I have a GRC (10.1) connecting to a backend SAP system, let's called A. It uses one GLOBAL ruleset. Over the years, we customized directly on GLOBAL ruleset (without first make a copy) with customization such as creating new Z Risk, adding Z t-code ... Hence this GLOBAL was overwritten and "dedicated" to system A only.
Now we have a new SAP system, called B, connecting to GRC. The B can't use GLOBAL ruleset in GRC for it's customized for A only. The B needs to use GRC original standard ruleset (without customization) which I don't have in GRC anymore (already overwritten).
What is the best & safe approach to resolve this situation ... the simple approach and has NO impact on Mitigation (we had a huge mitigation list) ?
We mitigated users & roles against risk ID (ie: mitigate against F001*).
System A uses ARA & EAM. System B (new) uses ARA only. Both are SAP non HR. Thank you