Here are just some of his tips for migrating to SAP GRC:

1. Set up filters to exclude data related to certain entry from migration

2. Set up necessary transformation, e.g., Business Process (B.P.)
ID is allowed to have 10 characters in GRC 10.0. RAR (Risk Analysis and Remediation) 5.3 only
allowed 4 characters for B.P. whereas CUP (Compliant User Provisioning) 5.3 allowed 40
characters for B.P.
3. If you forgot to set up transformation/filter for one of the components or wanted to
manipulate the file before importing, you can re-import all the data with overwrite option.
This will wipe out any relevant data.
4. Dont try to migrate workflow data, as it still requires manual effort. GRC 10.0 uses
SAP Business Workflow, which is very powerful and flexible so it is better to configure
workflow from scratch.
5. Manipulate exported files to set up easy transformations by using a tool like
EditPlus/Notepad++. Dont use MS Excel as it will change the file format.
6. Set up at least one staging server before production environment (recommendation is
to have a sandbox/development, QA and Production)
7. Customization of ruleset is a must to remove false positives and identify risks coming
from custom Tcodes. Pre-delivered ruleset acts a good starting point.

8. Design a simple and easy to manage 2-4 stages workflow for Access Requests. Having a
complicated workflow would increase request closure time and add complexity while
troubleshooting issues.