Access Keys:
Skip to content (Access Key - 0)

GRC & Segregation of Duties (SOD)

The GRC and SOD Projects completed the first phase of implementing the SAP GRC tool, and cleaning up SOD violations for VPF and IS&T users, in June of 2013. As part of these two initiatives, new roles & responsibilities, processes, and reports were developed. Documentation and training materials on each of these can be found below.

On This Page

1.0 GRC Roles & Responsibilities

For those users with new responsibilities relating to GRC, below are quick reference guides for each role that provide an overview of processes in which they are now involved, and tasks for which they are now responsible. Also included, for future reference, is an overview of all responsibilities as they were defined during the project.

Risk Owners

Role Owners

Business Analysts (BAs)

Business Systems Analysts (BSAs)

All Users (During SOD Project)

2.0 SAP Security & Governance Processes

Detailed process documentation was created for five new GRC-related processes. This documentation includes both flowcharts and detailed descriptions of each step, including the person responsible and details of the task to be completed.

Process 1: New or Amended Roles

Process 2: Mitigation Analysis

Process 3: New Users and User Role Provisioning

Process 4: FireFighter Users and Roles

Process 5: Periodic Compliance

3.0 GRC Reporting

A total of 15 new GRC reports, along with 2 SUIM (ECC) reports, were deployed to users in IS&T and VPF. Below are the detailed job aids created for each of these new reports, along with general reference documents for repeated actions related to GRC reporting. A quick reference guide for reporting is also available here: GRC Reports Quick Reference Guide.docx.

3.1 Job Aids

3.2 Reference Documents

4.0 Additional Documentation

4.1 SOD Analysis Steps

4.2 GRC Change Events

4.3 Proposed GRC Forms

4.4 GRC & SOD Terminology

5.0 Training Materials

5.1 Training Presentations

5.2 Training Packages

Please contact grc-sod-www@mit.edu with any questions.

IS&T Contributions

Documentation and information provided by IS&T staff members


Last Modified:

June 26, 2013

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
c-grc c-grc Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use

This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki