BSI sets the standard for SAP access risks and SoD: Governance, Risk and Compliance (GRC) solutions from EPI-USE Labs’ partner Soterion enable the British Standards Institution (BSI) to manage and report on their user access risks and SoD effectively.
"I'm Zaki Mouden. I'm global head of applications or enterprise applications within BSI. BSI is the British Standards Institute, so we are the national standards body. We then effectively sell a service in terms of auditing those standards.
So it's literally how can we improve things. With Soterion, what we have is a list of all the risks within SAP, and we're able to run reports, for example, should individuals have access to ME 21 and also then ME 29 so as to be able to create and approve purchase orders. So it's that segregation of duties. So look at the standard segregation of duties matrix built into Soterion to ensure that what we're doing is best practice and just not what we've been used to doing over the last twenty years.
Historically, I've always sort of looked at SAP as our finance system. And so therefore, it's not just about SOX compliance in terms of merit, it's ensuring that our estate is secure, ensuring that the data is secure, and there's that clear definition in terms of what people can and can't do. So the ability to report on that means that I feel secure in terms of I'm doing the best for the organization, and my team are doing the best for the organization.
We've had a lot of feedback in terms of the end user community. So we have given access to each individual department within finance so they can run their own reports in terms of to see what transaction codes their team have access to. It's user friendly. It's intuitive.
It's simple. The ability to just reach out to people and get the access and the support I need without having to go through a whole ITSM tool and rest of it. So I'll still log things just for the traceability, but but knowing that I can just go to someone and they will respond. It's not what you normally get from larger organizations."
