White Papers for Sarbanes-Oxley (SOX)

Is Your SAP System Secure During Emergency Access

Security Weaver

The manner in which emergency system access is granted can lead to regulatory compliance problems, especially if authorization is granted without appropriate controls on the viewing of sensitive information. For example, for enterprises in the health care, pharmaceutical, or public securities sectors, the assignment of temporary system access can present the opportunity for unauthorized access to protected information, such as medical or financial records. As a result, any IT department that does not place sufficient controls on user access to sensitive information risks non-compliance with federal regulations such as Sarbanes-Oxley (SOX), Health Insurance Portability and Accountability Act (HIPAA), or the Gramm-Leach-Bliley Act (GLBA). This non-compliance can result in substantial fines and/or legal penalties to the enterprise.

In light of potential liabilities, enterprises must now maintain highly detailed and audited documentation on each support user that is granted emergency access to their enterprise business systems. These records must show a complete transaction history of all access sessions in order to provide substantiated evidence that the user did not access or modify any unauthorized or sensitive information.

This white paper will identify the many challenges that SAP customers face by granting emergency access privileges within their enterprise information environments, and will detail the way that existing solutions fall short in effectively managing and auditing user information during emergency access sessions.

View the White Paper

Share or bookmarklet this web page at: