How to modernize your SAP Access Control rule set and mitigating control library

Being on the “latest and greatest” version of the GRC technology does not always mean that your GRC rule set or mitigations are current and accurate for your business. How can you be sure that your controls and processes are up to date, accurate, and reflective of compliance standards?

In this session we will explore the wonderful world of Segregation of Duty rule sets and mitigating control and the process customers need to follow, providing insight into what determines the quality and accuracy of your current rule set and mitigations, how to leverage SAP functionality and standard delivered rule set content to stay current, and how to proactively plan for changes and upgrades to rules and mitigations for the future. By attending, you will:

- Explore mitigating control standards, processes, and content requirements that auditors look for, including best practices around mitigation documentation, ownership and accountability, and compensating control monitoring standards that need to exist to qualify for a “Good Mitigation Control”
- Examine the functionality in SAP GRC 12.0 and SAP Cloud Identity Access Governance (IAG) that can be used to assist in rule set and mitigation change control and long-term maintenance
- Learn how to establish “proactive” processes to ensure your rule set and mitigation controls stay current to ensure quality in your company’s SoD monitoring standards