Access Violation Management involves identifying, monitoring, and mitigating risks related to “unauthorized” or “unwanted” access within an ERP system. It encompasses managing single actions, enforcing SoD (Segregation of Duties), and implementing compensating controls such as the digital 4-eyes principle when the authorization concept is insufficient.
Obviously, users need to have authorizations in the system to access or change data. But often enough, authorization concepts are not well maintained, and it can happen that users have SAP authorizations that are not granted by their role in the organization. If the authorizations allow the violation e.g. of SoD rules defined in SAP GRC Access Control, then the organization requires compensating controls.
Who is monitoring access violations in your organization – and is it fully automated?
We do a technical deep-dive into the technical basis for analyzing access violations, such as detecting single actions, but also detecting violations of the SoD rules.
We talk about:
Tomislav has more than 15 years of experience in SAP, implementation, support, compliance, and internal controls. He is an SAP consultant and SAP auditor, open-minded, always keen to learn, and help customers. Tomislav is responsible for Customer Service in our Risk and Compliance Products Business Unit. He enjoys finding quick and easy ways to improve our products and add value for customers.A sparring partner to solve your risk and compliance problems? Then Tomislav :)
Jens has 20+ years experience in SAP security, compliance and internal controls. He is an ex-auditor, always curious, willing to learn and to share knowledge. At VOQUZ Labs Jens is responsible for our risk and compliance products. He enjoys interacting with customers and finding quick and simple ways to improve our products to deliver value to customers. Pragmatic and customer-focused? Then Jens :)
