Benefits of implementing SAP GRC AC in Lifescience/Pharma.

Dear All,
Would be great if anyone could please share the benefits of implementing SAP GRC Access Controls in Lifescience/Pharma industry, more specifically which all regulations and laws it takes care of.
Regards,
Hersh.
Edited by: HERSH GUPTA on Dec 18, 2008 6:04 PM

Hersh,
Look for some of the Success stories out there. That should help you. Below is one of it.
http://www.securintegration.com/fileadmin/redakteur/binary/Success_Story_KRKA_SI.pdf
I too work at a Pharma client and having AC in place really helps. CC will help the internal SOX and audit team to verify that there are no SOD's. RE can streamline the role change approval process which will be of a great help when you see it from a auditor prospective. (You will always have the right approvals for the role changes a developer makes) and AE will help you reduce the paper work and the biggest advantage is the right approvals. Before using AE we used to have the paper based access request and we used to get a lot of audit issues because of the people approving roles that doesn't fall under their own space. (which will be taken very seroiously if it is a Pharma company.) FF advanages reamins the same across the industries.
Hope this helps,
Naveen

Similar Messages

  • What are the Benefits of Implementing SAP

    Could someone tell me how a company benefits from implementing SAP?

    To integrate all business processes and make information available to create a decisive organization.
    Focus on Business Processes
    Elimination of Redundant Data (Common & Consistent Data)
    Easier Corporate Consolidation
    Better Managerial Control
    Elimination of Interfaces
    Faster reaction to changing structures
    Organization/Customers/Competitors
    Integration is the Key
    Integration of all business modules
    Major reduction in time required for accounts finalization
    Easier Corporate Consolidation
    Cost control – Batch wise / Cost centre wise
    Centralised Inventory planning and control
    Reduction in Inventory carrying Costs
    Best Business practices across the organisation
    Elimination of redundant data
    Better Managerial control
    Data Integrity
    Enhanced Organisational flexibility
    Improvement in Personal productivity
    High Data availability
    Improved Order cycle time / accuracy / cost
    Hope this helps you.

  • Implementing SAP GRC CC 5.2 - Help with RTAs for SAP 4.0B & 4.6B Needed

    We are in the process of implementing the SAP GRC Compliance Calibrator 5.2 across multiple environments including SAP legacy systems.  Our key issue is that we cannot find any RTAs for SAP 4.0B and 4.6B.
    I am positive that someone has done this somewhere out there so I am looking for any information and/or solution that you may have implemented to resolve this.
    Would you be kind enough to send the information to me asap.  I can be contacted on my personal email [email protected]
    Many thanks,
    Carlos

    Dear Carlos,
    Available RTAs :
    SAP 4.6B and above
    PeopleTool 8.46
    Oracle eBusiness Suite 11.5.10
    Hyperion HFM 4.1.0
    In order for target systems to connect to Compliance Calibrator, each Real Time Agent (RTA) must:
    Have an entry in the operating system services file of the NetWeaver server
    Server must be restarted before new client entries are registered
    Be defined as a Technical Landscape in the System Landscape Directory (SLD)
    Have a login account for Compliance Calibrator to use for connection
    This account information is used for configuring the Java connections
    Regards,
    Naveen.

  • SAP GRC 10.0 on ECC

    Hi Guys,
    We are planning on implementing SAP GRC 10.0. Our Basis guy has suggested that we can use ECC (EHP 6) box for installing the add on(GRCFND_A) component for it. The reason for this is to avoid adding another system to the landscape and to reduce the cost of implementation
    Are there any known issues using this approach?
    Thanks in advance,
    Silver

    Hi
    the GRC project is totally IT driven.
    I get why you are having to drive this - especially when you have to respond to audit requirements and your focus is on support processes.
    However, GRC is all about business risk management - Governance, Risk and Compliance (well internal controls). The GRC System is just the tool to manage this. Without business buy in how is this going to be successful? Who will review business process to determine what a risk is? Who in a senior leadership position will determine what risks are acceptable? Who will determine appropriate controls, report on them, and more importantly enforce them? Who in a leadership position will champion the project and support why a user must work a certain why (including access removed from them)?
    I get that you are focussing on a POC and trying to minimise cost but what happens post POC? I've given recommendations where I've said don't put in GRC until you sort your process and culture. I've done this as much as the innner techy in me knows I won't get to play with a new toy because without all the business buy-in you will have a system built and deployed that gives you a false sense of security when it comes to managing access controls.
    Another way to look at the SP issues - what happens if it's on ECC and the functional team (aka the business representatives) demand an SP increase for their functionality? They proceed to increase SP and now your functionality stops working.. which then impacts the business as you can't process their access requests and give them timely access to the system (assume this is your business case). Are your basis team going to tell the business that they can't have the SP stack increase because IT needs the system on a certain level and they need to wait until next time it's compatible?
    Good luck with your POC. I understand it will allow you to use the tool and check what will work for the business. If you are still undecided on system landscape post POC, take care in having that decision made for you. As you go down the POC path and time runs out the project may move from POC to design/build and now that it's working there will be reluctance to move it to a separate system.
    Regards
    Colleen

  • SAP GRC 10.0 - Risk Analysis - Define global variant

    Hi Experts,
    We are implementing SAP GRC 10.0 and we have a question about variant management in Access Risk Analysis.
    When we saved a variant, it seems that this variant is user specific.
    Is it to possible to define this variant as default for all users?
    Thanks.
    Best regards,
    Nicolas RICHARD

    Hi,
    I think this is still user-specific, as it was in 5.X. I have checked the new GRC authorisation object parameters delivered within the roles and also tried to see if a Admin user was able to see all the variants created by the different users, but so far I have not found a solution.
    It may be worthwhile to raise this in "IdeaPlace", hoping it gets enough votes and SAP's attention for implementing in a future Support Pack delivery.

  • LDAP Setup in SAP GRC 10 system

    Hello All,
    We are implementing SAP GRC 10 and trying to connect GRC with LDAP to sync users but we are facing below error while doing configuration in LDAP t-code
    Errro “Could not login to directory “
    But it’s working fine when we are trying to login throw ldap.exe to check host and other things.
    Please let me know where we I can check the configuration in GRC and LDAP system to correct the same.
    Thanks & Regards,
    Jagat

    Hello,
    Please check other configuration screens from GRC and LDAP.exe tool
    Screen 1 – LDAP Server
    Screen 2 – System User
    Screen 3 – LDAP Connector Setting
    Screen 4 – LDAP.exe

  • "SAP GRC Process Control!

    Hello I need your help... Somebody can give a page or documentation regarding how can I implement SAP GRC ! please... I have not found anything
    Thanks a lot for your help
    Rocio.

    Help is on the way.  We shall soon be creating an area with just that content and you will find it under the BPX area.
    There presently is a <a href="http://download.sap.com/download.epd?context=6CA035176C768FE0ED76E4C6213BF0362A7FEEAC7EA965C9986CE74DB8847AEA4D0E005FA43163313D23BF6F8D580B9EB4947D6C2D80CB25">solution brief</a> available as well as a <a href="http://www.sap.com/solutions/grc/grcprocesscontrol/index.epx">demo</a>.
    Here's the <a href="https://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/sdn/bpx-grc">GRC homepage</a>

  • List of Issues/ problems in SAP GRC AC 5.3 Implementation

    Hello,
    Can anyone provide me with the list of most commonly occurring problems related to
    1- SAP GRC Suite Installation
    2- RAR Module implementation
    3- CUP Module implementation
    4- ERM Module implementation
    5- SPM Module implementation
    6- SAP PC 2.5 implementation
    7- SAP RT Module implementation
    8- SAP GRC Suite Upgradation.
    Thanks in advance!!!

    Hi Abdul,
    As such there are no issues in implemeting the AC modules.
    Just make sure that you undeploy previously installed SP before deploying the new Support packages.
    1. You have to upload the initial file (xml files) again in CUP and ERM. These files should be corresponding to latest support pack.
    2. upload the CC 53_Messages.txt file in RAR with every upgrade.
    Also restart the server after deploying any following the above steps.
    For RT you can follow the note 1225960, 1060673 and make sure to restart the server after configuring the SAP Adapter.
    Regards,
    shweta

  • Scope and Proposal preparation for SAP GRC AC Implementation.

    Hi ,
    I would like to know procedure how the RFP (Request for proposals) are prepared for SAP GRC AC Module implementation. and also how the scope and effort estimation are calculated.
    are there any guidelines and checklist are available to be followed.
    is there any generic approach followed during SAP GRC AC implementation for proposal as well as for effort estimation.
    Pelase clarify my doubts
    Regards,
    RK

    Hi,
    Use RTA on SAP BASIS 7.00 System for any system other than ECC which has ABAP and Basis Level 7.00 with Kernel 7.00
    I don't see any option for 7.20, may be it will be available later on.
    We have SRM connected to GRC so I can cofirm, yes it is possible to connect SRM to GRC and work with SRM rulebook. RTA and Post-RTA activites and JCO and RAR connectors are a must to get it work properly. In fact all configurations are required as it is in ECC system.
    No HR RTA is required ,as there is no HR module in SRM.
    Regards,
    Sabita

