Blockchain ERP Integration and ISO Standard

Blockchain / DLT:
- ERP integration
- Control frameworks
- Use cases
ISACA NL Square Table

(in association with NOREA)
7 April 2021
__________
Koen Revet, Siddharth Durbha & Ronald Koorn

© 2021 KPMG Advisory N.V., a Dutch member firm of the KPMG network of independent member firms affiliated with KPMG International Limited (“KPMG International”), an English entity. All rights reserved. 1
Introduction
Koen Revet Siddharth Durbha Ronald Koorn
Manager Associate Director Risk Consulting Partner

KPMG Enterprise Solutions KPMG India KPMG IT Assurance & Advisory
Market lead ERP & Blockchain Project Lead TC307 committee for developing Member of ISACA GDPR & Privacy &
ISO standards for Block Chain/DLT Security, NOREA Keteninformatiemgt.
Governance & Interoperability
Agenda
 Introduction
 Crash course Blockchain/DLT concepts (optional)
 Blockchain (Control) Frameworks
 ISO standard
 ERP Integration demo
 Case studies
 Q&A
How it all started back in 2008
PEER TO PEER
CRYPTOGRAPHY
NETWORK
Value transfer via without a trusted

the internet third party
CONSENSUS DECENTRALIZED
MECHANISM LEDGER
validated by nodes completely

within a network transparently
Properties of Digital Ledger Technology (DLT)
Distributed
All network participants have a full copy of the
ledger for full transparency
Programmable Anonymous
A blockchain is programmable The identity of participants is either
(“Smart Contracts”) pseudonymous or anonymous
Secure BLOCKCHAIN
Time-stamped
All records are individually encrypted Transaction timestamp is L
recorded a block
Immutable Unanimous
Any validated records are irreversible and All network participants agree to the
cannot be changed validity of each of the records
Source: KPMG Research
Is it (solely) an architecture?
The concept of a Distributed Ledger (DLT) was synthesized in 1990. Blockchain was introduced as a
distributed ledger platform for the Bitcoin application as the ultimate incarnation of a decentralized
ledger by anonymous consensus.
The spectrum of available distributed ledger technology aims to solve the problems of data
redundancy and costly reconciliation processes with unique organizational models and consensus
procedures.
Application Industry
Integration Web Web Services Digital Network
(TCP/IP, RMI) (http & https) (XML & SOA) (RestFull APIs) Protocol
Block
chain
Databases DB Clusters Cloud Storage Distributed Encrypted

(RDB) (Fault-tolerant, (Online Data Stores) Computing Ledger
DR) (Hadoop) Consensualis
m
Digital Ledger Technologies (DLTs)
DLTS ARE A WAY OF ORDERING AND VERIFYING TRANSACTIONS IN A DISTRIBUTED LEDGER
1 2 3 4 5 6
Initiate Post & Record transaction Validate via Consensus Immutable, encrypted Transaction
Broadcast
transaction to the network and confirm Block completed
— Multiple parties — The transaction is — The ‘block’ is — The network, verifies, — The confirmed block is — Nodes have
transact added in order into a broadcasted to every validates and approves; added in a linear and access to a
network’s ‘block’ and party and their nodes the confirmation is chronological order to shared
— All transactions
are recorded presented in the network broadcasted to the the chain single
including other nodes source of
transaction’s — Entries can be added — Network of computer — That provides a truth
but not deleted nodes verifies, — Consensus (agreed transparent record of
date, time,
parties and validates by running a mathematical transactions; Audit — A
amount wants — Each node in the software which mechanism) is recorded trail; traceable digital completed
to do a network owns a full and provides the basis
continuously fingerprint block gives
transaction copy of the ledger for trust mechanism
replicates the ledger way to the
— Data is pervasive and next block
persistent and creates in the
Consensus Mechanism Applied a reliable transaction blockchain
record
2
3
1 6
4 5
1 Blocks
How does it work?
1 2
1
Initiate Post & record transaction to the

2
transaction (any triggering event in a process, network 1
not necessarily financial)
4 3
Validate via consensus and Broadcast to relevant participants

3
confirm
5 6 Consensus mechanism applied
Transaction “inherits” part of the Transaction is recorded as a

key from the previous transaction new, unalterable block on the 6
chain
5
Blocks
Permissioned vs. permissionless
DLT Landscape
What are the main benefits?
Enable trust Streamlined data Immutability Transparency

reconciliation
No need for a Consensus mechanism to Validated records are All network participants have a
intermediary to store and validate transactions. irreversible and cannot be full copy of the ledger for full
transfer value or changed. transparency.
guarantee data integrity.
KPMG Blockchain survey
Sample Cloud-based Blockchain Stack (MS Azure)
Agenda
 Introduction
 Crash course Blockchain/DLT concepts
 ISO standard
 Case studies
 Q&A
Potential Blockchain risks
Managing cross border Uncontrolled changes, majority

differing privacy, regulatory
and compliance requirements
! hash rate attack or consensus
hijack
Risk
Imperatives
Misconfigured restrictions and Security vulnerabilities in DLT
insecure deserialization for infrastructure and smart
authorized user permissions contracts
Unauthorized control to
Accidental loss or theft of private
network operations to
keys
restrict transactions
API risks with legacy and enterprise systems

Key considerations for protecting from cyber attacks
(in case of permissioned DLTs)
Design robust consensus validation rules &

Insecure APIs
processes
Strength of he encryption protocols

End-point vulnerabilities
(incl. cryptographic hash algorithms)
Ecosystem/Third party risks

Number & type of participants
(DLT integration platforms, payment processors, wallets,
in the network
fintech, payment platforms, and smart contracts)
Extent of reliance on Untested code risks

externally-sourced data
Illustrative control areas for protecting from cyber attacks
Audit program to evaluate cybersecurity risk management

Access controls including controls to authenticate practices, internal control systems, and compliance with
& permit access only to authorized participants laws and regulations
Encryption of data including while in transit or in Smart contracts code review

storage on networks or systems
Threat modeling to analyze threats and mitigation Secure coding and design principles for writing
in a detailed, granular fashion business logic and smart contracts on top of any
private blockchain
Secure APIs Incident response plans that address critical

security events during the blockchain life cycle
Why need a Blockchain Control Framework?
• Complete coverage of all key risks / areas
• Structured set of ‘good practices’
• Embedding in PDCA cycle
• Standardized trust levels & achieving Interoperability
• Providing auditing & certification criteria
And why not apply a framework?

• Strait-jacket & substantial effort to implement fully
• Absence of data (entry) integrity & ‘soft controls’
• Frameworks do not provide answers to all key questions, such as:
• Which protocol to select?
• How to develop secure smart contracts?
• How to integrate Blockchain with ERP systems?
Blockchain Platforms/protocols
Exonum Hyperledger Openchain Graphene Corda MultiChain
Code type Open-source Open-source Open-source Open-source Open-source Open-source
Community Regular updates Regular updates Not very active Not very active Regular updates Regular updates
FinTech, GovTech
Industry focus LegalTech
Cross-industry Cross-industry Cross-industry Financial services Financial services
Governance The Bitfury Group The Linux Foundation Coinprism Cryptonomex R3 consortium Coin Science
Ledger type Private and permissioned Private and public Private Private and public Permissioned Private
Cryptocurrency None None Aircoin Bitshares None None
Language Rust Python JavaScript C++ Kotlin, Java C++
Smart contract
Yes Yes Yes Yes Yes Yes
functionality
Used in projects for Adobe,
Banking app for Postal Arm, Cisco, Comcast,
Land registry and land Banking systems for
Savings Bank of China, GitHub, Harman, Hitachi, Steemit, BitShares,
Best projects cadastre systems for
DLT.sg Singapore HPE, Qualcomm, Siemens, Peerplay
Bangkok Bank, BBVA, Wolfram Resear
Georgia and Ukraine BNP Paribas, HSBC, ING
blockchain apps Sony, Toyota, Western
Digital, and Wind River
Exonum Hyperledger Openchain Graphene Corda MultiChain
Source: Top 6 Blockchain Frameworks to Build Your App, https://rubygarage.org/blog/best-blockchain-frameworks 22

© 2021 KPMG Advisory N.V., a Dutch member firm of the KPMG network of independent member firms affiliated with KPMG International Limited (“KPMG International”), an English entity. All rights reserved.
Blockchain / DLT Control Frameworks
 ISACA
 NOREA
 ISO
 Others (see next)
Blockchain Control Frameworks
Cloud Security Others
ISACA NOREA COSO ISO Maltese government
Alliance frameworks
1. Blockchain Frame- • CPA Canada

Blockchain/DLT DLT Security
work & Guidance Blockchain Control Blockchain & Internal System Auditor Control • University of
Publication(s) Security, Governance Framework for
2. Blockchain Audit Framework (i.o.) Control Objectives (part C) Cambridge
& Interoperability (i.o.) Financial Services
Preparation Guide • KPMG
1. 2020
Version/ date(s) 2021 (Q3/4) 2019 2022 – 2023 2018 2021 – 2022 (i.o.) Various
2. 2019
ISACA HQ Malta Digital Innovation

Origin Netherlands US International International idem
(International / US) Authority
Language English Dutch English English English English English
1. Controls & Security Control & Audit Security, Governance

Nature framework Control Audit Security Audit & Control
2. Audit (limited Security) & use cases
• Governance
• Nodes
• Infrastructure • Virtual Financial Assets • More security-
DLT components • Protocols Various, incl.
• Data See next page See next section • DLT Platforms oriented domains
addressed • Private keys cryptocurrencies
• Key management • Smart contracts than DLT domains
• Smart contracts
• Smart contracts
• Governance &
• Functionality & Compliance
Compliance with • IAM & key mgt.
• Pre-implement. • Control Environm.
Regulatory Reqs • Secure coding
• Governance • Risk Assessment
Focus areas • System Ops • Network/Consensus
• Development • Control Activities
(with criteria/ See next page See next section • Organiz. & Mgt. • Metrics Various
• Security • Information &
requirements) • Communication • Data integrity
• Transactions Communication
• Risk Mgt & ToD • Vendor Mgt
• Consensus • Monitoring Activit.
• ITGC / SOC areas • Transactions
• Privacy • Ops & systems
• Maintenance
Separate Excel for Part of broader set of Based on work by The

Addresses DLT case Partly based on local Maturity Model
Other aspects specifying adjusted/ Blockchain/DLT Depository Trust & 24
studies
© 2021 KPMG Advisory N.V., a Dutch member legislation
firm of the KPMG network of independent member firms affiliated with KPMG International Limited (“KPMG International”), an English entity. All rights reserved. (KPMG)
additional controls standards Clearing Corporation
NOREA Blockchain Control Framework
Governance domain
BUSINESS • Strategic objectives
GOVERNANCE • Governance & management
PROCESSES
• Legislation & regulation
INTEGRATED • Organisational setup
FRAMEWORK
Financial domain
• Financial-economic objectives
FINANCIAL- INFORMATION
Process domain
ECONOMIC FLOWS & IT • Business processes
• Social-organisational processes
• Marketing & Communication
IV-IT domain
• Data Management & data architecture
• Interconnectivity
• Data Privacy & Security
• Cryptographic key management
• Smart contracts
• Centralization & Collusion
• Interoperability & Integration
• Scalability & Continuity
• Platform standardisation & Migration
KPMG Blockchain/DLT Maturity Model
Consensus &
Compliance
Network
Third Party & Cryptographic

Governance 10 1 key management
9 2
Maturity Model
Scalability with Functional
& Continuity 8 3 Requirements
Risk Domains
7 4
6 5
Interoperability Smart contracts
& integration
Centralization Data
& Collusion management
& privacy
KPMG Blockchain/DLT building blocks & focus areas
1. Consensus
mechanism & network 2. Cryptography 3. Chain permissions 4. Use case relevance 5. Data management
management & tokenization management & privacy & applicability & segregation
— Leased Proof of — Appropriate — Data structures — Assessment of use — Data immutability

