Security audit of SAP systems
- Security
Jak przekuć myśl oraz planowanie w konkretne działanie przynoszące korzyść przedsiębiorstwu?
With the tool SAST detection of potential irregularities and risks is easy, fast
and comprehensive.
Scope of SAP security audit
In our work we realize SAP system security audits Based on best practices for SAP security projects for SAP systems with regard to ISO 27001. During the audit, all relevant system components (ABAP stack, Java stack, operating system, database) are checked and analyzed, as well as SAP settings and user authorizations.
The audit is carried out using SAP-certified security tool SAST.
The scope of the study includes more than 3,000 inspections related to the following areas
- Control of access to the system
- Security study at the operating system and database level
- Checking standard users and passwords
- Control of SAP parameters and settings
- Examination of Internet configuration and cryptographic settings
- Evaluation of critical SAP authorizations based on SAST default settings
- SAP authorization verification for critical authorizations and segregation of duties conflicts
We compile all the verifications carried out and the gaps revealed in a post-inspection report subject to client review, and then present and explain them to the client during a workshop on the results and the development of a remediation plan.
Steps of an SAP security audit
What are the different stages of a Security Audit? How long does it all take?
What do we need to prepare for?
- Preparations for the audit begin with the creation of a concept and a plan for the course of verification on the system. In this regard, we work together with the client, paying attention to the most critical aspects of security in the organization.
- Then prepare the system technically (SAST shipment imports).
Our team configures the tool and runs control reports. - Our next action is analysis of reports generated from the systems studied.
- Preparation of documentation with control results and recommendations for change also prepare our security team.
- Discussion and presentation of results With the client. The joint creation of a recovery plan involves agreeing on the results and recommendations with the departments involved in the audit. It is possible to set deadlines for the implementation of recommendations and supervise the implementation of changes.
When it comes to time-consuming conduct the audit described above, it takes about two weeks. However, the availability of your own internal resources should be taken into account, so that
be able to lean into the security aspects in the most optimal way.
Control results of SAP security audit
We provide the audit results to the client in electronic form (Microsoft Word or Excel).
In addition, we present them at the client's site during a follow-up meeting in the form of a presentation. It is very important, that the following be present at the meeting Representatives or process supervisors of each department, whose processes were reviewed as part of the audit.
The documentation prepared includes the following information:
- A list of components tested and, if necessary, other systems to be tested,
including inspection period and inspection procedures - A brief description of the control results (degree of deviation from the recommended scenario, according to the
with the specifics of the customer or as stated in best practices) - A detailed description of the audit results (causes and effects/risks), including an explanation of deviations from the customer, laws or good practices
- Recommendations to address specific gaps (e.g., concept changes, software updates, configuration adjustments).
After SAP security audit
After verification, our team appoints a contact person to assist you
In case of any inquiries. Support covers a period of several weeks after the written inspection results are submitted.
If you are thinking about examining the current state of your SAP system for security, but the scale of the problems from the perspective of the size of your environment and the complexity of your processes raises doubts - please do not delay any longer. We will help you, conduct the audit, and clearly present the results and a remediation plan.
We Manage the Digital Transformation of Your Business
Do you want to secure your business from cyberattacks? Or are you planning a digital transformation or looking for IT specialists for a project? We'd be happy to help. We are here for you. Let's talk about professional IT services for your business.