Access governance has become an essential part of enterprise security with the growing awareness of sensitivity to insider threats and increasing requirements for regulatory compliance. Getting better insight into who has access to key data sources and how, has grown into a high priority for all types of organizations.

Since 1997, axl & trax has been helping organizations improve SAP user security and establish good practices in user role architectures and access risk management. Expert-knowledge, experience, a sound and pragmatic methodology as well as purpose-made tools form the success factor of this service.

AXT Process Flow 2014 EN v8

 

ServicePortfolio Access v4 EN 20160226

Some of our Services include

  • All
  • Access
  • Advisory
  • Audit
  • Concept
  • Data Security
  • Process
  • Ruleset
  • SAP License
  • SAP Security
  • SoD
  • Authorization Concept Review

    Authorization Concept Review

    Authorization concept review reveals weaknesses in the designed role model as well as in the implemented roles and user assignments. The resulting reports provide with clear insight into role inconsistencies, access risk-related exposure and statistical reporting to indicate the areas of improvement.
    • Audit
    • Concept
  • Segregation of Duties

    Segregation of Duties

    Segregation of Duties is considered a key control to prevent risk of error or fraud. Our experts can review your system to identify users or roles that combine critical combinations of access rights. The identified conflicts are assessed together with other mitigating controls in place or reported “as-is”, to decide on in terms of exposure and acceptability. We can also review or tailor your SoD ruleset, or establish a state of the art SoD set for your access review tool.
    • Audit
    • SoD
  • User Access Audits

    User Access Audits

    User access audits allow to identify gaps between desired state and actual state (“soll” vs. “ist”) and can help with identifying the excessive access rights granted to users by comparing user access rights with usage statistics.
    • Access
    • Audit
  • License Optimization

    License Optimization

    License optimization services offer the opportunity to assess whether an organization is in control over its purchased licenses and their use within SAP. The license optimization helps with mapping the allocated user license types with granted access rights and actual use of transaction codes. This can be used to change the user license allocation and thereby reflect SAP system usage reality and/or reduce the yearly payable license fees.
    • Audit
    • SAP License
  • Security Governance

    Security Governance

    Security Governance focuses on healthy and good practices in the domain of security management at strategic and tactical level. Equipped with in-depth knowledge of today’s successful practices in the market as well as the commonly accepted best practices like ISO2700x and COBiT, specialists of axl & trax assess current company posture and discuss potential areas of improvement. axl & trax gives advice on how to gradually grow SAP security governance to the next maturity level.
    • Audit
    • SAP Security
  • Process Cycle Control

    Process Cycle Control

    Process Cycle Control makes an in-depth inventory of the business controls in place to reduce risk exposure of a particular SAP business process. axl & trax establishes an overview of the process and the specific risks in the process implementation. Based on this, an assessment is made of the defined and implemented controls (programmed, configurable, procedural or manual) to verify whether the risk is properly addressed.
    • Audit
    • Process
  • Quality Assurance and Coaching

    Quality Assurance and Coaching

    It has become clear that even experienced security staff members need specialist advice on specific security issues, a peer helping to keep the quality levels high or on how to deal with new features or specific issues in SAP. Involving axl & trax as a coach or quality assurance staff member allows any company to benefit from the exposure and strong experience of the axl & trax experts while staying in charge of the SAP security process.
    • Advisory
  • Security Administration

    Security Administration

    axl & trax helps companies with administering and maintaining their SAP security on a day-to-day basis or for a short period in time e.g. when in-house administrators are ill or on vacation. Onsite, remote or on-call activities can be organized to ensure appropriate level of flexibility to meet your support needs.
    • SAP Security
  • GRC ruleset Review & Tailoring

    GRC ruleset Review & Tailoring

    • Audit
    • Ruleset
  • Data Masking

    Data Masking

    In addition to providing an extendable set of masking rules that can be applied to SAP clients, axl & trax uses Data Secure to provide for masking or scrambling of sensitive data. This ensures that copied SAP clients are secured in accordance with global security regulations.
    • Data Security
  • SAP HANA

    SAP HANA

    SAP runs more and more products on the SAP HANA platform. This platform requires a specific implementation of security since this is far more than just a database. axl & trax developed a methodology on implementing authorizations in an HANA system based on the RBAC model. From expert advice on how to set up your security design to implementing the applicable model, a HANA system has no security related surprises for our experts.
    • Audit
    • Concept
  • SoD-free SAP single roles

    SoD-free SAP single roles

    axl & trax' RBAC Concept is a set of pre-defined SOD-free single roles covering the entire SAP process. It is set-up in respect to access governance best practices and segregation of duties rules to allow transparency, easy maintenance and roll-out - (re-)design of the SAP Authorizations. Its strong business focus makes it understandable and transparent to any stakeholder to ensure a compliant provisioning / approval process. The concept is shipped together with an enhancement set of the SU24 SAP tables, which makes the link between SAP transaction codes and authorizations objects.
    • Concept
    • SoD
© 2024 axl & trax, all rights reserved - GTC Belgium - GTC The Netherlands - Cookies