Challenge
In compliance with GDPR regulation (EU regulation n° 2016/679), the goal of the project was to ensure the security of the SAP application system, with particular focus on the customer’s personal data.
A set of SAP GRC solutions were therefore implemented to manage the various aspects of raising awareness of personal data that determine the achievement of an adequate level of security, bridging any gaps compared to those actually applied.
Solution
For the project implementation, a Security Risk Assessment analysis was carried out to detect any security criticalities and formulate a tailor-made remediation plan based on the specificities of the Customer.
Then, the personal data present in the SAP systems were collected and the transactions that allow access were mapped.
The authorization criticalities that were identified in the Security Risk Assessment were managed through:
- The reclamation of roles
- The SAP Read Access Logging (SAP RAL) implementation to track access to all personal data, saving a log file
- The SAP Enterprise Threat Detection (SAP ETD) implementation to receive and analyze the logs from SAP systems using the potential of SAP HANA to identify a possible Data Breach in real time by connecting events that occurred on different systems
Results
- The security of SAP systems has been adapted to comply with the GDPR regulations
- The personal data has been mapped on SAP systems
- The access to personal data has been tracked
- The gaps related to the criticalities present in the system have been filled
Statement
Le informazioni contenute in questo documento sono di proprietà.
Copyright © 2014 Qintesi S.p.A. Tutti i diritti riservati.