8/3/2019 GRCAC Contents 03 (1)

1/4

GRC ACCESS CONTROL 5.XSecurity

Training

Goals:

Explain how SAP GRC Access Control (Risk Analysis and Remediation, Super user PrivilegeManagement, Compliant User Provisioning and Enterprise Role Management) works incombination with SAP business processes.

Demonstrate the functionalities and usage of the different components within SAP GRCAccess Control

Discuss how to use the SoD Management process as standard approach forimplementing SAP GRC Access Control

Configure and use workflow-based SoD and User Access Reviews to ensure a continuousassessment of the risk situation by the business process owners

Discuss how the use of Enterprise Role Management will help to maintain a clean SoDenvironment with respect to your organizations roles.

Identify the integration points across the whole SAP GRC Access Control Suite

Implementation strategy of GRC Access Control Project.

Course Based on Software Release

SAP GRC Access Control 5.3

SAP ERP Central Control 6.0

Duration :30 HRS

Contents

1. Overview of SAP Security

1. SAP R/3 Architecture2. SAP Basis Security

3. Authorization concept

4. User and Role creation

5. Concept of Derived role

6. Derived Role benefits

7. Exercise on Role creation (Hands-On)

8. Auditing and Monitoring

9. Security Reports

2.SoD overview

10. SOX Compliance

11. SoD Management Process Phases

12. SoD Implementation Methodology

13. SoD Matrix

14. How Risk Analysis & Remediation/CC compatible to SoDs.

Security & GRC AC 5.X | By Joseph Pavan 1

8/3/2019 GRCAC Contents 03 (1)

2/4

GRC ACCESS CONTROL 5.XSecurity

Training

3. Overview of SAP GRC Access Control

15. Why GRC?

16. SAP GRC Components

17. Product architecture

18. SAP GRC Access Control 5.3 suite features

19. Prerequisites

20. Installation

21. System Landscape

22. SAP GRC Access Control Authorizations

4. Risk Analysis and Remediation

23. Overview24. Architecture

25. Verification of Installation

26. Getting Clean using RAR

27. Compliance Calibrator tabs

28. Exercise

29. Implementation Process Flow

30. User Management Engine

31. Key Terminology

32. Introduction to the SoD Risk Management Process

33. RAR Rule Architect SoD34. Rule Building Process

35. Exercise

36. Rule Library

37. Management View- Risk Violations

38. Risk Analysis Adhoc Reports

39. Risk Analysis

40. Risk Remediation

41. Simulation

42. Exercise

43. Alerts

44. Exercise

45. Mitigation

46. Exercise

47. Organizational Rules and Organizational Level Reporting

48. Exercise

49. Continuous Compliance

50. Operational guide

Security & GRC AC 5.X | By Joseph Pavan 2

8/3/2019 GRCAC Contents 03 (1)

3/4

GRC ACCESS CONTROL 5.XSecurity

Training

51. Exercise

5. Super user Privilege Management

52. Overview

53. Verification of Installation

54. Exercise

55. Super user Privilege Management functionality and uses

56. SPM configuration

57.SPM Reports58. Exercises

6. Compliant User Provisioning

59. Overview

60. Verification of Installation

61. Compliant User Provisioning Functionality

62. Integration with RAR & ERM

63. Workflow-based Reviews

64. Compliant User Management Lifecycle

65. Work flow creation66. Super user access workflow

67. Request creation and approval flow

68. Types of workflows

69. Configurations

70. Different reports

71. Exercises

7. Enterprise Role Management

72. Overview

73. Verification of Installation

74. Configuration Review

75. Workflow Steps

76. Access Control Integration

77. Integration between all Access Control Products

78. Compliance Reporting

79. Role creation workflow

Security & GRC AC 5.X | By Joseph Pavan 3

8/3/2019 GRCAC Contents 03 (1)

4/4

GRC ACCESS CONTROL 5.XSecurity

Training

80. Reports

81. Exercises

8. Project flow methodology

Project preparation

Requirement gathering

Blue print

Architecture & SLD

Operational steps

9. GRC 10 Introduction

Security & GRC AC 5.X | By Joseph Pavan 4