Skip to Content
avatar image
Former Member

GRC Ruleset Best Practices for Quantity of High, Medium and Low Risks


I am beginning to investigate our ruleset in order to validate each risk. Knowing that each ruleset is specific to it's organization, I am curious if there are any sources that list typical risk level calssification for each risk. I am hoping to find a resource to compare the typical risk level classification against my current ruleset.

Any ideas and help is greatly appreciated.


Nathan K.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • avatar image
    Former Member
    Jul 30, 2014 at 07:22 PM

    hi Nathan,

    SAP provide pre defined rules as text files in 5.x and as BC sets for activation in 10.0. You should be able to find the BC sets within your system (should contain the words GRAC and RULESET). Over the years the rule sets delivered by SAP have been updated and refined, but majority of the rules defined have remained the same as a whole.

    From these pre delivered rules you should be able to compare the "standard" definition to your custom rule definitions.

    I Hope that helps.

    Add comment
    10|10000 characters needed characters exceeded