We found that there are many changes going on that are not documented and yet have an impact to your operations (the benefits of new functionality), but also new risks that are introduced.
What kind of risks? Here are some highlights of an evaluation we conducted, consider how these changes may impact your organization:
* Over 130 new Privileges.
* Over 200 Privilege to Role assignments, including existing/older privileges newly assigned.
* Over 120 Role to Role assignments, including new Roles being assigned to new Roles and new Roles being assigned to existing Roles.
* Over 50 new Data Security Policies which control the data that users have access to.
* Over 100 new Profile Options that help configure the application and its transactions.
For areas such as Segregation of Duties and Sensitive Access these changes have had an impact, with new risks being introduced. One Role has access to over 40 different sensitive access risks.
Getting into the details of each application release is crucial, under the release notes you will find that changes to roles , the permissions/privileges and other settings can have a real impact on your operations and security.
Its not just the delivered changes you need to worry about, how are changes being made by your staff impacting your applications?
With the ever changing Cloud applications you have, the combination of your changes and changes by the vendor should be evaluated through change control.
Seecuring has helped many organizations achieve greater assurance over their Applications and Services.
Segregation of Duties
Sensitive Access
User Access Reviews
Patch Impact Analysis & Configuration Changes
We have been working with ERP/HCM Applications since the early 2000's, and work with leading CPA's, Audit staff and Application specialists to deliver a complete solution.
Before you invest in expensive Software, why not look at GRC as a Service? Faster delivery, lower cost, and more than just reports on your issues - we help Organizations achieve their goals for Internal Controls.
To discuss your requirements, you can schedule a call with us: