-to-End Pharma GRC Strategy
Crafting an End-to-End Pharma GRC Strategy
 
20170912_Identity_and_Access_Management.pptx
20170912_Identity_and_Access_Management.pptx20170912_Identity_and_Access_Management.pptx
20170912_Identity_and_Access_Management.pptx
 
Mitul Jain SAP GRC Security
Mitul Jain SAP GRC SecurityMitul Jain SAP GRC Security
Mitul Jain SAP GRC Security
 
The Good, the Bad and the Ugly: A Different Perspective on Identity Governance
The Good, the Bad and the Ugly: A Different Perspective on Identity GovernanceThe Good, the Bad and the Ugly: A Different Perspective on Identity Governance
The Good, the Bad and the Ugly: A Different Perspective on Identity Governance
 
MCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_FinalMCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_Final
 
Cisa domain 4
Cisa domain 4Cisa domain 4
Cisa domain 4
 

Recently uploaded

How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
Srushith Repakula
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
panagenda
 
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties ReimaginedEasier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
panagenda
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
Safe Software
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
FIDO Alliance
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
Muhammad Subhan
 

Recently uploaded (20)

How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxCyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties ReimaginedEasier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
الأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهالأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهله
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
 
How to Check GPS Location with a Live Tracker in Pakistan
How to Check GPS Location with a Live Tracker in PakistanHow to Check GPS Location with a Live Tracker in Pakistan
How to Check GPS Location with a Live Tracker in Pakistan
 

GRC DEMO 12.pptx

  • 1. GRC Training Fathima Shaik Ankalu Maddika Aamod Chembukar July 20, 2023
  • 2. Agenda - GRC 12 Upgrade Landscape of GRC Introduction to Governance, Risk and Compliance Components of GRC GRC Access Control Components Configuration of GRC AC
  • 4. What is SAP GRC?  SAP GRC is an integrated set of applications that enable companies to manage its risks and controls in real time across the enterprise  Compliance with regulations / obligations through better risk management  Establishment of necessary governance to carry out risk assessment, controls , mitigating actions and monitoring  Management of series of activities from information access management to process risk controls with a streamlined, cost effective approach Governance Risk Complian ce
  • 5. GRC - Governance, Risk & Compliance Governance : ensuring how an organization is run by the people in charge complete & accurate management information & providing controls on the execution of management strategies Risk : Identifying and considering events or situations that could impact on the achievement of objectives related to strategic choices, your economic environment, injury & loss, data leakage, external factors, that may jeopardize the realization of the organization‘s. Compliance: ensuring external laws and regulations and internal policy directives are being complied with at a level consistent with corporate morality and risk tolerance with financial & trade regulations, data privacy legislation, contractual agreements.
  • 7.
  • 8.
  • 9.
  • 11. SAP GRC Introduction to Components of Access Control: • Access Risk Management (RAR) • Access Request Management (CUP) • Business Role Management (ERM) • Emergency Access Management (SPM)
  • 12. SAP GRC Access Request Management: ‒ Define the Workflows for Access Request ‒ Define the Agents / Process /Rule ID’s ‒ Standard Configuration / MSMP Workflows ‒ Customization of Access Request Management ‒ Business Process / Sub-Process /Functional Area / Roles /Role Owners
  • 13. Access Risk Analysis a. Configuration of Access Risk Management b. Global SOD Matrix – Risk Rules c. SOD Review d. Mitigation Process< e. Remediation Process f. Customization of Access Risk Management g. Monthly Reports h. Weekly Reports i. Review the Risk Analysis Reports j. Business Process Owners / SOX Controllers /SOX Audits
  • 14. Business Role Management: a. Define the Methodology b. Define the Workflow for Role Maintenance c. Business Process / Sub-Process /Functional Area / Roles /Role Owners d. Customization of Business Role Management
  • 15. Emergency Access Management: a. Configuration of Emergency Access Management b. Define the FF ID, FF Owner, FF Controller c. Define the Workflow for Super User Access / Configure Log Reports
  • 17.
  • 18. Emergency Access Management Terminology The following concepts have not changed since the previous release and are mentioned here for completeness: • Firefighter: User requiring emergency access • Firefighter ID: User IS with elevated privileges; it can only be accessed in the GRC srver using tcode GRAC_SPM • Firefighting : The act of using a Firefighter ID • Owner: User responsible for a firefighter ID and ther assignment of controllers and firefighters. • Controller: Reviews and approves (if necessary) the log files generated by a firefighter.
  • 19. Emergency Access Management Firefighter Application Types • ID Based Firefighter: The firefighter ID created in the remote system will be assigned to the user in the GRC system, either manually or via an access request. The firefighter accesses their assigned firefighter ID in the GRC srver using the SAP GUI and tcoe GRAC_SPM. The firefighter ID for all remote systems assigned to the firefighter will be accessed from this transaction. • Role Based Firefighter: The fire fighter roles created in the remote system will be assgined to the user in the GRC server. The firefighter directly logs into the remote system using their user id and performs activities which are provided in the uesr's role and firefighter role assigned to the user. • This is configured in IMG using parameter 4000(Application Type) • Only one application type can be configured at a given time.
  • 20. Architecture Remote Component: Plug-in • There is a component called plug-in which is installed in the remote system • Emergency Access Management accesses the plug-in using RFC
  • 21. Centralized Firefighting Overview Access Control 10.0 provides a centralized logon pad for accessing the firefighter IDs in all connected backend systems. • The centralized logon pad allows: • Displaying all firefighter ID assigned to the user • Logging in to all connected backend systems • Sending messages to other firefightes who are using a specific firefighter ID • Unlocking a firefighter session not closed properly
  • 22. Configuring a firefighter ID Step Summary • Emergency Access Management Configuration • Maintain Owners and Controllers in Central Owner Maintenance • Assign Owners to Firefighter IDs • Assign Controllers to Firefighter IDs • Assign Firefighter Users to Firefighter IDs • Maintain Reason Codes • Monitoring Emergency Access • Review a Log Report