Our Professional Services

Information Security is a key element for the control of various causes of operational risk, such as internal fraud, the use of privileged information and failures in technological systems.

We have developed products and services that make it possible to apply the best practices and procedures associated with security and access controls for the SAP System.

Security standards established under ISO 27000

Diagnosis of the Security of user accounts, roles and profiles

Fraud within companies is committed by employees who abuse the trust and powers that have been granted to them. To avoid these situations, what is important is that the system does not grant facilities to allow fraud, which are a direct consequence of the quality of the definition and assignment of attributions to users.

Exposure to fraud risk is only determined by carrying out an adequate Diagnosis of the State of Security, which allows for the clear identification of vulnerabilities, associated risks and lines of solution, prioritizing from the urgent to the important.

With the information that CentinelBox gives us, we deliver a robust report on the current situation of the security of the system with guidelines for solving the risks detected.


Security design and redesign projects

In general, in SAP implementation projects, the definition of security is not assumed as a priority element of the project, despite the great importance of this topic and the important negative externalities that it can generate.

Having a Strategy for the Design of Roles and Profiles aligned with the ASAP methodology is essential, since only in this way will it be ensured that the project delivers, in addition to a well-configured system, its correctly defined roles and profiles in accordance with the best existing practices. . In the same way, the above is valid when the result of the SAP security diagnosis makes it advisable to carry out a Global Roles Redesign Project, our work considers at least the following four aspects:

• Roles by Function are defined, considering the greatest granularity in their definition that is possible to achieve.
• A clear orientation towards the segregation of functions is established.
• The use of productivity tools for the processes of creation, derivation and assignment of roles, which allow to reduce the time of testing and commissioning Productive.

If at the end of the work there are no roles with conflicting transactions due to segregation of duties; there are no broad profiles of the SAP ALL type defined and formal procedures are applied to maintain the role structure over time, the Design / Redesign project will be successful.


System security improvement projects

Our value proposition consists of carrying out Improvement Projects that significantly reduce risks and cause the least impact to users, without their cost being a variable that prevents them from being carried out.

What are the benefits of an Improvement Project?

• Eliminate all types of broad authorization assigned to functional and technical users.
• Have functionally segregated Technical Roles.
• Eliminate transaction over-allocation, drastically reducing segregation of duties conflicts and the number of critical and sensitive transactions allocated.
• Achieve that the number of transactions assigned will be very similar to the transactions actually used.

The residual risks of a project like this will be linked to the business processes that are used, rather than the consequences of implementation errors or technical definition of security. For this reason, the challenge will be to maintain the quality of the security achieved and develop, have and respect the established procedures to assign new access to users and create and maintain roles.


Other Professional Services

SAP Security Officer
For this service, our company acts as its Security Officer and therefore, current and new users will be assigned access and privileges adjusted to clearly defined policies and procedures. Our service, inserted in the authorization process for requested access, be it roles or transactions, uses CentinelBox to carry out a simulation that delivers a report with the risks that, due to the effect of conflicts due to segregation of functions, are identified in the authorizations that would be available. the user.

Roles and Profiles Operation and Administration Service
In this case, our company assumes the administration of User Accounts and their Roles and Profiles. Among the activities included in this service is the maintenance of user accounts (registration and deregistration), of roles and their assignment to users.

Correct Z Programs
The absence of authorization and security checks in the programs developed by the client make it necessary to correct them, incorporating the control authorization objects.

SAP ALL Type Assignment Removal
It is common and frequent to assign broad privileges to administrators and to external applications that are integrated into the system as interfaces. The specialized analysis of its traces allows us to build specific roles for each case, eliminating all sources of risks for this reason.

These are among many other of our professional services.


Process Redesign

In a SAP System Security governance environment validated and consistent with IT security policies, its objectives are to formulate a correct process that ensures that each user is assigned the least privilege. The creation of roles and their maintenance over time must be governed by a process and their respective standardized procedures and rigorously aligned with the best existing practices, achieving sustainable, sustainable and stable roles over time.


A risk matrix considers at least three core elements that will make it possible to assess exposure to fraud risks:
Maps of Incompatible SAP Processes at the function level with Segregation of Duties Conflicts, and their breakdown at the level of transactions and the respective authorization objects.
We deliver a standard matrix with the main SAP modules that the client can modify and/or incorporate new risks according to their needs.
We develop matrices for SAP vertical solutions.
Critical roles that correspond to the roles currently in use that contain sensitive privileges whose assignment and use must be observed.
Critical functions that correspond to groups of highly critical transactions whose allocation and use must be observed.
We have functions with your transaction association for the FI – CO – MM – SD – PP – PM – QM modules.

Design and Preparation of the Risk Matrix


New service

Vulnerability and Risk Scanning in User Accounts, Roles, and Profiles Security in SAP ECC and S/4 HANA.

Enables the timely detection of vulnerabilities and risks in the privileges assigned to user accounts, allowing us to proactively address them and achieve favorable and beneficial outcomes:

Contract this service, which will provide you with daily reports to help you take measures early and prevent or mitigate future issues.

Refer to the details of its deliverables and available additional services. We will use CentinelBox (on premise) at no additional cost to the client.