Are you effectively managing your SAP GRC mitigating controls?
9 out of 10 people said they’d re-think before answering this question. SAP GRC Access Control doesn’t come with a feature that helps you to monitor GRC Mitigating Controls, or trigger emails. One of our clients reached us to help on the below two scenarios:
- Notifications to the Control Owner(s)/Monitor(s) – A proactive notification should be sent at least 5 days before the expiry with proper escalation mechanism.
- When the ID is de-activated/deleted, the respective mitigation should also be ended.
GRC mitigating controls helps you to define the controls, monitor them and get the output in real time, but not within the SAP GRC Access Control. Further, the Invalid GRC mitigating controls report under User Analysis, and Role Analysis gives you the output on adhoc basis, means someone has to run the report, manually extract and reach out to the GRC Mitigation Controls Owners/Monitors.
Some of our clients put this as a task on the Operations & Support team to monitor on a daily/weekly basis and inform the stakeholders when controls expire.
ToggleNow team has built an intelligent BOT to automate this task. The BOT runs in the background and identifies when a GRC mitigating controls is ending for a certain user or role. It then sends the notification and takes the appropriate action as per the pre-defined rules.
Further, escalations can be managed where if the Mitigation Control is not extended, it can loop in his/her manager too.
To make sure you are not vulnerable to threats, our system will also remove the mitigations for user IDs that are no longer active in the SAP system.
We helped our client to automate this task, thereby removing the audit gaps and reducing the efforts by 0.5 FTE with a very little investment.
Our SAP GRC implementation & support expertise enables customers to reduce their TCO and lower technical risks. With more subject matter expertise, we service many regions across the world. Our SAP security experts have driven hundreds of projects for large companies and helped the clients in their digital transformation journey.
If you are choosing SAP Security & GRC partner, talk to us. We can help you streamline your SAP Security, GRC implementation, upgrade and support services. Get in touch with our SMEs today!