Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time...
Transcript of Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time...
![Page 1: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/1.jpg)
Practical GRC: Reduce Risks, Enhance Control,
Minimize Authorizations
Xpandion, 2018
![Page 2: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/2.jpg)
About Xpandion• Established in 2007
• Based in Tel Aviv, Israel
• Partners in Europe, USA, Asia Pacific
• Independent software vendor (ISV) with expertise in
ERP usage inspection
![Page 3: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/3.jpg)
• Xpandion Software:
– Security
– Authorizations
– GRC
– SLOE
• Answering Needs:
– User Monitoring
– Authorization Management
– Compliance
– Workflow Processes
– SAP licensing
– Reduced Resources
![Page 4: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/4.jpg)
ProfileTailor™ Dynamics
1. Infrastructure
2. Segregation of Duties
3. Control Management
4. Role Management
5. Additional Info
![Page 5: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/5.jpg)
1. Architecture
![Page 6: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/6.jpg)
Data SourcesERP etc.
SQL SERVER
SMTP MAIL
Server
Data SourcesERP etc.
IIS – Web Server
Worker Process
ProfileTailor Service
ProfileTailor Dynamicsuser interface
End user
Access via web browser over HTTP
Web Collector
Data Extractor MSMQ
Data SourcesERP etc.
![Page 7: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/7.jpg)
ProfileTailor Suite in Details
![Page 8: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/8.jpg)
Supported Platforms
• ProfileTailor Suite is currently able to connect to ERP systems (SAP, Oracle Apps, Priority), Active Directory, Windows file systems, VMS based systems, AS/400 based systems and various proprietary systems
• Connectivity is done using built-in out-of-the-box connectors or with open API, assisted by a graphical Interface Builder software
![Page 9: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/9.jpg)
2. Segregation of Duties
![Page 10: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/10.jpg)
Segregation of Duties
• Tier-1 solution with unique behavior inspection
• Identifies SoD violations by roles and users
• Simulates granting authorizations and recommends the best role to allocate
• Alerts when new violation is created
• Collaboration infrastructure with consultants and auditors
![Page 11: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/11.jpg)
SoD Rule
Activity Groups
Activities in Groups
Activity Modes For Auth. Object Level
Introduction to SoD operation
“Create & Approve Purchase Reqs”
Create purchase reqs / Approve purchase reqs
ME51N, ME52N / ME54N
Valid for create & change (but not display)
![Page 12: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/12.jpg)
SoD Rule
Activity Groups
Activities in Groups
Activity Modes For Auth. Object Level
Introduction to SoD operation
• SoD Rules
• SoD Reports
• SoD Violations
– Role
– Authorization (Static)
– Actual use (Dynamic)
• Conflict Resolver
![Page 13: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/13.jpg)
Sharing: Correspondence
Well documented correspondence for later review by auditors
![Page 14: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/14.jpg)
Alerts can be received immediately or via scheduled report
Alerts when Violating SoD Rules
![Page 15: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/15.jpg)
Options: adding activity to user, role to user, activity to role
Several objects can be analyzed together
Simulation for Granting Authorizations
![Page 16: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/16.jpg)
Simulation for Granting Authorizations
Simulation before granting groups from Active Directory.
![Page 17: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/17.jpg)
RoleAdvisor™
Choosing most suitable role to grant in seconds, according to (1) activity (2) company code/plant/Pur.Org/Etc. (3) number of SoD violations (4) minimum risks
![Page 18: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/18.jpg)
Mitigate Risks
Quick and easy methodto mitigate risks and document compensating controls
![Page 19: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/19.jpg)
SoD Conflict Resolver™
![Page 20: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/20.jpg)
3. Control Management
• Alerts
• Authorization Review
• Workflows
• Automated Controls
![Page 21: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/21.jpg)
Alerts
Using alerts, it is easy to react immediately
• Event-driven system; all events can be sent as an alert depending on severity
• Alerts can be sent to different people
• Some alerts can require acknowledgement from recipient
![Page 22: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/22.jpg)
Alerts (1)
Alert example: granting sensitive authorizations
![Page 23: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/23.jpg)
Alerts (2)
Alert example: granting authorizations that violate SoD rules
![Page 24: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/24.jpg)
Authorization Review
• Process for reviewing employee authorizations; performed periodically
• Approvals by managers (org. structure) or by data owner (Finance, Logistics, etc.)
• Approving only sensitive or all activities, only certain groups of employees, etc.
