Our free guide “Meeting Information Security Standards with SAP Security” provides recommendations and best practices for SAP security, based on conversations and experiences of working with SAP customers.  This document is a base template on how to approach Information Security Logging standards and how they can ensure individual accountability and provide evidence of legal requirements. 

We are constantly looking for input into this base template and feedback on experiences with working with SAP Security.  If you have any comments or feedback, please contact us here:  [email protected]

 

About the guide:

The primary objective with this collection of Best Practices is to ensure individual accountability and to enable investigation and collection of evidence for incidents, such as access violations, malware, and intrusion attacks, and fraud.

The secondary objective is to provide evidence of compliance against legal requirements and internal as well as external demands.

Fulfilment of Information Security Standards is valid for all Business Applications and IT Infrastructure owned or used by organizations classified with MEDIUM, HIGH or ENTERPRISE criticality level.

SAP along with other business applications containing personal data, confidential or strictly confidential information needs to be able to use logging to enable detection of application logic tampering and data breach investigations.

The Recommended Best Practices can provide business intelligence to an organization by

• Giving more in-depth insight into “what” has occurred
• Providing full security monitoring
• Enabling detailed visibility into access to personal data on SAP
• Supporting GDPR compliance

If you would like to discuss your own SAP Security experiences, please contact us for a consultation: