Skip to Content
avatar image
Former Member

GRC - SAP Updates to the ruleset

Hi,

Can someone bring me up to speed on "updates to SAP GRC Ruleset.?"

Our company has been using GRC (AC-RAR-5.3_07.) for almost two years now. At the implementation of the tool, we were provided with an "out of the box" generic ruleset which we used as a guideline for the structure of our environment.

Now as we are progressing; I'd like to know how oftern SAP provides updates to the standard GRC ruleset? Where do we get these? What are other folks doing to give consideration for the new changes? How often are other companies reviewing the new data?

Your help is greatly appreciated!

Regards,

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

5 Answers

  • avatar image
    Former Member
    Sep 22, 2010 at 08:42 PM

    Hi,

    SAP deliver Rule SEt updates every quarter. Last one is published under SAP note 1446680: Note 1446680 - Risk Analysis and Remediation Rule Update Q2 2010.

    You get this updates from SAP Marketplace.

    Check also SAP Note 986996.

    Hope it helps. Best regards,

    Imanol

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Is there a way to get these notes automatically sent to me? Or do I just need to periodically search for them?

  • avatar image
    Former Member
    Sep 22, 2010 at 08:53 PM

    You have to search for them.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Sep 22, 2010 at 10:00 PM

    Wrong thread - moving post 😊

    Edited by: TDCumm16 on Sep 22, 2010 5:06 PM

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Sep 23, 2010 at 07:15 AM

    jmsreyes ,

    best method is to create one message with GRC every quarter and they will update you with correct information

    regards,

    Surpreet

    Add comment
    10|10000 characters needed characters exceeded

    • I would really guard against updating your ruleset with the SAP standard one every time.

      The SAP ruleset is there as a kick start or accellerator. Once you have reviewed it initially, you need to ensure that it fits your organisation's needs. It is deliberately generic as it is designed to assist the majority of companies to start classifying risks.

      Once you have localised it to your requirements, you should assess against internal requirements (and your auditors) not just take a global view from SAP's standard.

      Simon

  • avatar image
    Former Member
    Sep 23, 2010 at 11:21 PM

    Please check the SAP Notes referred below:

    SAP Note 1373465 - Rule Upload and Rule Import - Explanation of functions

    SAP Note 1033326 - Risk Analysis and Remediation Rule Upload guidance

    SAP Note 986996 - GRC Access Control- Best Practice for Rules and Risks

    Regards,

    Dipanjan

    Add comment
    10|10000 characters needed characters exceeded