The Segregation of Duties feature in JAM Toolkit allows clients to maintain the integrity and quality of their transactional data through controlled access design and user assignments.
Some Organisations have a legal obligation to ensure that end-user access does not allow the falsification of transactional data, whilst others who are not legally obliged understand the importance of quality data to support their day-to-day business operations. Therefore, segregating duties (access) of an end-user is an important part of this process.
The Segregation of Duties (SoD) feature of the JAM Toolkit is a valuable tool for the SAP Security, Audit and Risk and Compliance teams to ensure that the Access Design (Jobs and Roles) remain free of SoD violations prior to the release into the production system. A role and job SoD check simulation can be used prior to permanent changes being applied.
The user SoD check can be used to support Business As Usual access requests and user to job mapping during projects prior to provisioning deployments.
The JAM Toolkit uses rules to define Segregation of Duty violations. Each rule contains one or more SAP transactions that provide the ability to perform the process/task for which the rule is defined.
Area and Rulebook characteristics can be used in addition to those illustrated to provide further context, easy analysis and identify rule owners for accountability.
The JAM Toolkit is delivered with a pre-defined set of Segregation of Duty objects to help get started. As every business and SAP system is unique, these objects will need to be reviewed by a compliance expert who understands your business and SAP nuances.
The JAM Toolkit logic is simple to understand making the configuration of the Segregation of Duty objects quick and easy to update, allowing for analysis to begin straight away.
The key to achieving SoD compliance is having an access design that works for everyone, from SAP Security teams, compliance experts, operational teams and more importantly the business end-users.
The JAM Toolkit SoD reporting allows checks to be performed from transactions, through roles and jobs, to end-user assignments. A compliant access design (roles/jobs) will help achieve and maintain end-user compliance in the long-term.
The JAM Toolkit has a deployment methodology allowing for End-User Mapping to be captured. This, coupled with the Segregation of Duty feature ensures that the project mapping is fully compliant prior to deployment, saving time and unnecessary remediation effort post-go-live.
A User Synchronisation can be used to draw in user and job assignments from remote systems (ECC, CRM, BW etc) allowing for quick and easy SoD analysis to be performed on mass or on a case by case basis (per access request ticket).
Key Features
- SoD objects and methodology are pre-defined in the JAM Toolkit for easy adoption.
- SoD objects are pre-populated with SoD conflicts, rules and transactions providing a framework for ongoing customisation.
- SoD ownership and severity attributes support analysis and prioritizing identified conflicts.
- SoD reporting at user, job and role level to allow a methodical approach to remediation.
- SoD checks can easily be incorporated into a project deployment strategy.
- Dashboards available to easily share SoD status with appropriate groups of people.