Importance implementation of — The ‘right to be case relevance — Data structures
— Private chain’s reliance ED25519 function forgotten’ — Selection of blockchain — Private storage service
on public blockchain — Computation & — GDPR framework
consensus management of — Envelope purpose
— Identity management — Blockchain knowledge (verifying received
— Live contracts cryptographic keys availability data)
— Network uptime — Hash-linking
— Envelope hashing
— Conflict resolution — Block configuration
9. Business
7. Input 8. Scalability continuity & disaster 10. Governance, risk
6. Chain defense
& integration & performance recovery & compliance
— Network fragmentation — Integration / interface — Scalability — Business continuity — Definition of roles and
(node centralization) with end user systems — System failure or plans responsibilities
— Network threat (API configuration) downtime — Key recovery — Hard fork governance
monitoring — Data input — Adding extra nodes implementations — Network governance
— Source code analysis — Predefined transaction — Identification of
— Network vulnerabilities types on public concentration risk
as defined in Technical blockchain scenarios
Paper
Agenda
 Introduction
 ISO standard
 Case studies
 Q&A
The world of standardization
CEN-CLC/JTC 19
Blockchain and Distributed ISO/TC 307
Ledger Technologies Blockchain and
distributed
ledger technologies
Contact your local standardization NEN Standardization committee

body for their activities on 380307
Blockchain and DLT Blockchain and Distributed
via the ISO website Ledger Technologies
Published Standards
Influencing the contents of standards
Check out relevant

ISO standards under development
Influencing the contents of standards
• Participate in ISO working groups through a local standardization committee via
your national standardization body
• Dutch organizations can participate via NEN.
• Influence standards under development.
• Write parts of new standards
• Comment
• Vote
• Share knowledge with other committee members.
Focus Areas in DLT Systems Audit in other Global Forums
At a high level, the following areas remain the focal points for DLT Audit in global forums other than ISO
**Providing assurance on the DLT technologies (ITUT)
ITUT DLT Audit Focus Areas Roles are designed and enforced as required by regulation;
• Providing assurance on the DLT
technologies • An appropriate governance has been put in place, which defines how the DLT solution
must operate, how to identify, monitor and react to risks and how to manage changes and
• Audit of related off chain corrections in a decentralized environment;
components • Development, tests and deployments take into consideration the specific risk of the DLT
• Auditing transactions on DLT technologies, in particular:
• Providing assurance on the DLT

