Here are just some of his tips for migrating to SAP GRC:
1. Set up filters to exclude data related to certain entry from migration
2. Set up necessary transformation, e.g., Business Process (B.P.) ID is allowed to have 10 characters in GRC 10.0. RAR (Risk Analysis and Remediation) 5.3 only allowed 4 characters for B.P. whereas CUP (Compliant User Provisioning) 5.3 allowed 40 characters for B.P. 3. If you forgot to set up transformation/filter for one of the components or wanted to manipulate the file before importing, you can re-import all the data with overwrite option. This will wipe out any relevant data. 4. Dont try to migrate workflow data, as it still requires manual effort. GRC 10.0 uses SAP Business Workflow, which is very powerful and flexible so it is better to configure workflow from scratch. 5. Manipulate exported files to set up easy transformations by using a tool like EditPlus/Notepad++. Dont use MS Excel as it will change the file format. 6. Set up at least one staging server before production environment (recommendation is to have a sandbox/development, QA and Production) 7. Customization of ruleset is a must to remove false positives and identify risks coming from custom Tcodes. Pre-delivered ruleset acts a good starting point.
8. Design a simple and easy to manage 2-4 stages workflow for Access Requests. Having a complicated workflow would increase request closure time and add complexity while troubleshooting issues.