Step 1: Scan all the Single Role for SOD violations with a GRC Tool
Action: If there is SOD Remediate ( Fix objects values or Remove transaction code) or come up with a mitigation control with help of Function Team
Step 2: Scan all the composite Roles for SOD violations
Action: If there is SOD Remediate (remove roles or replace with different role) or come up with a mitigation control with help of Function Team
Step 3: If the policy is one composite role per user then transport all the compliance calibrator controls to production. Since all the Composite roles are mitigated or remediated all the users should be clean
Step 4: If the roles are determined based on user. Then each user has to be analyzed by GRC tool when they are setup in the system. If they have SOD then mitigate the user in directly in the system.
Tip: Template users like AP Manager, AR Manager, Fin Manager, WM Manager, SD Clerk, WM Operator etc can be setup in Production system. Then new user could be cloned from the template users. One advantage is the template users can be scanned with GRC tools. The Mitigation controls can be in place and the same mitigation controls can be applied to new users
No comments:
Post a Comment