22/07/2016 DGNTechnologies:SuccessStories

EmployeeLogin|ContactUs|Careers

Home AboutUs Products Solutions Services News&Events SuccessStories Clients Affiliation

CASESTUDY:AnAmericanretailingcompany

TheNeed:The SOX compliance is the need of the hour for each organization big or small. Being in retail business for over four decades, the
corporationhastheirstoresspreadfarandwideacrossNorthAmerica,involvinghalfmillionemployeeswhoseaccessneedstobemanaged.They
wereusingMicrosoftActiveLifecycleManagerforUserdatasourceandasprimaryidentitymanagementtool.WithouthavinganySoDtool,ensuring
security was cumbersome activity for information security team and the loss of business hours led to thought of implementing SAP GRC and
integrating it with existing identity management solution. This Retail Company, one of the largest retailer by sales revenue in United States had
requirementnotonlytointegrateGRCACwithIDMbutalsoproviderealtimeauthenticationforSAPsystems.Theideawasclearandthoughtswere
streamlined.TheprojectwasaimedtoautomateSoDanalysisandmanageaccessforhalfmillionteammembersacrossitsstores,warehousesand
officesbothinAmericaandIndia

TheChallenge:ThechallengeforGRCconsultantwasnotonlytoprovideintegrationbetweenGRCAC5.3andIDMbutalsomakeACinterfaceuser
friendlyandeasytouse.Thecustomerwaslookingforanautomatedsystemthatwouldenablenotonlysinglesignonbutasimplifiedsignonintoall
SAPapplicationsandthatwasamajorundertakingforthislargeretailcorporation.TheideaofsynchronizinguserdetailsfromLDAPintoSAPUME
was never acceptable solution for them. They needed realtime dynamic authentication mechanism to be integrated within GRC allowing User
credentialsanddetailsbefetcheddirectlyfromLDAPinrealtime.

TheAnswer:BasedontheextensiveSAPGRCandIDMexperienceweredesignedtheusercreationandroleprovisioningprocessusingCUPto
notonlyprovisioninIDMandSAPsystemsbutalsocheckrealtimeSoDusingRAR.Torealizethedreamofsimplifiedsignon,atoolnamedCentrify
wasconfiguredandintegratedwithSAPtoproviderealtimeSAPauthentication.TheentireSAPGRCAC5.3Suitewasdesigned,built,configuredand
implementedtoprovidecomplianceforproductsinthelargeenterpriseenvironment.ApartfromAccessManagement,RoleManagementwasalso
implementedutilizinginbuiltcapabilitiesofAC5.3toensureintegratedaswellascomplaintenvironment.TheimplementationofAC5.3involvingIDM
integrationwasagrandsuccess,makingcorporationSOXComplianttherebyreleasingthepressurefromshouldersofstakeholdersandthebusiness
users.

TheprojectwasrealizedandGoLiveflaggedoff!

CASESTUDY:LogisticsCompany

TheNeed:ThelogisticscompanyhadbeenhappilyusingVIRSA4.0untiltheirmanualaccessprovisioningprocesswasquestionedintheAuditcycle
whichdirectedthemtoupgradetheirexistingVIRSAtothelatestversion.TherevampingrequirednotonlyknowledgeofnewAC5.2butalsoextensive
experiencewithVIRSA4.0

TheChallenge:UpgradingfromanolderversionVIRSA4.0toAC5.2wasalwaysgoingtobeachallengeforanyconsultantduetodifferentplatforms
theyweredevelopedon.VIRSA4.0iscoreABAPproductwhereasAC5.2hastwopiecestotalkaboutonebeingthewebinterfacebuiltentirelyin
JavaandotheraninterfacetoenablefrontendtotalktoSAPsystems.Itwaschallengingbecausetheongoingproduction4.0environmentscouldnot
bedisturbed.

TheAnswer:Access Enforcer implementation was prime requirement to answer the questions raised during the clients audit. The workflows for
AE5.2weredesigned,documentedandconfiguredtoensureautomatedaccessprovisioningwithadequateaudittrail.KeepingtheproductionVIRSA
4.0systemintactandnotdisturbingit,parallelimplementationwasperformedwhereJavapieceofCC5.2wasinstalledandVIRSA4.0wasupgraded
to CC5.2 and the rules from 4.0 were migrated into the new Rule Set of 5.2 to allow close integration between Access Enforcer and Compliance
Calibrator.Thedatamigrationwascompletedtoavoidlossofexistingvaluabledataandinvolvingnomessingwithexistingproductionsetup.

TheDGNGRCteamcomprisingofex.Virsaandex.SAPGRCexpertshavingcomprehensiveexperienceandknowledgeofVIRSAandAC5.2helped
the company not only automate their existing provisioning process but also enabled them to use existing rules and mitigation controls in the new
versions.Thetransitionfrom4.0to5.2wasplanned,organizedandsmooth.Itwaslikedrinkingoldwinefromnewbottle!Apropertrainingcoursewas
http://www.dgntechnologies.com/success/index.html 1/4
22/07/2016 DGNTechnologies:SuccessStories
developedandcomprehensiveknowledgetransferwasgiventotheIT,infrastructure,internalauditors,stakeholdersandrepresentativesfromvaried
line of business. The team ensured proper documentation and learning maps are available to make maintenance of GRC easy after the project is
handedovertoclient.

CaseStudy:GlobalDistributingCompany

GlobalDistributorisoneoftheworld'slargestglobaldistributorsofelectronicparts,enterprisecomputingandstorageproducts.GlobalDistributing
Companybringsabreadthanddepthofservicecapabilities,suchassupplychainanddesignchainservices,logisticssolutions,productassembly,
deviceprogramming,computersystemconfigurationandintegration,andtechnicalseminarsallinadditiontoitscoredistributionservices.The
companyneededtoimplementautomatedSegregationofDuties(SoD)toolwithcustomizableandflexibleapprovalworkflowtomanagecomplex
systemmaintenanceandstaySOXcompliant.

CustomerChallenges:ItistimeconsumingandcumbersometomanagealargeuserbaseacrossdifferentSAPsystemsandstaySOXcompliant.
GlobalDistributorhadCentralUserAdministration(CUA)inplacetomanageitsusersacrossvariousSAPsystems.GlobalDistributorwasusingRisk
AnalysisandRemediation(RAR)componentofSAPGRCAccessControl5.3tocheckSoDandCompliantUserProvisioning(CUP)componentto
automatetheaccessapprovalprocess.WheneverglobalCUAroleswererequested,checkingforSegregationofDutiesviolationsduringapproval
processwastroublesome.GlobalDistributorwantedtomakethisprocesssimpleandefficient.GlobalDistributorwantedtoimplementSingleSignOn
(SSO)betweenEnterprisePortal(EP)andSAPGRCAccessControl(AC)5.3.

Solution:UtilizingourSAPGRCAccessControlexpertiseandextensiveexperienceinCUAadministration,wewereabletoredesigntheworkflow
approvalprocesswhichenforcescompliancewheneveruserssubmitarequesttomodifyaccess.Wediscussedwithbusinesspeopleandgathered
requirements.Oncetherequirementswerefinalized,wedesigneddifferentworkflowsforfulltimeuser,externalusers,offboardingofusersetc.We
wereabletoenableSSO(SingleSignOn)betweenEPandAC5.3byprovidingasimpleworkaround.Customerwasveryhappyandtheywentlivein
lessthantwomonths.

Benefits:
AutomatelogintoAC5.3andallSAPsystemsbyenablingSSO
Automatethecompliancecheckduringuserprovisioning
UseCUAsystemtobetheprimarysystemforprovisioning

CaseStudy:LargeU.S.OilCompany

ThisOilCompanyisoneofthelargestindependentpetroleumrefinerandmarketerinUS.Itsuppliesfuelandproductsthatcomefrom16refineries
andsevenethanolplants.TheclientwasusingVirsaComplianceCalibrator4.0(earlierversionofRiskAnalysisandRemediationcomponentofSAP
GRCAccessControl)andFireFighter4.0(earlierversionofSuperuserPrivilegeManagmentcomponentofSAPGRCAccessControl).Theywanted
tohaveautomatedSoDcheckandmitigatingcontrolassignmentduringusermodificationand/orroleassignment.Theywantedtoimplementa
proactivesolutiontoreplacetheirexistingreactiveprocess.Toachievethis,theyevaluatedtheydecidedtoimplementAccessEnforcer5.2(earlier
versionofCompliantUserProvisioningcomponentofSAPGRCAccessControl)forongoingcompliance.

CustomerChallenges:ThisOilCompanyalreadyhadahomegrowninterfacewhichwasbeingusedtocreateticketforuseraccessandrole
assignmentforSAPsystems.TheywantedtoimplementAccessEnforcer(AE)/CompliantUserProvisioning(CUP),butdidnotwanttodisruptthe
lookandfeeloftheenduserinterfacewithminimumimpactontheirlargeSAPuserbase.ThechallengewastointegrateAE/CUPwiththehome
grownticketingsolution.

Solution:OilCompanyhadexploredalternativeoptionsbeforeselectingDGNasaviableimplementationpartnertoachievetheirspecificbusiness
needs.DGNGRCexpertswhohavevastintegrationexperiencecamewithaninnovativesolutiontointegrateAE/CUPwiththeclientsticketing
solution.AE/CUPcomeswithconsumablewebserviceswritteninJavafortheintegrationwithIdMlikeSUN,ITIMetc.Ourconsultantsanalyzedthe
webservices,andourinhouseJavaconsultantsbuiltacustomjavainterfacetofetchdatafromtheticketingsolutionandpassontotheAE
webservices.WiththiscustominterfacetheclientnowhasasolutionwhichallowsrealtimeusageofAE/CUPwithoutchangingthelookandfeelfor
theirEndusertherebyreducinganyadditionaltime,effortandcostintrainingthatwouldhavebeenincurredotherwise.

Benefits:
TimeandCostsavingbynotchangingtheenduserexperience
Streamlinedandautomatedworkflowapprovalprocess
SOXcompliantuserprovisioningtoolwithaudittrail
ImprovetheefficiencyandeffectivenessoftheGRCbusinessprocesses

CaseStudy:GlobalSemiconductorCompany

Semiconductormanufacturerisaninnovativetechnologycompanydedicatedtocollaboratingwithcustomersandpartnerstoignitethenext
generationofcomputingandgraphicssolutions.GlobalSemiconductorCompanydevelopsandmanufacturesitsprocessorsandotherproductsin
facilitiesinUnitedStates.ThecompanywantedtoupgradeanolderversionofSAPsSegregationofDuties(SoD)toolandimplementEmergency
AccessSolution.

http://www.dgntechnologies.com/success/index.html 2/4
22/07/2016 DGNTechnologies:SuccessStories
CustomerChallenges:SemiconductorCompanyhadbeenusingolderversionofRiskAnalysisandRemediation(RAR)componentofSAPBO
AccessControl.TheytriedtoupgradefromRAR(ComplianceCalibrator)4.0toSAPBOAccessControl5.2buttheupgradefailed.Theycontacted
ustohelpthemupgradeandintroducethemtonewfeaturesofRAR5.2.TheyalsowantedtoimplementSuperuserPrivilegeManagement(SPM)
componentofSAPBOAccessControl5.2tomanageemergencyaccessandstaycompliantforelevatedaccess.

Solution:ByprovidingtechnicalguidancetoSemiconductorCompanyusingourextensiveknowledgearoundSAPBOAccessControl,thorough
understandingofSAPABAPandNetWeaveradministration,wewereabletosuccessfullyupgradetoSAPBOAccessControl(AC)5.2within2
weeks.WeguidedbusinessandITteamonprocessesaroundemergencyaccessanddesignedwellthoughtbusinessprocesses.Weguided
SemiconductorCompanyaboutthelatestfeatureandfunctionalitiesofAC5.2.SuperuserPrivilegeManagement(SPM)5.2wasimplementedby
applyingbestpracticesandfocusingoncustomerspecificindustry.ThecustomerwentlivewithRAR5.2andSPM5.2inlessthan2months.

Benefits:
SOXcompliantsolutionforemergencyaccess
BetterSoDcheckingandreportingusinglatestversionofSAPBOAccessControl

CaseStudy:GlobalMiningCompany

ThisGlobalMiningCompanyisaoneofthelargestcompanyintheresourcesindustryandisadiversifiedminer.Theyaresuppliersofaluminum,
coal,copper,ironore,mineralsands,oil,gas,nickel,diamonds,uranium,andsilver.Thecompanywentthruaacquisitionandmergerphaseandthis
ledtothemgrowingtoasizewheretheywentPublic.AspartofthisgrowthandgoingPublictheypreparedandtookthenecessarystepstobeready
foranauditandatthesametimestaySOXcompliant.

CustomerChallenges:ThisMiningCompanyhadselectedGRCAC5.3andduringtheimplementationtheyfirstimplementedRiskAnalysisand
RemediationandnextwantedtoimplementCompliantUserProvisioningcomponentsofSAPGRCAccessControl(AC)5.3tocomplywithSarbanes
Oxly(SOX).TheRiskAnalysisandRemediationcomponentwasinstalledwithinintheprojecttimelinewiththeusualhiccups.Therealchallenge
startedwhentheystartedimplementingCompliantUserProvisioning(CUP),astheclienthadSAPHRimplementedandtheywantedtohaveclose
integrationbetweenSAPHRandCUPcomponentofAC5.3andensurethattheyusershadgonethrupropertrainingbeforebeingassignedtoany
securityroles.

Solution:DGNGRCteamwasselectedforthischallengeafterwepassedastrictselectioncriterionbasedonpastsuccessfulimplementations,
experience,deliverablesandpricing.ThecoreDGNGRCteamconsistsofExSAPGRCand(Virsa)tookonthischallenge,utilizingourtechnical
expertisealongwithourprovenmethodologyforGRCimplementation.Wediscussedandgatheredclientrequirementsandimplementedthose
requirementsintoCUP.TofullyintegrateSAPHRwithCUP,weusedHRTriggersfunctionalityofCUP.AsaresultusersofMiningCompanywereable
todirectlycreaterequestsfornewhires,employeemoving,employeeoffboarding,etc.intoCUPviaSAPHR.Workflowsweresetup.CUPwas
integratedtotheirLMS(LearningManagementSystems).Thesuccessfulimplementationwasreceivedwithgreatadmirationfortheteam.

Benefits:
Streamlinedrequestcreationprocess
TheCUPLMSintegrationautomatedthisprocessandensuredthatcompanypolicieswereadheredtoalltimesandthatusersweretrainedbefore
gettingaccesstonewRoles.
TimeandcostsavingforthecompanyasredundantstepofrequestcreationinCUPwasremoved

CASESTUDY:SoftwareCompany

TheNeed:TheInformationtechnologycompanywithreputedglobalpresencehadexistingextensiveimplementationofSAPHRandatnocostcould
getcomplaintwithoutit,theneedforpositionbasedprovisioningwithaudittrackingreportbecamekeyrequirementforimplementingSAPGRC.

TheChallenge:Positionbasedsecurityisalwayschallengingandprovidingpositionbasedaccessprovisioningwouldwithoutdoubtbeatough
implementationtask.

TheAnswer:WithDGNprovenmethodologywewereabletoinparallelsupporttheProductionUsersandalsodesign,build,modifyandimplement
theexistingHRtriggerfeatureofAccessEnforcer.ForcohesiveintegrationbetweenCCAEandtoensurecompliancestandardsaremet,therules
specifictoSAPHRweredesignedandsetupinComplianceCalibratorwithDGNexperienceandexpertise.Adocumentedapproachwasfollowedto
allowsmoothtransitionfromdevelopmenttotesttoproductionsystems.Knowledgetransferandtrainingsessionswerescheduledateverystageof
transitiontomakesurethetechnologyteamstaysonsamepageastheGRCimplementationexperts.Thesuccessfulissuelesstransitionofgolive
wasrealizedwithadmirationfromalltheassociatedteamsandgettingtosupporttheproductfortwoquarterswascherryonthecakeforDGN
success.

CASESTUDY:PharmaceuticalsCompany

TheNeed:ThepharmaceuticalscompanywasaspiringforcomplianceandtorealizethisdreamDGNexpertswerecontacted.Thedesirewastoget
anautomatedcompliancemachinewhichnotonlyanswersFDAneedsbutalsoenableseasy,secureandsafebusinessfortheirplantsworldwide.
ThecompanysITsecurityteamrequiredtheremediationofexistingSoDsthroughouttheircurrentSAPlandscapeandenablingtheirGRC(formerly
knownasVIRSA)tohelpthemstaycleanhenceforth.

http://www.dgntechnologies.com/success/index.html 3/4
22/07/2016 DGNTechnologies:SuccessStories
TheChallenge:ThechallengeforGRCconsultantwastoremediateSoDconflictsforsuchalargeorganization.TheprojectinvolvedVIRSA4.0
implementationalongwithrevampingtheexistingroles.

TheAnswer:DGNSecurityAnalystresponsibleforhelpingmanageconfiguration,design,development,testingandimplementationofrolechanges
andassistwithsecuritystrategyalongwithdocumentedtrainingonbestsecuritypracticestobefollowedtostayclean.TheSecurityplansand
procedurewerewelldocumentedandextensivesessionsheldtoreachacollateralandcomplianceenvironment.BesidestheDGNSecurityteam,the
DGNGRCteamwasinparallelworkingonsettinguptheVIRSA4.0andenablingautomatedriskanalysisboxtoeasethelifeofITsecurityteam.The
Rulesetwasbuiltand,separateRuleMatrixwassetuptoanswertherequirementsoftheirglobalplantsanditwasmadesureallFDAregulationsare
met.TheSecuritySoDreviewofalltheroleswasperformedusingVIRSA4.0andtheremediationprocessexecuted.Afteritwasclean,theproject
washandedovertoITsecurityteamandproperKTwasheldfortohelpthemsupporttheproducthenceforth.

CASESTUDY:LargeAutomotiveCompany

TheNeed:ThisIndianautomotivecompanyduetoitsinternationalpresencerequiredtobeSOXcompliantandthewanttodoawaywiththeexisting
manual,riskmanagementprocessesledtolicenseofSAPGRC.TheCompanypoliciesdidnotsupportOnsiteconsultantsthereforeprimary
requirementwastoinstallandimplementtheproductremotelyacrosstheirECC6.0,BI7.0andEPlandscape.

TheChallenge:ThemajorchallengeforengagedGRCConsultantwastoinstallAC5.3suiteandcollaboratewithdifferentstakeholders,business
usersandtechnologyteamremotelyandhelpthemachievecompliance.Thecustomerwaslookingforremotesystemthatwouldassistnotonlyin
remoteinstallationbutalsoincompletingtheimplementationprojectandhelpthemgetridofexistingriskmanagementprocessesandhelpthem
establishinternationalcompliance.

TheAnswer:TheGRCBasisandfunctionalconsultantscollaboratedwithallconcernedteamsforsuccessfulinstallationandimplementationofGRC
AC5.3suite.TheinstallationwasperformedbothonABAPaswellasJavastack.RAR,CUPandSPMwereinstalled,designed,configuredand
closelyintegratedtomakebestuseofallitscapabilitiesensuringGovernanceandCompliance.Toensurecompliancefortheirplantsworldwide,
organizationruleswerebuiltandconfigured.Theproductsupportwashandledforsubstantialperiodaftergoliveandaftersuccessfulcompletionof
internalaudittheprojectwashandedovertosecurityboard.

2015DGNTechnologiesPrivacyPolicy

http://www.dgntechnologies.com/success/index.html 4/4