Successful project planning for compliance identity management - Part I
SAP or any other ERP project execution in compliance way is a challenge for security and controls team.
In the project initiation and planning phases, security and controls will be given lower priority by which security KPIs will not be defined and Security objectives will not be covered in Scope statement and WBS processes.
A methodological approach shall be defined depends on customer environment and requirements. A lot of planning, coordination and attention by the PMO will help for robust security design and phase wise planning.
In general, most of process and functional teams will have little or more security knowledge and feels that security can set up easily. If no attention was given during planning, scoping and preparation phases, there will be lot of maintenance costs for security. Security is not just authorizations.
In a typical project following ASAP (Accelerated SAP) deliverable-oriented methodology or any hybrid methodology, the core processes, tasks, functions, sub tasks, cross-functions for the customer business will be identified and defined during Business Process Management (Project Preparation & Business Blueprint), the main Authorization Requirements and Design information will be shared to the security and controls team in Realization phase. There will not be any security validations or compliance checks in the first two phases. The compliance check shall be done at high level in parallel in the Business Blueprint phase.
Similarly, in an upgrade project, the customer plan for simple technical upgrade giving low priority for security. A parallel effort shall be planned for security redesign (may be a sub-project) considering current and future ERP versions to meet the SOX like regulatory compliances.
Similarly, Identity management and In-direct user provisioning shall be in PMO radar for successful planning. It reduces future maintenance cost and gives flexibility and extensibility for the customer.
With an efficient Identity management architecture, the global help desk tasks can be made simple with centralization and automation.
Few more details on project planning for new SAP systems (PLM7.0, GRC10, IDMs, GRC provision framework) shall be shared in next part.
A methodological approach shall be defined depends on customer environment and requirements. A lot of planning, coordination and attention by the PMO will help for robust security design and phase wise planning.
In general, most of process and functional teams will have little or more security knowledge and feels that security can set up easily. If no attention was given during planning, scoping and preparation phases, there will be lot of maintenance costs for security. Security is not just authorizations.
In a typical project following ASAP (Accelerated SAP) deliverable-oriented methodology or any hybrid methodology, the core processes, tasks, functions, sub tasks, cross-functions for the customer business will be identified and defined during Business Process Management (Project Preparation & Business Blueprint), the main Authorization Requirements and Design information will be shared to the security and controls team in Realization phase. There will not be any security validations or compliance checks in the first two phases. The compliance check shall be done at high level in parallel in the Business Blueprint phase.
Similarly, in an upgrade project, the customer plan for simple technical upgrade giving low priority for security. A parallel effort shall be planned for security redesign (may be a sub-project) considering current and future ERP versions to meet the SOX like regulatory compliances.
Similarly, Identity management and In-direct user provisioning shall be in PMO radar for successful planning. It reduces future maintenance cost and gives flexibility and extensibility for the customer.
With an efficient Identity management architecture, the global help desk tasks can be made simple with centralization and automation.
Few more details on project planning for new SAP systems (PLM7.0, GRC10, IDMs, GRC provision framework) shall be shared in next part.
