SAP Delivers Best Practices for GRC Access Control Solution

Developed in Conjunction with GRC Customers and Partners, SAP® Best Practices Offering for SAP® GRC Access Control Accelerates Compliance Implementations, Reduces Risks and Lowers Costs

WALLDORF, Germany.- Drawing on the proven, best-in-class implementation expertise of its governance, risk and compliance (GRC) customers and partners, SAP AG (NYSE: SAP) today announced the availability of a new SAP® Best Practices offering in support of SAP® GRC Access Control, a market-leading application for monitoring and enforcing user access and authorization controls. Leveraging the key learnings and proven implementation know-how of SAP GRC customers and partners across multiple industries and geographies, this new SAP Best Practices offering provides SAP GRC Access Control customers with common out-of-the-box business processes and scenarios, pre-configuration settings, and support, methodologies and documentation to help accelerate their compliance solution implementations while reducing risk and controlling costs.

SAP Best Practices offerings enable customers to benefit from the company’s 35-plus years of industry leadership in business applications. SAP customers around the world use SAP Best Practices to fast-track solution implementations, improve operational excellence and accelerate return on investment. This new SAP Best Practices offering has been specifically designed for SAP GRC Access Control, a key component of SAP® solutions for governance, risk and compliance (SAP solutions for GRC). SAP GRC Access Control helps prevent fraud and misuse of information and helps maintain compliance with international financial reporting and risk management regulatory mandates. The SAP Best Practices offering for SAP GRC Access Control is immediately available to SAP customers as a free download at http://help.sap.com/bp_grcv152/GRC_US/HTML/index.htm

“We look forward to using the project accelerators from SAP Best Practices for SAP GRC Access Control soon,” said Sekhar Palli, senior director, Enterprise Applications at Credence Systems Corporation, a provider of debug, characterization and automatic test equipment (ATE) solutions for the global semiconductor industry. “Even though our project is already underway, we believe the packaged process documentation and guides can accelerate the knowledge transfer to our own project team members and our end users. Working with our implementation partner, DGN Technologies, we look forward to taking advantage of the offering’s proven, best-practices approach to implement SAP GRC Access Control where possible, while still providing us the flexibility to tailor and optimize the configurations to our specific requirements.”

“The rising number of regulations worldwide is driving the costs of compliance and a need to more efficiently manage internal controls,” said Ranvir Singh, president and CEO of DGN Technologies, an IT services and implementation firm. “As an SAP systems integrator, we’re seeing considerable demand from our customers for SAP solutions for GRC, including SAP GRC Access Control, to help them navigate this increasingly complex compliance world. SAP Best Practices for GRC Access Control will provide a consistent and proven methodology to fast-track successful implementations, minimize time to compliance and generate faster ROI.”

SAP GRC Access Control provides a comprehensive, cross-enterprise set of preventive and detective access controls that enables all corporate compliance stakeholders – including business managers, auditors and IT security managers – to collaboratively define and oversee proper segregation of duties (SoD) enforcement, one of the key controls for regulatory compliance and data privacy. The access control application from SAP addresses critical customer requirements for risk analysis and remediation, enterprise role management, compliant user provisioning and superuser access management. Hundreds of companies worldwide use SAP GRC Access Control to help them manage their compliance process for access and authorization control and remain compliant with an increasing number of regulatory mandates.

“We’ve begun using the new SAP Best Practices offering for SAP GRC Access Control with our clients, and already we’re seeing a significant increase in implementation speed, efficiency and results,” said Harry Sandhu, president of Savera Systems, a GRC consultancy and systems integrator. “There’s no more reinventing the wheel. With SAP Best Practices, from the get-go we’re able to leverage a proven, turnkey, highly flexible framework that saves considerable time, money and resources on deployment, allowing our team and our clients’ staff to focus on other important business priorities.”

SAP Extends Position as Compliance Market Leader
Leading companies around the world are increasingly turning to SAP to help them meet their compliance needs. In the past year, the number of new SAP GRC Access Control customers has more than doubled, with particular strength seen in the consumer products, high tech, chemicals, oil and gas, life sciences, and utilities industries. SAP GRC Access Control is available and being used by leading organizations in all major geographic regions.

“Due to the increasing complexity of regulations and the damage that non-compliance can cause companies, we continue to see a sharp rise in demand for our GRC solutions, with SAP GRC Access Control being one of the most requested solutions within the SAP GRC portfolio,” said Narina Sippy, senior vice president and general manager, Governance, Risk and Compliance Business Unit, SAP AG. “True to our mission to provide best-of-class solutions for GRC by combining business-critical applications with deep industry expertise, we’ve added the new SAP Best Practices offering for SAP GRC Access Control to further enhance our offering and safeguard our customers’ success.”

SAP GRC Access Control has been evaluated in recent months by leading industry analyst firms. In February 2007, Gartner rated SAP as a “Strong Positive,” the firm’s highest rating possible, in its “MarketScope for Segregation of Duties Within ERP, 2007” report.1 In Forrester Research’s “Segregation of Duties: A Building Block for Enterprise IT Controls” report, issued in March 2007, the independent analyst firm evaluated eight application controls monitoring and automation vendors for their ability to meet four critical criteria, with SAP successfully meeting all requirements and lauded for its “strength in access controls and SoD for the SAP environment.”2

1 Gartner, “MarketScope for Segregation of Duties Within ERP, 2007,” by Paul E. Proctor, Jay Heiser and Neil MacDonald, February 9, 2007.

The MarketScope is copyrighted 2007 by Gartner, Inc. and is reused with permission. The MarketScope is an evaluation of a marketplace at and for a specific time period. It depicts Gartner’s analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the MarketScope, and does not advise technology users to select only those vendors with the highest rating. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

2 Forrester Research, “Segregation of Duties: A Building Block for Enterprise IT Controls,” by Michael Rasmussen and Paul Hamerman, March 20, 2007.