This major California utility company is the nation's largest irrigation district. Operating for almost 100 years, it staffs 1,400 employees and offers water and power to 138,000 residential, commercial and industrial customers. But last year, this district faced a big problem, one that drained resources and choked the flow of information.
The company's SAP system had been in place for seven years, running financial, HR and other core processes. But it wasn't optimized. It lacked appropriate user authentication. There was no standardized method to ensure that 1,400 users could access systems they needed and could not access other systems. When internal auditors required compliance verification, the small IT staff had to do time-consuming, manual-labor-intensive steps. This unwieldy reporting process wasted time and money and strained professional relationships.
"Our customer service was never affected by our IT issues," said Frank Hernandez, supervisor, Corporate Infrastructure Engineering. "But we knew we needed a better system."
It's not a publicly traded company and therefore not subject to Sarbanes-Oxley rules. But it is committed to best practices in compliance, so Hernandez went looking for a tool to help.
In February 2007 it found one. After discovering it at the SAP SAPPHIRE event, company executives selected and deployed Security Weaver. It took just one day to install and offered immediate results.
Security Weaver provides real-time access monitoring. It gives the company a standardized system to manage segregation of duties. It enables staff to generate reports ad-hoc and at regular intervals to meet auditing needs. Overall, IT maintenance and support is more efficient.
The cumbersome reporting process has been replaced by a modern, best practices-based system. "In the past we downloaded data into Excel files and handed them over to our internal auditors. The auditors had no guarantee that the data wasn't manipulated," Hernandez said. "With Security Weaver, auditors see reports generated in real time, directly from SAP. They know the data is timely and accurate."
Best practices policies have also been codified. Security Weaver allowed the company to establish corporate policies for data access. And it serves as a tool to enforce them. Hernandez notes yet another important and positive result. "Thanks to Security Weaver the professional relationship between our auditors and IT team is much better. Everyone is less stressed." It's a result any company would relish.
Security Weaver enables compliance with Sarbanes-Oxley and other regulations via simplified and standardized audit control processes.
Security Weaver requires no additional hardware and does not impact IT system performance.
Security Weaver is easy to install and configure. Support is provided 24/7 and consultants are rarely needed.
Security Weaver has intuitive user interfaces and easy navigation.
Security Weaver automates reporting and documentation.
Security Weaver protects security definitions and tracks changes to segregation of duties. It offers a precise and comprehensive audit trail.