New SOX 2007 standards meant that known issues with SODs needed to be resolved, through implementing SAP GRC Compliance Calibrator, in order to have a successful audit and without committing massive resources to a manual remediation exercise
A dedicated team was deployed to manage the implementation, working with SAP AG, who carried out the technical install in this instance. Engagement with business managers across many countries was key, as was the need for carefully considered communication to ensure all project stakeholders were supportive and committed to what was a successful outcome. The end result was a dramatic improvement in risk management related to SOD conflicts
A complex SAP project for a medium sized business realised that it would be more efficient to bring in a specialist to design and implement the SAP security strategy
su53 Solutions worked closely with the client and with the project team to form a sound understanding of the business, and developed and implemented the SAP security strategy through the project. An audit of the project gave accolades to the security design and documentation
Flagged audit matters had not been resolved for two years and the next annual audit was due in 6 months. The private equity owners were increasingly anxious about whether the business would achieve audit sign-off – which would be critical if the owners were to succeed in their exit strategy
The matters identified were assessed for importance and ease of resolution, and grouped into workstreams for efficiency and to minimise business disruption. A combined client and su53 Solutions team were then created to work through the remediation plan over the following six months
Growing public scrutiny and media speculation in the public sector resulted in this public agency needing to form an objective view on how secure its IT systems were, and what it should do with limited budgets to improve matters
An initial Risk Review gave clarity as to the areas that would provide the most significant improvement at the least cost, and a programme of improvements was designed. A particular focus was on how to make best use of limited resources and budget, and how to integrate this work with other SAP projects
This newly divested business had six months to build a new clean-sheet SAP system and wanted to make sure that security would be good and would be as efficient as possible in order to support its competitive growth intentions
Key in the design here was the criticality of the go-live deadline, and so a pragmatic view was taken to come up with a design that would deliver a strong platform for security, but where a post go-live (and less time pressured) phase would then move the business from a basic viable level to one of having good and efficient security in place
Although the majority of the business was very security minded in its core business area, it had been noted that the HQ back-office business had little governance in place and this needed addressing: however funds for this overhead area were highly restricted
The business had formed a view that the optimum solution, to use SAP GRC, would not be justifiable for this small back-office function, but su53 Solutions devised a basic compliancy solution using standard SAP capabilities supplemented by 4 utilities from its Toolset. This design gave a marked improvement in security and compliance, whilst remaining within a restricted budget.
Close to go-live, this international organisation in a highly risk-sensitive industry wanted an independent assessment of the state of security before go-live would be approved
With time criticality and located in a politically unstable part of the world that would be hard to visit,su53 Solutions came up with an adapted remote access form of the Risk Review that would assess the key vulnerabilities and risks in the system. Conducted over a secure VPN link and using downloaded system extracts, the resultant report was designed to be delivered not only as a written document, but though web-conferencing, bringing deeper action-oriented understanding of the matters identified
Months in to a SAP GRC implementation there were still technical issues and uncertainty as to the optimal strategy for rolling GRC out across the business, with the threat of project overruns
An initial investigation highlighted the technical issue and progress was quickly made to review the project strategy, resulting in a recommendation to consolidate and accelerate, partly to rebuild confidence, and partly to secure progress in risk management. A mix of training, project and support services served to make substantial improvements that are contributing to project success
This major global business, operating in a highly secure industry, had won a significant new service contract that demanded opening up access to their SAP system through the supply chain, from client and client partners through to suppliers
The security design and processes in place were good, and so the security stream was designed to provide assurance across stakeholders, with a mix of design review, Risk Review, early engagement with auditors, and strong communications to ensure fair levels of confidence and the avoidance of disruption to the project
Faced with periodic demand for specialist SAP GRC & Security skills, this leading consultancy looked to partner to have access to a pool of resources with wider and deeper skills as and when it needed
A strategic engagement framework was negotiated, committing su53 Solutions to providing the necessary resources and solutions in bids and service delivery.
Services and Stories 
