SAP GRC Access Control

Installation, Configuration, and Upgrade Information

SAP GRC Access Control provides a real-time 24/7 compliance foundation by automating access
control tasks and preventing new risks from entering your enterprise systems with the following
capabilities:
Compliant User Provisioning (formerly known as Access Enforcer) provides a workflow
engine to process user security requests and ensure that no new segregation of duty (SoD)
risks are introduced without management approval.
Enterprise Role Management (formerly known as Role Expert) provides a methodology
for developing, documenting, and simulating roles before they are assigned to users with
inherent risks.
Risk Analysis and Remediation (formerly known as Compliance Calibrator) provides the
business rules for segregation of duty (SoD) risks which management wishes to monitor and
prevent in the future.
Superuser Privilege Management (formerly known as Firefighter) manages the access of
superusers to emergency and sensitive transactions through timely notification and tracking
facilities.
You can find installation files in the SAP Software Distribution Center under Download ->
Installations and Upgrades -> Entry by Application Group -> SAP Solutions for
Governance, Risk, and Compliance -> SAP GRC Access Control

SAP GRC Process Control

Installation, Configuration, and Upgrade Information

SAP GRC Process Control automates the most time-consuming tasks related to
Sarbanes-Oxley compliance: controls assessment. It continuously monitors and reports
the activities in enterprise applications, and provides drill-down capabilities to facilitate
analysis, pinpoint the cause of control violations, and perform remediation, all in real
time.
Process Control can integrate with Risk Analysis and Remediation (formerly known as
Compliance Calibrator). Risk Analysis and Remediation for SAP software provides
real-time compliance monitoring and controls, integrated within your SAP deployment.
Risk Analysis and Remediation uses its built-in analysis engine to identify risks
associated with Segregation of Duty (SoD), critical actions, and critical permissions.
Once identified, you use Risk Analysis and Remediation controls to mitigate or eliminate
compliance risks. For more information on Risk Analysis and Remediation, see the SAP
GRC Access Control page.
You can find installation files in the SAP Software Distribution Center under Downloads
-> SAP Installations and Upgrades -> Entry by Application Group -> SAP Solutions for
Governance, Risk, and Compliance -> SAP GRC Process Control.

SAP GRC Risk Management

The GRC Risk Management application enables an enterprise wide risk management
process as requested by legal requirements and recommended by best practice
management frameworks.

The process covered by GRC Risk Management includes the following steps:
Risk Planning: determine the approach to risk management in each business
area or project. This would include defining risk thresholds and setting up the
risk management organization.
Risk Identification and Analysis: identify the risks in order to analyze and
prioritize them along different attributes, such as probability of occurrence
and potential total loss associated to the risk.
Risk Response: decide on actions to actually respond to a risk. An action
could be to actively mitigate the risk to reduce probability of occurrence
and/or potential impact.
Risk Monitoring: includes the regular update of risk information as well as
risk reporting to monitor progress along the risk management process.

Installation, Configuration, and Upgrade Information

You can find installation files in the SAP Software Distribution Center under Download
-> Installations and Upgrades -> Entry by Application Group -> SAP Solutions for
Governance, Risk and Compliance -> SAP GRC Risk Management.