The SAP System has lots of coverage devices and also ABAP/4 programs that offer comprehensive examination and also tracking of SAP protection arrangement for SAP Audit Conformity. The tracking records can be implemented by means of 2 approaches, carrying out the real program utilizing deals SE38, SA38 or SUIM (Database Details System).
Goal: For every system, examine the crucial protection associated system account specifications.
Record: RSPARAM Regularity: Regular Monthly
The criterion worths must be set up according to the advised by the SAP Protection Management Standard procedure created by the firm. In addition, these specifications must be regularly established for all SAP systems.
Goal: Make sure protection accessibility is appropriately limited to Safety and security Staff member as specified in Treatments and also plans.
Record: RSUSR040 Regularity: Bi-weekly
Evaluation the individuals that have accessibility to the consent items S_USER_GRP, S_USER_AUT and also S_USER_PRO. Accessibility to these items must be restricted to the Basis and also Protection Management Teams. The Basis Group must just have display screen accessibility and also the capability to reset passwords for all individual teams other than SUPER and also Safety and security. This accessibility allows the individuals’ have accessibility to system management features. None of the non technological individual must have accessibility to these items
Goal: Make sure accessibility to protection deals is appropriately protected.
Record: RSUSR010 Regularity: Regular Monthly
Look for transactional accessibility to protection management. Carry out record RSUSR010 and also look for deals PFCG, SU01, SU03, su02 and also su05. They regulate accessibility to the account generator, individual management, account management, consent upkeep and also net individual management. , if you see any kind of non sap protection individuals have accessibility to this purchase this must elevate a red flag..
Goal: Make sure table accessibility is appropriately set up.
Record: RSUSR040 Regularity: Regular Monthly
Accessibility to keep tables must be collaborated with the Basis Group. And also, table accessibility requires to accompany the capability to execute arrangement. Evaluation the individuals that have table accessibility for both customer reliant and also independent table accessibility. (S_TABU_CLI and also S_TABU_DIS). Customer independent table accessibility must be restricted to the Sandbox and also Setup Master customers.
Goal: Make sure that all individuals are appropriately designated to the proper individual team.
Record: RSUSR002 Regularity: Regular Monthly
Evaluation the individuals specified for all systems and also customers. Each individual ought to be designated to a legitimate pre-approved individual team. Look for individual that are designated to basis protection and also assistance workdesk
Goal: Make sure that impermissible passwords are regularly carried out and also satisfy standard procedure.
Purchase: SE16 Regularity: Semi-annually
Confirm the information included in table USR40. This table consists of certain impermissible password setups.
Goal: Make Certain SAP Account Generator is appropriately set up.
Purchase SPRO Regularity: Semi-annually.
Evaluation the arrangement and also activation of the SAP Account Generator. Evaluation the documents in the Business IMG to make sure all arrangement actions have actually been effectively finished. This task ought to concentrate on brand-new systems.
Goal: Look for modification and also by hand put items in to the duty
Evaluation the table for items which have actually been put by hand and also altered accessibility. This will certainly recognize the protection managers concerning several of the duty which are created according to protection plan. It is an excellent technique not to have duties with by hand or alter consent item
Purchase: SE16 Regularity: Semi-annually
Goal: Try to find updates to purchase to object arrangement in SU24 Purchase
Purchase: SE16 Regularity: Regular Monthly
Purchase SU24 must be preserved so no hand-operated consent items require to be contributed to the consent tab on account generator. If a wrong consent item or area worth is brought right into the account generator it must be altered just with SU24. This will certainly after that enable empty or just proper area worths are generated so the proper worths can be gotten in and also the appropriate consents designated. Keeping track of these modifications will certainly provide the SAP Audit Team the arrangement modifications made to the deals.
Goal: Duties modifications in the system
Purchase: SUIM Regularity: Regular Monthly
Below the SAP Audit conformity team is trying to find quantity of modifications taking place to the duties. This will certainly provide them a pre caution for even more examination right into the authorization if the quantities of modifications are also high.