Challenge
The goal of the Customer in the Engineering & Construction sector was to strengthen the security of SAP applications in compliance with the requirements of the General Data Protection Regulation (GDPR).
After an in-depth Security & Risk Assessment, aimed at identifying anomalies with respect to the regulation, a Remediation plan was prepared in which the actions necessary to solve the critical gaps were identified and implemented.
Solution
Following an AS-IS analysis focused on the IT procedures in SAP (access management, data protection levels), a Remediation plan was produced, in which the anomalies were listed and, for each of them, the intervention priorities were defined, with the related SAP solutions.
In particular, solutions were implemented for:
- the reconfiguration of critical system parameters (according to SAP Best Practices)
- the definition of a list of forbidden passwords
- the removal of critical authorizations from the related users, if deemed unnecessary
- the assignment of new transactions to users
- the segregation of queries assigned to users
- the definition of the SAP role catalog
Results
- The level of access security in SAP has been improved
- The IT timing in SAP profiling management has been optimized
- The SAP model has been adapted to the new GDPR Regulation
Statement
Le informazioni contenute in questo documento sono di proprietà.
Copyright © 2014 Qintesi S.p.A. Tutti i diritti riservati.