smartGRC was created in 2008 and from the beginning has been implemented in a large and complex IT environment. smartGRC tool has been constantly developed by GRC Solutions since 2010, based on the international experience of GRC Advisory consultants gained during the implementation of other products from the GRC family. The smartGRC application has been created as an answer to the increasing threats related to the growing influence of automatic data processing on decision-making in companies. By using smartGRC business can analyze the level of risk associated with access to the IT systems, and conscientiously decide, what level of risk is acceptable and what mitigation controls should be implemented. Through proper implementation of tools and communication to employees, the company can build a strong awareness of internal control over IT systems usage, thereby significantly reduce the attempt to commit fraud. In addition, the universality of the smartGRC tool enables integration with various systems and business applications (not just ERP) available on the market.
- smartWorkFlow – flexible tool for managing user access in systems and business applications
- smartAccess – allows granting users emergency access (with a broad access to system) in special situations and provides full control of risks caused by an excessive access to system by using an advanced mechanisms of event logging
- smartSoD – an innovative solution dedicated to analyze Segregation of Duties (SoD), simulation and periodic review of access based on the defined SoD matrix
- smartReport – an extensive reporting module that allows you to quickly generate personalized and customized reports based on data in the system
- smartArchitect – enables creation and management of the role catalog according to the best practices
- smartReview – automated and fully tailored process of periodic access review
- smartRODO – tool enabling identification and cataloging of personal data in order to obtain GDPR compliance (extended Records of Processing Activities)
smartWorkFlow module supports managing user access process in systems and other business applications. With the help of this tool your company can automate process of assigning and removing access to business systems. The key advantage is the ability to collect information about the SoD risks connected with the implementation of a specific user request. Thanks to SoD risk analysis business owners can make more efficient, accurate and better controlled user access decisions regarding accepted permissions.
This module has been designed to automate complex and multi-step user access Workflow process (which directly leads to a shorter total time to grant / remove access). In the same time it allows you to obtain the information expected by management staff regarding acceptable level of SoD risks associated with granted access to the business applications.
smartWorkFlow can be flexibly tailored to the structure of organization thanks to multi-stage, multi-path, personalized Workflow paths for request approval. Moreover, at the request stage it is possible to simulate risks, which allows preventing new SoD conflicts before request implementation.
- Support for a business user
- On-line simulations
- Increase of transparency and control over the entire process
- Shorter time to proces access request
- Automatic implementation of requests in the SAP system
- Reduced number of unnecessary iterations between IT and business
- Possiblity of full automation
smartAccess support the process of managing user access in emergency situations that requires undertaking some specific actions that are beyound the normal scope of user access in SAP system. This module allows you to automate and control the process of granting access to emergency and privileged accounts, which provides high flexibility in operation - necessary for effective and quick resolution of unusual business problems. Meanwhile, accurate and complete documentation (logs) is gathered to make it possible to reproduce the cause and list of actions taken while using Easy account. Collected and archived logs can be used, for example for audit purposes.
- Ensuring business continuity in exceptional situations
- Minimizing the risk associated with excessive access
- Lowering audit costs thanks to complete documentation
smartSoD is one of the most advanced and innovative solution dedicated to perform preventive simulations and periodic privilege audits from the sensitive transactions access and SoD conflicts analysis perspective. Due to dedicated mechanisms built in the application, the SoD conflicts analysis works in the business activity layer and is used to interpret the conflicts in all critical IT systems of a company via interface mechanisms (called connectors).
smartSoDsmartGRC smartWorkFlow, but it can be also incorporated with all workflow solutions used by companies to manage user privileges requests.
Thanks to the available data analysis, key users in the organization can access information on the security status of IT systems connected to the smartSoD tool on an ongoing basis and in an easy way. The application has the possibility of connect with various IT systems, which allows you to monitor the rights not only in systems from the SAP group.
- Audit privileges processes automation
- User privileges monitoring
- Management supervision and easy audit
smartReport allows you to generate reports for data collected in the system from other modules of the smartGRC solution. Generated reports can be exported to a file and customized for their own presentation needs. Through extensive mechanisms for personalization of reports for specific user requirements, the tool quickly provides information in the required form, scope and at a specific level of granularity.
This module is strongly integrated with the smartSoD module. It allows, for example, to define Segragation of Duties conflicts (SoD) occurring in an enterprise both at the user and role level.
- Personalization of report results
- Results generated in real time, without the need to wait for results
- The ability to export results to a file
- Reports regarding segregation of duties risks – analysis of access risk in an enterprise
- Reports regarding segregation of duties risks – systematic control of risks in the system, based on generated reports
The smartArchitect module enables creation and management of a role catalog according to the best practices for many environments. Simulation integrated with the SoD matrix allows you to identify and eliminate SoD conflicts in roles very early, during role design. The available documentation, stored in the system, clearly and understandably presents key parameters for roles.
- Elimination of SoD risks occurring in roles
- Systematized and transparent catalog of roles
- Optimization of the costs of building roles
The smartReview module allows you to periodically review access of users. Faced with the expansion and changes of the companies organizational structure, as well as the emerging audit requirements, the need to create a tool that will quickly, easily, efficiently and periodically harmonize the users access in systems with their current role in business processes has arisen.
Re-certification of authorizations in the system so far required a lot of work and time to carry it out, therefore, it was a big burden for the organization. Thanks to smartReview, the analysis process can be carried out in a fully automated way, according to distinguished criteria.
The smartReview module has been designed to verify the correctness of the system architecture but also to build a history by creating an archive (audit documentation).
- Automated access review
- Ensuring compliance with legal and auditing requirements
- Increasing the level of security
- Adjustment of user access: access is adequate to responsibility (or participation in business processes)
- Creating an archive and maintaining repository of all periodic reviews with details of their processing
The smartRODO module provides the ability to catalog personal data processed by systems. Such repository has the form of an extended Record of Processing Activities. The module enables defining in which systems specified type of data are processed (eg. PESEL number).
- Cataloging of personal data
- Allows you to easily and quickly determine the system in which the data is processed
- Acts as a Record of Processing Activities
smartGRC– GDPR compliance
The activity of enterprises on the market is regulated by many different legal acts, laws, etc. In order to meet the growing and more complex requirements regarding the protection of personal data, there is a need to search for new solutions. The smartGRC application is a tool that addresses requirements for user access management.
GDPR compliance – time remaining for implementation:
smartGRC modules and GDPR compliance:
- smartRODO – provides the ability to accurately catalog personal data processed by individual systems
- smartAccess – the ability to manage privileged / emergency access to the SAP system
- smartSoD+ smartReport – the ability to report segregation of duties (SoD) risks and access to sensitive / personal data in the SAP system
- smartWorkFlow + smartArchitect – approval paths for role assignment to users. The possibility of creating a separate path for roles marked as those giving access to personal data
- smartReview – periodical verification of user access and segregation of duties (SoD) risks in the system. It enables identification of users with too broad access to the SAP system (also including access to personal data)