Comprehensive White Papers
Minimizing the Cost and Complexity of Sarbanes-Oxley Compliance
Join our mailing list
Enter your e-mail address to receive product updates and news:

11.13.08
The NBC television affiliate station in San Diego has aired an exclusive interview with Security Weaver
Mr. Hirsch is interviewed by reporter Greg Bledsoe on Security Weaver's amazing success... Read more
11.3.08
Security Weaver Opens Training Center in Downtown San Diego, California
The new training center is located in downtown San Diego and has ocean and bay views. Read more
10.15.08
Security Weaver Appoints Chief Operating Officer for India Operations
Responsible for all functions at Security Weaver India including research and development, p Read more
Case Study: Imperial Irrigation District and Security Weaver
Security Weaver Eases User ID and Compliance Burdens, Helps IT Department Work Closely With Internal Auditor

  • Customer:
    Imperial Irrigation District

  • Customer Environment:
    SAP R/3 4.6C

  • Customer Challenge:
    Addressing user authorization and segregation of duties while establishing company policy


READ THE FULL CASE STUDY (PDF):
Imperial Irrigation District Case Study >>

Background:
Situated in the Imperial and Coachella valleys in Southern California, Imperial Irrigation District (IID) delivers water to over 138,000 residential, commercial and industrial customers. Established in 1911, IID is the nation's largest irrigation district and, with more than 1,400 employees, serves one of the fastest-growing regions in the West.

Challenge:
Since 1998 IID has been using SAP technology to manage the company's back office accounting processes. With over 1,400 users of SAP, the company's IT department regularly had to address user authentication issues such as: who could have access to the system, what transactions were they allowed access to, and what duties could they perform? In order to strike the balance between user needs and system access compliance requirements, the IT team would have to go through many steps to run user access reports. This process proved inefficient and very time-consuming.

"We have a small IT staff and so resources are very tight. But, when it came to security issues we knew that we needed to find a better solution," said Frank Hernandez, Supervisor, Corporate Infrastructure Engineering, Imperial Irrigation District.

Requirements:
As a California State Water District, IID does not need to comply with Sarbanes-Oxley regulations. However, IID believes in following best business practices to manage the company. Internal auditors repeatedly would ask the IT staff to generate reports manually to help examine user access to SAP and to make sure that the company was continuing to enforce proper controls. The need to run these types of detailed reports puts a tremendous strain on the IT staff, which in turn began to create tension between the IT staff and the internal auditors.

Benefits:
IID needed a solution that would address multiple issues:
  • Ensure access to SAP was consistent with individual job requirements

  • Manage segregation of duties

  • Ability to run automated reports to satisfy the needs of the internal auditors and IT
     
  • Utilize technology that was easy to install, use and manage to control costs

IID examined a wide variety of security solutions but found that most were either too expensive or too robust for their needs. At SAP's SAPPHIRE 2006 event, Hernandez was growing frustrated -- "I spoke with a number of security vendors but none were able to meet my needs. I met with Security Weaver and, not only did they have a solution that appeared to meet my needs, they said that they could get us up and running that day. That's all I needed to hear."

Feeling as though he'd found the best possible solution to tackle his needs, Hernandez installed Security Weaver in February 2007. Immediately he received the results he had been searching for.

  • "With our old reporting system we had to download data into Excel files and hand it over to our internal auditors, but our auditors were always afraid that the data could be manipulated. Now, with Security Weaver, the auditors can see the reports being generated in real-time, directly from SAP which means that the data is live and accurate."

  • "Now we have a tool in place that provides the auditors with the information they need and, more important, we were able to quickly and easily establish policies for accessing data."

  • "We have a much better relationship with our internal auditing team thanks to Security Weaver. The auditors establish the policies needed to run the company, and the IT team is now able to better enforce these policies quickly and easily."
Home Careers Site Map © 2004 Security Weaver