i) Direct technological risks: i.e., used keys properties, cryptographic techniques,
technologies** data structures, sidechains, wallet, consensus mechanisms, etc.;
• Security Aspects
ii) Usage of technologies in the solution: i.e., handling keys/devices, granting and
• Environmental Aspects revoking key holders, key backups, wallet management, signing transactions, etc.;
iii) Design, approval, testing, and management of smart contracts; iv) Security of the
network.
Source “Technical Report FG DLT D5.1 Outlook on distributed ledger technologies”
Introduction to AHG02 – Guidelines for auditing DLT-based
platforms (1/2)
Establishing focus areas for securing DLT platforms
This document provides frameworks and
Keeping in mind risks associated with blockchain platforms and evolving attack
guidance on domains and areas which
vector with this emerging technology, we’ll be reviewing in-place controls and
should be considered while performing DLTs across following domains:
audit procedures for DLT systems.
• Pre-implementation: Suitability of DLT platform for the selected use case, architecture
These guidelines are developed with the review
objectives of aiding auditors involved in the
audit of DLT systems (both public and • Implementation & Development – Security by design, vulnerable source code, weak
private ) that describes in the series of endpoints
ISO/TC 307 standards.
• Key ownership and management - Secure storage, maintenance, review and
This guidance is applicable to an array of governance of cryptographic private keys used for authentication and validation by
organizations and is not bound by type or nodes.
size.
• Interoperability & Integration - Consistent communication between multiple
This document will cover the following blockchain platforms and integration with organizations’ enterprise and legacy systems.
types of audits (based on ISO 19011:2018):
• Consensus Mechanism - Blocks in the chain are validated by nodes to maintain a
• Internal Audit single version of the truth to keep adversaries from derailing the system and forking the
chain.
• External Audit
• Third party Audits (Audit of vendors, • Heterogenous regulatory compliance - Compliance with laws and regulations across
various country and state legislations that will govern information and transactions
third and fourth parties) processed.
• Access & permissions management - Permissions configured for defined roles for
access, validation and authorization of blockchain transactions by internal and external
participants.
Introduction to AHG02 – Guidelines for auditing DLT-based
platforms (2/2)
• Infrastructure & application management – Secure software development practices and testing of blockchain applications, platform,
infrastructure and communication interfaces.
• Network & node governance – Monitoring of network for information compliance and node reputation checks to handle and resolve
disputes.
• Smart contracts – The enterprise supports secure coding practices for blockchain source code (e.g., smart contracts or chaincode) to
mitigate information security risk proactively. Smart contracts automate the business logic execution over the DLT.
• Network-Vulnerability Management – The enterprise effectively manages blockchain network vulnerabilities through monitoring,
remediation actions and communication to relevant stakeholders.
• Endpoint Security – End user devices using the blockchain solution are properly managed by the enterprise (i.e., the end users’ devices
are tracked, hardened and addressed if compromised).
• Vendor Due Diligence – Due diligence for vendors/suppliers/contractors administrative and operational processes to ensure ongoing
alignment between the enterprise’s strategic objectives and DLT solutions.
• Business Continuity and Disaster Recovery – Private or permissioned DLT has both centralized and decentralized components, there
needs to be a concrete understanding of what will happen, should these components be affected by any potential factors.
• Transactions – Validate transactions and monitoring mechanism in place
Agenda
 Introduction
 ISO standard
 Case studies
 Q&A
Companies need to integrate with ERP systems
1 2
SAP 1
S/4HANA Initiate transaction (create Post & record transaction
Factory 2
purchase order in SAP to the network 1
S/4HANA
1
4 3
3
Validate via consensus Broadcast to relevant
and confirm participants
4
5 6 Consensus mechanism
applied
Transaction “inherits” part Transaction is recorded as
of the key from the a new, unalterable block 6
previous transaction on the chain

5
Blocks
8 7
SAP
S/4HANA
Supplier S/4HANA Sales Order API Service is An event is created for each new
triggered to create a sales order in the purchase order which is recorded in a
Supplier’s ERP system. block.
ERP Blockchain Process Integration (1/2)
Error log Monitoring Integration

builder
ERP Blockchain
1 Accelerate your ERP blockchain integration

2 Monitor your data & extract real time insights ?
3 Scale up your current business network
ERP Blockchain Process Integration (2/2)
Hyperledger
Ethereum Multichain Corda
Fabric
ERP Blockchain
Process
Integrator
Other ERPSolutions
Other ERP solutions
About the project
• This demo shows how SAP S/4HANA can be integrated with blockchain technology. The aim is to investigate the technical setup of a blockchain in an ERP
scenario.
• Blockchain is used as a data interface layer between ERP systems. The program on the blockchain manages sales orders in the Supplier’s system triggered by
the creation of purchase orders in the Factory’s system.
• This demo does not focus on creating a business case for applying blockchain to integrate P2P and O2C processes, but it shows how to integrate a blockchain
platform with transactional data in SAP.
Purchasing company on premise P2P
Purchaseprocess
Goods Match Payment
Factory Order received Invoice approved
blockchain
database
Shared
Selling company on premise O2C process
Sales Payment
Sales Order Shipment
Supplier Invoice made
PO API SI API
ERP Blockchain Integration Demo
• The end user experience is a real-time connection with an external partner’s system. The blockchain runs on the background and does not change the user
experience compared to other real-time integration types.
• Before a sales order is created in the Supplier’s system, both entities run the same business logic to update the blockchain with new purchase order data.
• More complex business logic can be programmed in the chaincode program to apply relevant validations for shared transactional data, e.g. contractual
agreements, rebate calculations, compliancy checks.
“Just real-time
integration?”
“What’s new?”
A shared transaction registry is maintained based on business logic

