COMPANY IT Dept.

/ ERP Team
Date: 29-Oct-16
RE: SECURITY & MAINTENANCE OF IT ASSETS
Dear ____,
This report contains key security measures which COMPANY should consider in order to safeguard its IT
assets and formulate a sound procedure of accountability built on authorized hierarchy of user IDs.
1.

COMPANY should first make a list of all system users and formally assign each user an available
computer system (e.g. Laptop, Desktop) with a unique IT asset ID. This list can always be referred
to verify status of each system and user-specific assignment.
2. IT Administrator should create a user ID for every assigned system and allocate appropriately.
This assignment can also be on the basis of relevant department if COMPANY has such standard
policy. In this case, user initials or numeric identity can be added in department-based ID in
order to make it unique. This ensures the IT audit trail and traceability in future as required. Once
above recommendations are implemented as basis of virtual security, COMPANY would be in a
position to monitor all its IT assets appropriately.
3. COMPANY need to make sure that every SAP user, whether functional or technical, may use his
SAP ERP system ID on his/her personnel assigned system only. This restriction will prevent any
authorized SAP user to logon through other user assigned system.
In order to achieve this objective, it is recommended to specify system MAC Address within the
SAP ERP system which, upon logon attempt, will match the user ID with system MAC address. If
match is successful then system will authenticate password and subsequently allow access or
issue error message otherwise. This task can be managed through SAP BASIS consultant.
Infrequent