Upload
smart-erp-solutions-inc
View
122
Download
2
Embed Size (px)
Citation preview
The 4 Factors to a successful Security and
Segregation of Duties implementation in
PeopleSoft
Agenda
• Smart ERP Solutions, Inc
• 4 Factors
• Opportunities
• Handouts
• Q&A
About SmartERP
Oracle Platinum Partner
Best practices and expertise in strategic planning, implementation, upgrade and add-on / customization services
Unique blend of Solutions and Services
‘Clients for Life’ – High level of client satisfaction and loyalty
200+ Clients across various industries
350+ Employees
Global Locations:Headquarters in Pleasanton, CAOffices in Atlanta GA, Hyderabad, Chennai and Bangalore (India)
Founded in 2005 by former Oracle Architects, Executives and Consultants
Achieve Best-In-Class PerformanceOur mission is to provide innovative, configurable, flexible, cost-effective solutions
to common business challenges, enabling our clients to save time,
increase productivity, minimize costs, and maximize their return on investment.
SolutionsBusiness applications that
offer organizations an
end-to-end solution
providing the right design
and implementation from
start to finish.
ServicesA 24/7 seasoned and
experienced staff of
experts to help you
implement your business
solutions efficiently and
effectively at a cost-
effective rate.
CloudCloud applications
provide solutions built on
proven enterprise class
architecture that enable
high configurability and
ease of monitoring.
About SmartERP
Unique Smart Solutions Unique Smart Services
Employee Onboarding
Electronic Personnel Action and other HR Forms
E-Verify Integration with DHS
ERP Gadget for User Productivity / Experience
Embedded Analytics
Configurable advanced workflow on all transactions
Security/Segregation of Duties
Smart Doc’s such as Smart Voucher, Smart PO
ERP Implementations and Upgrades
Anything Oracle, some SAP and MS
Managed Services including PUM’s for PeopleSoft
Business Intelligence Services
Onshore/Offshore Services
Application and Database Management
Tax Automation Solutions
Oracle Cloud Consulting Services (SaaS, PaaS, IaaS)
Sample clients in various industries:
The 4 Factors
4 Factors
• Ownership
• Working Together
• The Process
• The ‘Outsiders’
Poll
Who owns the Access/SoD Reviews for you currently?
• Security
• Audit
• Functional Users/Managers
• A combination of the above
• None of the above
Ownership
• IT supports the Application
• Finance/HR own the Application
• Security secures the Application
• Audit want to know what has changed and if the Controls are effective
The Task of reporting and implementing Controls is
usually directed to IT/Security, with the question – “who
should be responsible instead?”
Working together
The answer - All of the above
• Steering Committee should be established
before starting this project.
• You need an Executive sponsor
• Business Users most heavily involved to
start with
• Be prepared to re-design Security
The Process
Decide who should have what and what should be removed.
Conflicts within a Role versus Conflicts across a Role
Exceptions granted – sometimes Users need to break the Rules
Create Vendor
Approve Vendor
Create Vendor &
Approve Vendor
Poll 2
• How do you manage security analysis and SoD currently?
• Third party Solution
• Manual based process
• No solution in place
• Don’t know
The Outsiders
Third party Vendors, Contractors
In all Access reviews by Smart ERP, third parties had open access in Production
User Accounts often generic, not tied to an individual
No point in securing Employees when the Outsiders can do what they want!
The Outsiders - Solutions
• Establish who from the third party is authorized to access your systems
• Remove ALLPAGES access, either:
– Implement Break-glass, give specific access when required
– Implement specific access for key personnel
• Auditing too difficult to switch for all of user activity
Opportunities
• Software – Capital Expenditure, Training and self deployment
• Software as a Service – recurring fees to include services for deployment, management and advisory
• 100% Service – No software to be deployed, you send the data for review
Effective Segregation of Duties
SoD
Proactive SoD
Reactive SoD
Mitigation
Written in Peopletools
Software, Service or Both
Over 100 Rules for FSCM,
Over 45 for HCM
Role level
• Create matrix of all active system roles
• Identify all roles that should not be linked to the same user
– Such as purchasing and payments
Permission List / Business Process level
• Include Application security & processing options
• Add to / modify as needed
Component / Page and User Preference level
• Add in any custom or modified processing
• If creating your own rules
– Start with most important controls & gradually add to them
Creation of SoD Rules
Over 200 Rules across FSCM and HCM
Pre-defined and ready to use on Day 1!
Analytics and Reports
• Gain insight into Users with too much
access
• Mitigate Users who need access or to
break a Rule
• View SoD and Access results over time
with trending information
Security Analysis Services
Extract your Data or deploy the software on-premises with services to manage the process.
Objectives: Identify the issues and provide the easiest root cause analysis
Example Security Analysis
Violations by Role Report
Establish which Roles
are responsible for
granting Access in
PeopleSoft
Q&A
• Please send any questions using the Questions feature
• Recordings and Slides available
• Want to discuss your Security and planning?
• Copy of the Analysis available on request
Next Webinar
Register: http://www2.smarterp.com/smartI9webinar
For more informationsmarterp.comsmartonboarding.comanalytics.smarterp.com