SAP access 2531



  • I have been out of IT auditing for a while (ex-CISA) and now work in accounting. Have you checked the SAP security guide on sapnet already? It contains useful recommendations how to secure your SAP system. If you can argue that you have done it the way that SAP itself recommends in the SAP security guide then you already have a strong point in your negotiations with your auditors.



  • dunno, how good SAP recommendation is when it comes to meeting an organization’s requirements.
    I guess their recommendations are high level and industry focussed, and hence maynot necessarily answer a business’s needs w.r.t audits.



  • Lots of factors weigh into how SAP security is designed, implemented, and administered. Usually, it comes down to: size of company, number of users, number of implementations, and corporate culture. But, typically companies will have a SAP security arm that assists process teams in designing and maintaining roles.



  • Sorry guys.
    My post was intended as an answer to a question by kames, which is now lower down in the forum under the thread SAP / DBA access (at least that’s what I remember.
    The SAP security guide provides good general advice how to secure an SAP system.


Log in to reply