agreed to by both members.
© 2021 KPMG Advisory N.V., a Dutch member firm of the KPMG network of independent member firms affiliated with KPMG International Limited (“KPMG International”), an EnglishSupplier
entity. All rights reserved. 43
Factory
Agenda
 Introduction
 ISO standard
 Case studies
 Q&A
Case Study #1: Projects beyond experimentation
2020 – A company of
2017 – Proof of Concept
Deutsche Post DHL Group – Link
Case Study #2: Decentralized Digital Passport platform
covering Industrial Equipment
Assistance Required for: Client Challenges: KPMG Approach:
1. Examining the risks and threats that are 1. Unique security risks introduced by 1. Performed information risk assessment for this
unique to blockchain implementation, blockchain technology private permissioned blockchain solution, in an agile
and then design and implement key 2. Regulatory and compliance method, including detailed technology risk
blockchain security controls, alongside requirements impacting blockchain assessment, interface assessment, cloud
business controls and conventional activities assessment, code scanning, VAPT, etc.
controls 3. Minimize the risk exposure due to the 2. Supported the team in designing the key blockchain
2. Build a blockchain security reference services used by third parties controls and provided assurance on control
framework that can be applied across 4. Client needed to ensure that the implementation
blockchain projects and solutions for information security controls are 3. Re-aligned the existing process and guidelines to
various industry use cases and designed adequately and implemented include blockchain security aspects and build a
deployments that span on-prem and effectively for this solution. reference architecture and security handrails for
Software as a Service (SaaS) business use.
environments.
Case Study #3: e-Voting/Virtual AGM solution
Distributed Ledger Technology based e-voting solution Implementation Strategy
KPMG has developed an e-Voting Solution based on Distributed Ledger Technology

(DLT) to execute end-to-end functionalities with respect to corporate events and e-
voting by shareholders (including minority shareholders) where all relevant Security Assessment of
entity
stakeholders are onboarded to our platform. Some key functionalities are:
• Initiate events
• Notify all stakeholders regarding announcement of events
• Use the DLT based e-voting solution to cast votes
• Report the results to issuers and regulators onboarded to the platform. Tailor fit
• Dashboards customized to provide results of voting sessions implementation of
tool
Stakeholders of the e-Voting Solution
Issuers Scrutinizer Proxy Advisors Regulators Shareholders Post Implementation

Support
DLT Based Tool for E-Voting
Highlights of e-Voting solution
Applicability to Organisations
• Track Internal Corporate Governance in organizations during
Annual General Meetings (AGM) or any important board
meetings
• Making unbiased decisions by the stakeholders of listed/

unlisted companies, trusts, HUFs, etc.
Features of Solution
• Solution is built on Hyperledger Fabric
• Nodes for issuers, intermediaries, shareholders, regulators
and asset managers
• It provides interoperability with existing blockchain platforms
• Dynamic onboarding of nodes with built in Identity and
Access Management
• Secure authentication and voting mechanism to track votes
casted by shareholders
• Reporting and reconciliation of votes submitted by
shareholders
Functionalities
Audio & Video Enablement with Q&A

Reporting and reconciliation of votes
section for conducting Virtual AGMs
submitted by shareholders
over the platform
Interoperability : Our platform supports Corporate Actions based on Smart

interoperability with existing blockchain Contracts : Real time transaction
platforms processing
Data & Analytics : Dashboard view of

