cancel
Showing results for 
Search instead for 
Did you mean: 

Questions about EAM production support processes

Former Member
0 Kudos

Our organization recently went live with Emergency Access Management in Access Control 10.0 SP19. EAM is quite different from our previous process for fire call access, so we are revisiting our support processes and had hoped to leverage some leading practices, or at least, consider whatever has been successful at other organizations.

1. Once the workflow notification goes out that a Firefight ID has been used, is it a good practice for  the GRC support team to do a review of the account/ the logs, too, or is that not really necessary?

2. Does an alert/ reminder go out if the log is not reviewed in a timely manner?  Should we put an escalation into the workflow? Can we tell when a log has not yet been reviewed? The Consolidated Log Report did not seem to provide such information. How does the GRC support team monitor that?

3. Does somebody besides the GRC Support Team periodically review the Consolidated Log Report?

Thanks,

Gretchen

Accepted Solutions (1)

Accepted Solutions (1)

kevin_tucholke1
Contributor
0 Kudos

Gretchen:

Just a few thoughts for you...

For #1:  Would the GRC support team really have the knowledge to look at the logs, which are highly technical in nature and understand what they are looling at?  In most cases, that is why the FF Controller is usually someone that is knowledgeable in the area the FF ID has access to.  I usually do not see GRC Support team involvement in that area.

For #2:  You can set reminders to go out on any Workflow by setting up the Email Reminder program for that specific MSMP Process ID.  You can utilize the Search Request functionaltiy in Access Management WorkCenter and view open EAM Log Report workflows in a list.

For #3, I am not in a position to answer that one.  Again, I kinda go back to answer #1.

Hopefully this helps and starts the discussion as I think this would be interesting to hear from other SAP Access Control Customers.

Cheers.

Kevin Tucholke

SAP America

Former Member
0 Kudos

Kevin,

#1. Here at this SAP shop, the GRC support team and the SAP security team are one and the same people; while perhaps not all have deep expertise in the functional areas, we build the roles and have a pretty good sense of what we are looking at in the FF logs. I can see that in a large COE where they are separate teams, that may not be the case.

#2 Thanks for that recommendation; I will discuss with the person who maintains our MSMP workflows.

Thanks for getting the discussion going.

Regards,

Gretchen

Answers (0)