what is sox and in sap security?
Answers were Sorted based on User's Feedback
Answer / gopi
Post Sarbanes Oxley, focus for corporations is more on compliance and security. Sarbanes Oxley has had a major impact on the organizations using SAP R/3 as their ERP. Some of the changes seen in the corporate landsacpe include identifying and documenting processes, implementing controls and safeguards, documenting user access approvals etc. In short, there has been a cultural shift in organizations post Sarbanes Oxley. Below, I have listed 7 major pointers which can help organizations towards better SAP security in the Sarbanes Oxley Era.
1. Provide users access on a need to know and need to do basis.
2. Adequately secure programs, transactions and tables.
3. All user accesses to SAP R/3 are properly authorized and approved.
4. Segregation of duties is maintained for all sensitive business transactions
5. All controls and business processes are documented.
6. Anti-fraud preventive controls are in place to prevent & detect fraud before an audit.
7. User profiles and roles in SAP are secured and designed to meet business requirements.
Is This Answer Correct ? | 12 Yes | 1 No |
Answer / praveen
Sarbanes Oxley, focus for corporations is more on compliance and security. Sarbanes Oxley has had a major impact on the organizations using SAP R/3 as their ERP. Some of the changes seen in the corporate landsacpe include identifying and documenting processes, implementing controls and safeguards, documenting user access approvals etc. In short, there has been a cultural shift in organizations post Sarbanes Oxley. Below, I have listed 7 major pointers which can help organizations towards better SAP security in the Sarbanes Oxley Era.
Is This Answer Correct ? | 6 Yes | 1 No |
what Troubleshooting we get these transactions like SU53, ST01, SUIM and ST22
does composit role has autherisations,how to we add the org values in composit role,What is the max authorizations objects that can be assigned to a profile
How we Educated client personnel in R/3 Security and general Basis knowledge
Explain network topology in sap systems?
What is the Organization level?
Someone has deleted users in our system, and I am eager to find out who. Is there a table where this is logged?
How to assign any program to user?
How to create users?
How to update risk id in rule set?
what is temp role and copy role ?
Mention which t-codes are used to see the summary of the authorization object and profile details?
What is sap’s grc?