on 01-29-2016 4:00 PM
Our organization recently went live with Emergency Access Management in Access Control 10.0 SP19. EAM is quite different from our previous process for fire call access, so we are revisiting our support processes and had hoped to leverage some leading practices, or at least, consider whatever has been successful at other organizations.
1. Once the workflow notification goes out that a Firefight ID has been used, is it a good practice for the GRC support team to do a review of the account/ the logs, too, or is that not really necessary?
2. Does an alert/ reminder go out if the log is not reviewed in a timely manner? Should we put an escalation into the workflow? Can we tell when a log has not yet been reviewed? The Consolidated Log Report did not seem to provide such information. How does the GRC support team monitor that?
3. Does somebody besides the GRC Support Team periodically review the Consolidated Log Report?
Thanks,
Gretchen
Gretchen:
Just a few thoughts for you...
For #1: Would the GRC support team really have the knowledge to look at the logs, which are highly technical in nature and understand what they are looling at? In most cases, that is why the FF Controller is usually someone that is knowledgeable in the area the FF ID has access to. I usually do not see GRC Support team involvement in that area.
For #2: You can set reminders to go out on any Workflow by setting up the Email Reminder program for that specific MSMP Process ID. You can utilize the Search Request functionaltiy in Access Management WorkCenter and view open EAM Log Report workflows in a list.
For #3, I am not in a position to answer that one. Again, I kinda go back to answer #1.
Hopefully this helps and starts the discussion as I think this would be interesting to hear from other SAP Access Control Customers.
Cheers.
Kevin Tucholke
SAP America
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Kevin,
#1. Here at this SAP shop, the GRC support team and the SAP security team are one and the same people; while perhaps not all have deep expertise in the functional areas, we build the roles and have a pretty good sense of what we are looking at in the FF logs. I can see that in a large COE where they are separate teams, that may not be the case.
#2 Thanks for that recommendation; I will discuss with the person who maintains our MSMP workflows.
Thanks for getting the discussion going.
Regards,
Gretchen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.