Security and risk management – architecture and SoD matrix for production company
GRC Advisory team successfully completed the project on the area of security and risk management related to SAP systems access at the Polish branch of a global production company in the food industry with support of smartSoD module.
At first stage of project, currently used SoD Matrix was tailored based on workshops with representatives of business departments. Then, agreed SoD Matrix has been used to analyze SoD conflicts with support of thesmartGRC application. The GRC Advisory team presented results of analysis in the form of reports and consulted on approach to remediation of identified conflicts for users and roles. In addition, currently used control mechanisms and planned, newly designed mechanisms were assessed in terms of its’ further usage as a part SoD risk mitigation (mitigation controls).
In the next stage of the project, the currently used role architecture in the system were redesigned to eliminate or reduce existing SoD conflicts. GRC Advisory consultants coordinated testing of new permissions for business and technical users and participated in migrating users to new accesses in the system with maintaining business continuity.