Top Banner
‹#› 1 22 January 2015 BENIMBL.COM Simplifying your GRC 5.3 Migration Gary Prewett, Security and Compliance Practice Lead, NIMBL
28

Webinar - Simplifying your SAP GRC 5.3 Migration

Aug 09, 2015

Download

Technology

NIMBL
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Webinar - Simplifying your SAP GRC 5.3 Migration

‹#›1

22 January 2015BENIMBL.COM

Simplifying your GRC 5.3 MigrationGary Prewett, Security and Compliance Practice Lead, NIMBL

Page 2: Webinar - Simplifying your SAP GRC 5.3 Migration

‹#›2

our Curriculum vitae

2009 14x

1Year Founded

Supporting both the Fortune 500 and Midmarket

Growth since inception

SAP Specialized – No other ERP

5280Headquartered in the Mile-High City – Denver, Colorado

174+ Amazing Customers… and counting!!

100+

7+

Consultants Strong

Average years of SAP Expertise per consultant

15+Market Verticals Supported

98%Client

Satisfaction

2

Page 3: Webinar - Simplifying your SAP GRC 5.3 Migration

‹#›33

Our Services

Enhanced and consistent SAP User Experience across Computer, Tablet, and Smartphone.

Fiori

Denver-based SAP delivery for Break/Fix Enhancement, and Project.

SAP AMS

Harness the power of SAP HANA via Migration, Modeling, and Big Data.

hana

Empower your workforce and business via SAP mobilization.

Mobility

Leverage your existing SAP investment to achieve and maintain regulatory compliance

Regulatory Compliance

Run IT like a Factory thru Solution Manager’s ITIL ALM Product Suite.

Solution Manager

Classic Basis, TDMS, LVM, EHP, Netweaver, and landscape consulting.

ADMIN + INFRASTRUCTUREComprehensive SAP

risk management and mitigation via SAP toolset or pure consulting services.

SAP security

Delivery from idea thru hypercare whether laser-focused or complete project.

projects

Page 4: Webinar - Simplifying your SAP GRC 5.3 Migration

‹#›4

AGENDA

1

2

3

4

5

Key feature Enhancements in Access Control 10.1

Minimizing Risk with Landscape Design

Migrating Access Control 5.3 Master Data

Building your Business Case

Questions

Page 5: Webinar - Simplifying your SAP GRC 5.3 Migration

‹#›5

Feature Enhancements

Page 6: Webinar - Simplifying your SAP GRC 5.3 Migration

‹#›6

Access Control Terminology

Virsa GRC 5.2 GRC 5.3 Access Control 10.x

Compliance Calibrator CC RAR Access Risk Analysis (ARA)

Access Enforcer AE CUP Access Request Management (ARM)

Firefighter FF SUP Emergency Access Management (EAM)

Role Expert RE ERM Business Role Management (BRM)

Page 7: Webinar - Simplifying your SAP GRC 5.3 Migration

‹#›7

1 2

3 4

Key Feature Enhancements

Standardized Management on ABAPSimplified User Experience

Simplified Access Request Management Centralized EAM/Firefighter

•  BASIS - Simplified management: integration with change control; and transport management, troubleshooting, archival

•  Security - ABAP platform allows for more granular security access and support using tools you’re already familiar with

•  Applications are combined into the same interface. •  Focus is on combining potential investigation activity into

compliance reporting..•  Tight integration between AC applications, tight integration

with IDM, integration with process control and risk management

•  One central location for setting up EAM access•  One central location for requesting EAM privileges•  Workflow-based approvals allows for granular audit tracking•  One central location for EAM reporting that incorporates

investigations•  Simple SOD reporting on EAM/FF activity

•  Process to request user access is significantly streamlined•  Support for template based request creation for standard

user types (e.g., ESS users)•  Online password reset functionality easily configured•  Support for Fiori applications for mobile-based requests and

request tracking

Migrating to Access Control 10.1

Page 8: Webinar - Simplifying your SAP GRC 5.3 Migration

‹#›8

Activity Integrated Into SOD Detail Reports

Page 9: Webinar - Simplifying your SAP GRC 5.3 Migration

‹#›9

1 2

3 4

Key Feature Enhancements

Standardized Management on ABAPSimplified User Experience

Simplified Access Request Management Centralized EAM/Firefighter

•  BASIS - Simplified management: integration with change control; and transport management, troubleshooting, archival

•  Security - ABAP platform allows for more granular security access and support using tools you’re already familiar with

