Quick navigation

CSI tools

CSI Authorization Auditor (CSI AA) from CSI Tools to (automate) audit and monitoring of SAP security

Automated Audit & monitoring application of authorization and role setup in SAP environments
Value Proposition

Problem

In order for an audit to be successful, the auditor must have a good understanding of the SAP's authorization concept design. There are some instances when the security design (authorization concept) is so ineffective that users will gain inadvertent access to unauthorized or unnecessary transactions. Therefore, the implementation and design of the SAP security and control of access is extremely important to make sure the duties are segregated, and this segregation is maintained so access to transactions that are sensitive is well-controlled.

Solution

CSI Authorization Auditor makes a snapshot of a SAP system to gain insight into the past or current authorization setup of the SAP system. It reveals weaknesses in your authorization concept but also helps identifying undesired authorizations, accumulation of access rights, unsecured back doors and cross-system segregation of duties. Assess your risk exposure by finding inconsistencies between what people are allowed to do, can do, did and can almost do. CSI Authorization Auditor 2016 comes with a pre-defined SoD engine with more than 400 SoD conflicts. The application further supports the security & control processes by allowing documenting control measures, such as compensating controls.

Features

  • Perform audit and SoD analysis on every desired level with a multi-layered approach
  • Pre-defined SoD engine with more than 400 SoD conflicts
  • Analyze the security concept for any ABAP stack environment
  • Causing information to get insight in used SAP functionality and executed SoD conflicts
  • Customizable reporting
  • Dashboards for management reporting
  • Insight in inconsistencies (accumulation of access rights)
Supporting Technology
  • .net framework & SQL without Gb Restriction
  • Multi Thread causing high performance analysis
  • Runs independently from SAP, therefore suitable for independend audits
Standards & Compliance
  • Data Protection Act
  • SOX
Customers
Downloads

Video(s)