Scope of Work

SAP GRC Access Control 12.0/10.0

 Sub Modules:

1. Access Risk Management (ARA)

2. Access Request Management (ARM)
3. Business Role Management (BRM)
4. Emergency Access Management (EAM)

In - Scope
 End-to-end management of project and its deliverables

 Analyze requirement of Access Control in detail and create As-Is documents.

 Enabling versions & Revision of controls.

 Enabling Security status control.

 Design and development

 Configurations

 Link documents to SAP T

 Define authorization controls for each user groups as per the required process controls

 Unit Test the process and workflow

 Delivery user manual documents

 Integration testing and UAT

 Final preparations.

 Go-live.

 Post go-live support.

 Project Closure.
Configurations

Basic configurations (post installation steps)

 Basic configuration
 Create connector
 Create connector group
 Configuration settings
 Configuration parameters
 Action type configurations

Synchronization of jobs meaning and purpose

 Authorization sync
 Repository object sync
 Action uses sync
 Role uses sync
 FFID log sync
 FFID Master data sync

Sub-module specific configurations:

 Access Risk management

 Configuration of Access Risk Management

 Global SOD Matrix – Risk Rules
 Critical action (Transaction code) rule
 Critical permission rule
 Critical role/Profile rule definition
 SOD Review
 Risk analysis User/Role/Profile
 Mitigation Process
 Remediation Process
 Customization of Access Risk Management reports
 Review the Risk Analysis Reports
 Business Process Owners / SOX Controllers /SOX Audits
 Rulesets

 Access Request Management

 Define the Workflows for Access Request

 Define the Agents / Process /Rule ID’s
 Standard Configuration / MSMP Workflows
 Customization of Access Request Management
 Business Process / Sub-Process /Functional Area / Roles /Role Owners
 BRF+ and MSMP configuration with standard and customized workflow
 Define the Workflows for Access Request
 Define the Agents / Process /Rule ID’s tion / MSMP Workflows
 Customization of Access Request Management Process /Functional Area / Roles /Role
Owners g. Provisioning settings
 Activation of workflow
 User personalization

 Business Role Management

 Define role naming conventions

  Define different Methodology for different types of roles
 Define the Workflow for Role Maintenance
 Business Process / Sub-Process /Functional Area / Roles /Role Owners
 Single role creation
 Composite role creation
 Master – derived role creation using GRC - BRM
 Customization of Business Role Management
 Workflow for role methodology
 Concept of business role
 Creation of business role
 Role upload

 Emergency Access Management

1.Centralized FFID

 Configuration of Emergency Access Management

 Define the FF ID, FF Owner, FF Controller
 Define the Workflow for Super User Access
 Configure Log Reports e. FFID reports

2. Decentralized Approach

 Configuration of Emergency Access Management

 Define the FF ID, FF Owner, FF Controller
 Define the Workflow for Super User Access
 Configure Log Reports e. FFID reports
 Reports:

1. Risk Terminator Log Report

2. Transaction Log and Session Details Report
3. SoD Conflict Report for Firefighter IDs & Review History Report
4. Reason Code and Activity Report
5. Invalid Emergency Access Report
6. Firefighter Log Summary Report
7. Consolidated Log Report
8. Emergency Access Management Reports
9. List Permissions/ Actions in Roles but Not in Rules Report
10. Embedded Action Calls in Programs of SAP Systems Report
11. Change Log Report
12. Audit Reports
13. List Expired and Expiring Roles for Users Report
14. Action Usage by User, Role, and Profile Report
15. Security Reports
16. Role by Date of Generation Report
17. Master to Derived Role Relationship Report
18. List of Actions in Roles Report
19. Compare User Roles Report
20. Compare Action in Menu and Authorization Report
21. Role Management Reports
22. Service Level for Requests Report
23. Requests with Conflicts and Mitigations Report