• Fully documented for audits
• End-user screen supports multi-language
![Page 25: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/25.jpg)
Authorization Review (2)
Each manager receives
email and reviews only
relevant employees
![Page 26: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/26.jpg)
Authorization Review (3)
Ticket to cancel authorization is automatically forwarded to Helpdesk
![Page 27: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/27.jpg)
Authorization Review (4)
Overview screen displays review progress; ability to send reminders to managers
![Page 28: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/28.jpg)
Authorization Analysis
Who can do what…
![Page 29: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/29.jpg)
High Risk Activities
![Page 30: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/30.jpg)
High Risk Groups (Active Directory)
![Page 31: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/31.jpg)
Unused High Risk Activities in Roles
![Page 32: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/32.jpg)
Workflows
• Cross-platform integrated workflows
• For example:
– Authorization request
– Self service password reset
– Emergency Access (Firefighter)
– Employee life cycle: Hire, position change, terminate
![Page 33: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/33.jpg)
Authorization Request
• Authorization request portal
• From user request to closure of Helpdesk ticket
• Integrated interface to automatically perform change (in SAP, Active Directory)
• Well documented process for auditors
• Elaborate process for preventing bypass
• End-user screen supports multi-language
![Page 34: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/34.jpg)
Authorization Request (2)
User Request:1. Add activity (+free
search)2. Add authorization3. Free request
![Page 35: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/35.jpg)
Authorization Request (3)
Authorization Manager Approval
![Page 36: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/36.jpg)
Authorization Request (4)
Documentation: Complete control over the process
![Page 37: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/37.jpg)
4. Role Management
• Role building
• OrgSet Management
• Emergency Users
• Role Reports
• Role Simulator
• Role Advisor
• Role Splitter
![Page 38: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/38.jpg)
IT/Emergency Access
• Emergency access requested via browser
• Opens user with timely access, or allocates temporary authorizations to existing user
• Detailed report of user activity is automatically sent to manager
• Business rules are available (e.g., automatic approval after business hours if rule passed security tests)
![Page 39: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/39.jpg)
Web-based process enables: unlocking username, adding extra authorizations to existing user, sending detailed report on activities performed after completion of process
![Page 40: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/40.jpg)
IT/Emergency Access (2)
Request for IT access (screen is fully customizable)
![Page 41: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/41.jpg)
IT/Emergency Access (3)
Well documented request and activity log
![Page 42: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/42.jpg)
5. Additional Info
• Implementation options
• Authorization concept
• Data Security
• Privacy
![Page 43: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/43.jpg)
Implementation options
Feature Cloud On-premise
SoD Control Only authorization based Yes
Usage analysis X Yes
Immediate alerts X Yes
Role management Without usage insights Yes
Authorization Review Yes Yes
Emergency Access Without provisioning Yes
![Page 44: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/44.jpg)
Implementation options
Feature Cloud On-premise
SoD Control Only authorization based Yes
Usage analysis X Yes
Immediate alerts X Yes
Role management Without usage insights Yes
Authorization Review Yes Yes
Emergency Access Without provisioning Yes
![Page 45: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/45.jpg)
Authorization concept
• Role based
• Each role has access to a set of menus
• A user may have multiple roles
• Additional limitation by user groups
Menus Users
![Page 46: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/46.jpg)
Data Security
• Data repository on corporate SQL server
• Single sign on utilizes Active Directory security
• Access is limited & monitored
• Configuration changes are monitored & audited
![Page 47: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/47.jpg)
Privacy
• No personal HR data is retrieved
• Data on transaction usage and not content
• User data can be segregated
• Imported data fields can be controlled
![Page 48: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/48.jpg)
10 Differences that Make ProfileTailor Better
1. Dynamic SoD
2. Quick implementation // Quick time to realize
3. Conflict Resolver™ to eliminate SoD risks
4. Role Advisor™ to advise best role
5. Cross platform SoD with Active Directory and additional systems
6. Shared folders Access Control monitoring
![Page 49: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/49.jpg)
7. In-depth activity monitoring in each T-Code
8. Role usage and recommendation regarding role changes, Role rebuilding capabilities
9. Power users SAP_ALL replacement – dedicated authorization role based on user monitoring
10. Additional Workflow Processes: Self-service password reset, Employee Lifecycle Management (with AD)
10 Differences that Make ProfileTailor Better
![Page 50: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/50.jpg)
ROI-focused Implementation
• Multi-system authorization request process• Automated periodical authorization review• Authorization Insights (analysis of who can do
what, who did what)• Alerts when sensitive authorizations are granted• Proactive, ongoing protection from SoD
violations• Controlled IT/emergency access to production
environment
![Page 51: Practical GRC - ADSOTECH Scandinavia€¦ · 1. Dynamic SoD 2. Quick implementation // Quick time to realize 3. Conflict Resolver™ to eliminate SoD risks 4. Role Advisor™ to advise](https://reader030.fdocuments.us/reader030/viewer/2022041006/5eac7eb146a5cf69de2efcfe/html5/thumbnails/51.jpg)
http://www.xpandion.comhttp://www.adsotech.com