•  Applications are combined into the same interface. •  Focus is on combining potential investigation activity into

compliance reporting..•  Tight integration between AC applications, tight integration

with IDM, integration with process control and risk management

•  One central location for setting up EAM access•  One central location for requesting EAM privileges•  Workflow-based approvals allows for granular audit tracking•  One central location for EAM reporting that incorporates

investigations•  Simple SOD reporting on EAM/FF activity

•  Process to request user access is significantly streamlined•  Support for template based request creation for standard

user types (e.g., ESS users)•  Online password reset functionality easily configured•  Support for Fiori applications for mobile-based requests and

request tracking

Migrating to Access Control 10.1

Page 10: Webinar - Simplifying your SAP GRC 5.3 Migration

‹#›10

EAM Consolidated Log Report

Page 11: Webinar - Simplifying your SAP GRC 5.3 Migration

‹#›11

Landscape Recommendations

Page 12: Webinar - Simplifying your SAP GRC 5.3 Migration

‹#›12

Landscape Recommendations

Sign off for Access Control Master DataCompliance Reporting

User Migration Compliance Approval for New Rule Sets

How can I ensure my workflows trigger as needed? How can I make sure approval requirements from managers, role owners, and risk owners between 5.3 and 10.1 is consistent to head off potential audit findings?

How can I ensure that the transition from my existing 5.3 reports to my 10.1 reports doesn’t cause compliance concerns or findings?

How can I incorporate rule set changes from my existing system so that my internal audit and compliance teams are comfortable with the findings?

How can I ensure seamless transition for CUP and/or ERM without impacting the business?

Risk Considerations

Page 13: Webinar - Simplifying your SAP GRC 5.3 Migration

‹#›13

Example GRC 5.3 Landscape

CRM ProdCRM ProdCRM Prod

CRM QACRM QACRM QA

CRM QACRM QACRM QA

ECC QA

ECC Prod

ECC DEV

GRC 5.3 Prod

GRC 5.3 QA

GRC 5.3 Dev

Page 14: Webinar - Simplifying your SAP GRC 5.3 Migration

‹#›14

Example Migration Landscape

CRM ProdCRM ProdCRM Prod

CRM QACRM QACRM QA

CRM QACRM QACRM QA

ECC QA

ECC Prod

ECC DEV

GRC 5.3 Prod

GRC 5.3 QA

GRC 5.3 Dev

AC 10.1 Dev

Page 15: Webinar - Simplifying your SAP GRC 5.3 Migration

‹#›15

Managing Plugin (GRCPINW) coexistence

ECC DEV GRCPINW

•  You can absolutely run compatible plugins for GRC 5.3, 10.0 and 10.1 systems

•  Support for a variety of NW versions•  Note GRC 10.1 is compatible with

GRCPINW 700, 710, 720, and 730•  Key Notes:

•  1590030 – GRC 10.0, 10.1 and AC 5.3 coexistence

•  1680268 – Compatibility of Access Control Packages

Page 16: Webinar - Simplifying your SAP GRC 5.3 Migration

‹#›16

Finalized Migration Landscape

CRM ProdCRM ProdCRM Prod

CRM QACRM QACRM QA

CRM QACRM QACRM QA

ECC QA

ECC Prod

ECC DEV

GRC 5.3 Prod

GRC 5.3 QA

GRC 5.3 Dev

AC 10.1 Dev

AC 10.1 QA

AC 10.1 PROD

Page 17: Webinar - Simplifying your SAP GRC 5.3 Migration

‹#›17

Landscape After Cutting Over to AC 10.1

CRM ProdCRM ProdCRM Prod

CRM QACRM QACRM QA

CRM QACRM QACRM QA

ECC QA

ECC Prod

ECC DEV

GRC 5.3 Prod

GRC 5.3 QA

GRC 5.3 Dev

AC 10.1 Dev

AC 10.1 QA

AC 10.1 PROD

Page 18: Webinar - Simplifying your SAP GRC 5.3 Migration

‹#›18

Mid to Long-Term Landscape

CRM ProdCRM ProdCRM Prod

CRM QACRM QACRM QA

CRM QACRM QACRM QA

ECC QA

ECC Prod

ECC DEV

GRC 5.3 Prod

AC 10.1 Dev

AC 10.1 QA

AC 10.1 PROD

Page 19: Webinar - Simplifying your SAP GRC 5.3 Migration

‹#›19

Migrating Master Data

Page 20: Webinar - Simplifying your SAP GRC 5.3 Migration

‹#›20

Migrating Data

GRC 5.3 Dev AC 10.1 Dev

•  Import common configuration•  Complete intra-migration tasks•  Import data into AC 10.1•  Complete post import tasks•  Validate data