E-Voting Services : Enables relevant previous meetings and responses to
parties to create, broadcast, execute and make data driven decisions in future
report events with a voting session
Benefits to Stakeholders
Any questions?
Contact us for a demo or questions
Koen Revet Useful links:
T: +316 2292 8127
E: revet.koen@kpmg.nl ERP & Blockchain article:
https://www.compact.nl/articles/start-small-think-big
DLT in supply chains:

https://www.compact.nl/articles/enhancing-due-diligence-in-supply-chain-management/
Siddharth Durbha
E: siddharthdurbha@kpmg.com Case study & video:
https://home.kpmg/au/en/home/services/blockchain-services/blockchain-platform.html
NOREA: Blockchain & Assurance:

https://www.norea.nl/download/?id=6535
Ronald Koorn Blockchain & Information Risk Management:

T: +316 2292 8127 https://www.compact.nl/articles/how-will-blockchain-impact-an-information-risk-
E: koorn.ronald@kpmg.nl management-approach/
Securing the chain:

https://assets.kpmg/content/dam/kpmg/xx/pdf/2017/05/securing-the-chain.pdf
Visit KPMG ERP & Blockchain Realizing Blockchain’s potential:
https://home.kpmg/content/dam/kpmg/co/pdf/2018/09/kpmg-realizing-blockchains-
potential.pdf

Blockchain ERP Integration and ISO Standard

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Blockchain ERP Integration and ISO Standard

Uploaded by

Copyright:

Available Formats

Blockchain / DLT:

ISACA NL Square Table

Koen Revet, Siddharth Durbha & Ronald Koorn

Koen Revet Siddharth Durbha Ronald Koorn

Manager Associate Director Risk Consulting Partner

 Crash course Blockchain/DLT concepts (optional)

 Blockchain (Control) Frameworks

 ERP Integration demo

Value transfer via without a trusted

validated by nodes completely

Source: KPMG Research

Databases DB Clusters Cloud Storage Distributed Encrypted

Source: KPMG Research

Initiate Post & record transaction to the

not necessarily financial)

Validate via consensus and Broadcast to relevant participants

5 6 Consensus mechanism applied

Transaction “inherits” part of the Transaction is recorded as a

Enable trust Streamlined data Immutability Transparency

 Crash course Blockchain/DLT concepts

 Blockchain (Control) Frameworks

 ERP Integration demo

Managing cross border Uncontrolled changes, majority

API risks with legacy and enterprise systems

Design robust consensus validation rules &

Strength of he encryption protocols

Ecosystem/Third party risks

Extent of reliance on Untested code risks

Audit program to evaluate cybersecurity risk management

Encryption of data including while in transit or in Smart contracts code review

Secure APIs Incident response plans that address critical

And why not apply a framework?

Code type Open-source Open-source Open-source Open-source Open-source Open-source

Cryptocurrency None None Aircoin Bitshares None None

Language Rust Python JavaScript C++ Kotlin, Java C++

Exonum Hyperledger Openchain Graphene Corda MultiChain

Source: Top 6 Blockchain Frameworks to Build Your App, https://rubygarage.org/blog/best-blockchain-frameworks 22

 Others (see next)

1. Blockchain Frame- • CPA Canada

ISACA HQ Malta Digital Innovation

Language English Dutch English English English English English

1. Controls & Security Control & Audit Security, Governance

Separate Excel for Part of broader set of Based on work by The

Third Party & Cryptographic

— Leased Proof of — Appropriate — Data structures — Assessment of use — Data immutability

 Crash course Blockchain/DLT concepts

 Blockchain (Control) Frameworks

 ERP Integration demo

Contact your local standardization NEN Standardization committee

Check out relevant

• Share knowledge with other committee members.

**Providing assurance on the DLT technologies (ITUT)

• Providing assurance on the DLT

Source “Technical Report FG DLT D5.1 Outlook on distributed ledger technologies”

• Transactions – Validate transactions and monitoring mechanism in place

 Crash course Blockchain/DLT concepts

 Blockchain (Control) Frameworks

 ERP Integration demo

purchase order in SAP to the network 1

previous transaction on the chain

Error log Monitoring Integration

1 Accelerate your ERP blockchain integration

A shared transaction registry is maintained based on business logic