For the Vice President of Financial Systems for a Fortune 100 Insurance Company, the decision to implement an SAP compliance and reporting solution was initiated as a result of Sarbanes-Oxley (SOX).
According to the VP of Financial Systems, “As we considered the implications of SOX, and the sensitivity of the information in our SAP environment, we realized that as a company we needed to have complete visibility into user access to SAP. In order to provide that visibility we decided that we needed senior management to review and approve all SAP user access with a focus on segregation of duties (SODs) and sensitive transaction access (STAs). We knew that to do this effectively we needed a solution that integrated with our existing SAP environment and was both cost effective, easy to implement and use. It was also clear that, due to the complexity of their production environment with over 6,500 users, manually performing this function or building an in-house custom solution was not a viable long-term solution.”
The desire to implement a cost effective solution that was easy to implement and use was a paramount consideration throughout the evaluation process. Additionally, according to the VP of Financial Systems, “Another key criterion was a solution that integrated directly with SAP. We were not interested in implementing a complex addition to our infrastructure just to host a compliance solution”. Many of Security Weaver’s competitors require separate hardware, operating systems and databases in order to implement their solutions. With Security Weaver, the fact that it is installed as a simple SAP transport and logically acts as a custom transaction code within SAP was a substantial plus for the Security Weaver solution
With approximately 6,500 users in their SAP environment, compliance is a daily challenge and with SOX to be continually in compliance is imperative. According to the VP of Financial Systems, “Another key consideration was application engineering and design. We could not afford to implement a solution that was not capable of keeping our SAP compliance in real-time. We needed a solution that was capable of analyzing vast amounts of data in minutes while providing clear and concise reporting. Because of its efficient design, Security Weaver was able to quickly evaluate the roles of over their 6500 SAP users against the approximately 44,000 unique SAP transaction codes in minutes. This is in contrast to alternative solutions which would take any where from several hours or in some cases several days to complete a similar task. “Security Weaver was the clear choice from a total cost of ownership perspective. We knew Security Weaver could provide a cost-effective solution that was easy to implement and use.”
Security Weaver was the clear choice from a total cost of ownership perspective. We knew Security Weaver could provide a cost-effective solution that was easy to implement and use.
Now that the Security Weaver solution has been in place for approximately two years, the VP of Financial Systems is convinced that the decision to go with this solution was the best choice for his organization. He has experienced the benefits of Security Weaver in three distinct ways, and summarizes them as follows:
"Security Weaver monitors SODs on a real time basis. If we change a user's role, we can use the software to immediately review any potential conflicts or ramifications of that decision as needed to ensure we are continually in compliance."
"Not only was Security Weaver the best choice from a functional perspective, but also from a total cost of ownership perspective, taking into consideration all the related costs of adding this into our SAP infrastructure. The software has minimized the cost of compliance and allowed us to focus our energies on initiatives that are strategic rather than compliance related."
"Security Weaver understands the complexities and details associated with the SAP security model. It provides the critical information at all levels of the organization to ensure compliance. From the CFO to a mid-level manager or a systems administrator who can review SAP compliance issues in detail, Security Weaver allows us to easily understand and resolve our SAP SOD and STA issues in real-time while providing informative reports with relevant information for senior management so that we can remain fully compliant."