•  Complete prerequisites•  Export FF data•  Export Config, Master and

Transactional Data to .CSV

Page 21: Webinar - Simplifying your SAP GRC 5.3 Migration

‹#›21

Importing Your Data

AC 10.1 Dev

•  Common configuration data•  RAR data – rule sets, risks, mitigation controls, org

rules, business unit data•  ERM repository data•  CUP repository data•  SPM data•  All are imported using tcode GRAC_DATA_MIGRATION

in your GRC 10.1 system.

http://service.sap.com/instguides > Analytics > Governance, Risk and Compliance > Access Control > Release 10.1

Page 22: Webinar - Simplifying your SAP GRC 5.3 Migration

‹#›22

Basic Approach to Migrating Data to Production

AC 10.1 Dev

AC 10.1 QA

AC 10.1 Prod

Flat Files

1

1.  Import GRC 5.3 data to DEV2.  Perform Post-import tasks (Transportable

Config)3.  Validate Data4.  Import GRC 5.3 data to QA5.  Import transports from DEV (for intra-migration

tasks)6.  Validate!7.  Import GRC 5.3 data to Production8.  Import transports9.  Validate

2

Flat Files

3

4

5

Flat Files

6

7

8

9

Page 23: Webinar - Simplifying your SAP GRC 5.3 Migration

‹#›23

Merging Rule Sets

Custom? GRC 5.3 Rule Set

SAP-Delivered 10.1 Rule

Set

2013 and 2014 Rule

Set Updates

Custom10.1 Rule

Set

Basic Strategies for merging rule sets•  Manually Merge in 10.1•  Manually Merge in 5.3 and Export•  Export from GRC 5.3, and update .CSV files with

merged data

Delta Rule Set Update Notes:•  1809810: GRC - Access Control - Access Risk Management Rule Update Q4, 2012•  1960531: GRC - Access Control - Access Risk Management Rule Update Q4, 2013•  Look for 2014 updates in Q1/Q2!

Blog on Merging Rule Sets:http://scn.sap.com/community/grc/blog/2014/04/21/download-modify-and-upload-the-access-risk-analysis-rule-set-in-sap-access-control-10x

Page 24: Webinar - Simplifying your SAP GRC 5.3 Migration

‹#›24

Workflow Migration

•  export your existing data from 5.3•  import using transaction GRAC_WF_MIG

in your Access Control 10.1 system. •  May need to spend some time working

on or recreating initiators•  You have SAP-delivered workflows you

can use for reference if needed

SAP’s “Migration Guide SAP Access Control from 3.0/5.3 to 10.1” in the INSTGUIDES hotlink outlines these steps in detail.

Page 25: Webinar - Simplifying your SAP GRC 5.3 Migration

‹#›25

Building your Business Case

Page 26: Webinar - Simplifying your SAP GRC 5.3 Migration

‹#›26

Key Benefits to Migrating to 10.1 Include:§  No need to purchase extended support for 5.3

§  De facto support has ended (customers opening notes are being told to migrate to 10.1 now)

§  Centralized EAM and ARM simplifies end user support§  Mobile device support via SAP-delivered Fiori Apps

§  Audit compliance is significantly easier§  Reduced time to investigate findings

§  More granular audit tracking

§  SOD reports against EAM activity reduce significant risk with 5.3 SUP/FF

§  Improved Organizational flexibility; Significantly better integration with:§  Identity Management

§  Other GRC Applications within the Suite

§  Password Reset Management can significantly reduce Level 1 support time

Building Your Business Case

Page 27: Webinar - Simplifying your SAP GRC 5.3 Migration

‹#›27

Effort to Migrate to 10.1§  2 weeks of BASIS Time to Stand up new Landscape§  4-6 Weeks of Configuration Time for Access Control

§  Requirements gathering§  Data Migration from 5.3 Landscape§  10.1 Configuration

§  Additional Time for:§  Change Control for 10.1 go-live§  Internal Audit Sign-off on Rule Set and Access Control Reports

§  Training§  Fiori Application Configuration

What you can expect

Page 28: Webinar - Simplifying your SAP GRC 5.3 Migration

‹#›28

ConnectGary Prewett

[email protected] 970.372.9719www.linkedin.com/in/

garyprewett