There are many advantages to maintaining AMS Support Specialized in SAP Security and GRC segregated from Functional Support (eg FI, MM, SD, CO, RH…) and SAP Technician (BASIS and ABAP)
Below, we list some of the advantages of maintaining a Specialized AMS Support, but it is important to know that, in addition to being advantageous, such action ends up being necessary, as performing all services with a single contract (or supplier), places governance and compliance of practices GRC and SAP Security at risk.
Below are some topics that support the claim that a single vendor or contract for all SAP support can be dangerous:
- The support team will need unrestricted, “super user” access to supported environments;
- Even with well-defined GRC governance practices, the supplier will still have “super user” access to act outside the established standard, generating audit GAPs;
- There will be no segregation of competencies (functional / technical support) with Governance practices, enabling ineffective processes and – again – audit GAPs;
- The support provider may even manipulate, hide or act for their own benefit, to meet deadlines and SLAs, facilitating or neglecting items such as:
- Debug in production with data manipulation power;
- Sharing of users and passwords and/or use of generic users;
- Carrying out adjustments and configurations directly in production;
- Failure to comply with established GRC practices, without supervision by another team;
- Failure to understand the need to use continuous compliance practices. etc.
Not to mention that the ROI/TCO related to the SAP GRC Access Control / IdM / SSO solution can be compromised as a result of the use of contracts of this type!
To combat bad practices like these and mitigate risks of this nature, the ideal is always to segregate support functions in more than one contract and, preferably, from different suppliers.
Aware of this type of situation or problem, TrustSis Consultoria has developed a specialized and robust AMS Support methodology, widely recognized, called Compliance Operator, with excellent results obtained from its many clients throughout its existence.
Segregating the AMS Security Support and GRC routines from the Functional and Technical Support, we will have, among other advantages:
- Specialized support on SAP Security and GRC / IdM / SSO;
- Segregation of Operation and Security Support and GRC competencies from Functional and Technical Support activities;
- Additional layer of governance, as a result of the segregation of competences. The Functional / Technical Support team will have to submit to the established Security and GRC practices, without the possibility of carrying out actions that could compromise the effectiveness of the security and auditing controls;
- End user support with technical and specialized quality assurance;
- Proven knowledge in SAP Security, Audit and GRC for support and recommendations to the client’s internal teams;
- Broad and unrestricted support in the pursuit of Continuous Compliance;
- Guarantee of expected ROI/TCO related to the GRC Access Control / IdM / SSO solution
Finally, there are many advantages to having a specialized company, truly qualified and accredited by SAP, taking care of the AMS Support of SAP Security and GRC!