Well, loads of people are now days trying to make their career into SAP and why they should not, after all SAP is a leading ERP in market which has provided jobs to numerous people and it is also paying very high nowadays. SAP Security and SAP GRC are into more focus since the companies has understood the importance of securing their business data and information from any kind of threats. I am expecting from you out there that you already know what is SAP Security and what all we do in it, if not then please drop a comment below, i will explain it in detail. So here we have to see the difference between SAP Security and SAP GRC. May be you do not know about GRC but looking at high market of GRC you want to make career in it and for that you would first like to know what the hell is this. So i have explained the difference between both in a very simple layman language. If any one out there is an expert then please try to add something here.
SAP Security is a module of SAP that deal with securing business data. Obviously, business data is stored into some database like Oracle, Sybase etc,. In SAP Security we are the access administrator. We are the one who is responsible to provide a user relevant access by which he can only perform the tasks related to him. I mean to say that i am not going to provide access to a sweeper of my company to view and modify the salary of company employee. I am the one who need to make sure that every one must not have additional access which is not in scope of their duty. This is one thing, additionally we design roles for users. Roles contains access and when these roles are assigned to users, users can perform their job. Third, being a SAP Security Consultant you have to do audits of your system time to time. May be monthly, quarterly, bi annually or annually.
Now let us see GRC. First of all let me tell you that GRC is an abbreviation for Governance Risk and Compliance. The term GRC did not tell anything related to SAP or something related to Security, then why people around are speaking more and more about it ????. Actually GRC is nothing but a law, a rule, a regulation, a mandate which every organization is abide to obey. You can see the details of this law here on Wikipedia.
http://en.wikipedia.org/wiki/Governance,_risk_management,_and_compliance
http://en.wikipedia.org/wiki/Sarbanes%E2%80%93Oxley_Act
But why the companies should follow this rule ?? Obviously there is something beneficial for them in this. As you drive a car on road you follow some rules , yes the traffic rules...why ? to let traffic and you reach destination safe, to make your drive and other's drive safe and easy. Just is the similar case with GRC. Your company should comply with the rule/law of GRC for effective operations of business in cost effective manner. I wont tell you the complete story how this law was formed as you can see the same on Wikipedia but below i have a short description of the same.
Long back, sometime around in 2000 several companies were declared bankrupt and on investigation it was found that this has happened due to the users having additional/critical access in system. Because of this access they used company money for their welfare ;-) and hence company went into loss.
Therefore to overcome this and to avoid this happening with other companies SoX compliance rule has been passed by US government which states that every user should have access limited to his/her job or daily activity in business process. Any additional access should not be granted to them. This is just a gist of the law. Please visit wikipedia for more details.
To implement this law in organizations implementing SAP a tool has been developed using ABAP programming, This tool acts as a monitor of every violence of SoX law and also helps reducing the access conflicts. This tool was first developed by a company known as Virsa and has 4 parts in it namely 1. Compliance Callibrator, 2. Firefighter, 3. Role Expert and 4. Access Enforces. This company was later on occupied by SAP and tool name is now called as SAP GRC. The tool got many new versions and recent one is GRC 10.0. Also the name of 4 tools were changed to 1.Access Risk Analysis 2. Emergency Access Management 3. Enterprise Role Management 4. Access Request Management.
I have too much to tell about this but for newbees it will go beyond your head. So for now understand only this and search about more technical details on google.
SAP Security is a module of SAP that deal with securing business data. Obviously, business data is stored into some database like Oracle, Sybase etc,. In SAP Security we are the access administrator. We are the one who is responsible to provide a user relevant access by which he can only perform the tasks related to him. I mean to say that i am not going to provide access to a sweeper of my company to view and modify the salary of company employee. I am the one who need to make sure that every one must not have additional access which is not in scope of their duty. This is one thing, additionally we design roles for users. Roles contains access and when these roles are assigned to users, users can perform their job. Third, being a SAP Security Consultant you have to do audits of your system time to time. May be monthly, quarterly, bi annually or annually.
Now let us see GRC. First of all let me tell you that GRC is an abbreviation for Governance Risk and Compliance. The term GRC did not tell anything related to SAP or something related to Security, then why people around are speaking more and more about it ????. Actually GRC is nothing but a law, a rule, a regulation, a mandate which every organization is abide to obey. You can see the details of this law here on Wikipedia.
http://en.wikipedia.org/wiki/Governance,_risk_management,_and_compliance
http://en.wikipedia.org/wiki/Sarbanes%E2%80%93Oxley_Act
But why the companies should follow this rule ?? Obviously there is something beneficial for them in this. As you drive a car on road you follow some rules , yes the traffic rules...why ? to let traffic and you reach destination safe, to make your drive and other's drive safe and easy. Just is the similar case with GRC. Your company should comply with the rule/law of GRC for effective operations of business in cost effective manner. I wont tell you the complete story how this law was formed as you can see the same on Wikipedia but below i have a short description of the same.
Long back, sometime around in 2000 several companies were declared bankrupt and on investigation it was found that this has happened due to the users having additional/critical access in system. Because of this access they used company money for their welfare ;-) and hence company went into loss.
Therefore to overcome this and to avoid this happening with other companies SoX compliance rule has been passed by US government which states that every user should have access limited to his/her job or daily activity in business process. Any additional access should not be granted to them. This is just a gist of the law. Please visit wikipedia for more details.
To implement this law in organizations implementing SAP a tool has been developed using ABAP programming, This tool acts as a monitor of every violence of SoX law and also helps reducing the access conflicts. This tool was first developed by a company known as Virsa and has 4 parts in it namely 1. Compliance Callibrator, 2. Firefighter, 3. Role Expert and 4. Access Enforces. This company was later on occupied by SAP and tool name is now called as SAP GRC. The tool got many new versions and recent one is GRC 10.0. Also the name of 4 tools were changed to 1.Access Risk Analysis 2. Emergency Access Management 3. Enterprise Role Management 4. Access Request Management.
I have too much to tell about this but for newbees it will go beyond your head. So for now understand only this and search about more technical details on google.
Awesome Explanation
ReplyDeleteThank You !!
DeletePlease feel free if you have any question on this topic.
Very helpful,I appreciate it.Thank you.
Deleteawesome
Deleteexplanation very worthy.....
This comment has been removed by a blog administrator.
ReplyDeleteThis comment has been removed by a blog administrator.
ReplyDeleteThis comment has been removed by a blog administrator.
ReplyDelete