  • SAP SP necessária para suportar os componentes para o SAP GRC NFE 1.0 no XI

    oi,
    Como estamos atualizando as nossas caixas de XI de SAP XI SAP PI 3.0 para 7,11, verificando o SLD notamos que Nota Fiscal componente de software está disponível. Assim, a pergunta é o que é que os Service Packs do sistema fonte precisa ter, a fim de fornecer todos os componentes necessários para a NF-e?
    temos dois sistemas de fonte da qual enviamos os dados para XI, você pode sugerir o que é o pacote de serviços adequados para apoiar SAP GRC NFE 1.0 no XI
    1> 6,0 SAP ECC, SP, 14
    EHP 2, Nível 2
    PI_Basis = 2005_1_700, Level 14
    ST = PI 2008_1_700 Nível 2
    2> 6,0 SAP ECC, EHP 4
    Muito obrigado

    Ola, vi o seu e-mail mas resolvi responder por aqui!
    Na realidade, se voce for realmente trabalhar com o GRC, dependendo da secretaria da fazenda que voce ira trabalhar aconselhor que voce aplique o sp15 no grc, consule SAP Note 1487119, nessa nota haverao todos os procedimentos necessarios.
    Como haviamos falado anteriormente por e-mail, seria necessario, caso vc realmente queira trabalhar com o GRC a aplicacao de algumas notas tecnicas no proprio GRC.
    1477834     XML Layout Version 2.00: Missing parameters in NF-e BAdI
    1487119     SAPK-10015INSLLNFE: Support Package 15 for SLL-NFE
    1496216     Rejection of NFe because of wrong data type of date fields
    1499921     Problem with validation after implementing SP15
    1498700     Problem on signing NF-e
    1497767     Fill field qTrib for new layout version 2.0
    1500046     Upgrade validation rule for field ID for version 2.0
    1500742     Adjust validation for field NADICAO and NSEQADIC layout 2.00
    1501545     Problems in trying to see a XML in the IE
    1502612     Select the NFe Status Check Service for Incoming B2B message
    1502217     Extend validation rules for <DI>/<adi>, layout 2.00
    Sem mais, precisando me mais ajuda avise

  • SAP GRC NFE

    Hello,
    eu estou trabalhando no electronica fiscal de Nota. Nós temos seguintes sistemas: --
    SAP R/3 -
    SAP GRC NFE--JAVA (assinaturas digitais)-SAP NETWEAVER PI/XI -
    As AUTORIDADES (PARA A AUTORIZAÇÃO)
    como eu verificam a conexão entre estes sistemas. Como eu sei uma comunicação existe entre
    SAP GRC NFE--JAVA (assinaturas digitais)-SAP NETWEAVER PI/XI -
    A conexão das AUTORIDADES (PARA A AUTORIZAÇÃO)
    foi feita já com sucesso entre SAP R/3 E SAP GRC NFE através do RFC.
    Por favor ajuda.
    Agradecimentos adiantado,
    Honey

    Bom dia Honey,
    Além da comunicação entre os sistemas, você deve customizar as Sefaz-es e também os CNPJs na SPRO do GRC.
    Acompanhe as telas aqui:
    SAP GRC NFE 1.0 - New Solution Introduction & Implemention Best Practices
    Você pode testar o serviço assinador (java) diretamente pelo web service:
    Web Service Navigator
    Leonardo deu uma boa dica para testar o customizing dos serviços e comunicação com o sistema externo (Sefaz).
    Atenciosamente, Fernando Da Ró

  • SAP GRC 10.0 Risk Management - Forecasting Horizon Scoring Analysis Mode

    Hi everyone,
    In SAP GRC 10.0 Risk Management Support Package 7, we need to assess a corporate risk by performing an automatic analysis aggregation based on a scoring analysis profile.
    The problem is that corporate risks must be created based on a forecasting horizon.
    So, can we create forecasting horizons with scoring analysis mode? How? Must be enabled through customizing or applying a SAP note?
    Best Regards,
    Chema Traveso

    Hi,
    I think this is still user-specific, as it was in 5.X. I have checked the new GRC authorisation object parameters delivered within the roles and also tried to see if a Admin user was able to see all the variants created by the different users, but so far I have not found a solution.
    It may be worthwhile to raise this in "IdeaPlace", hoping it gets enough votes and SAP's attention for implementing in a future Support Pack delivery.

  • SAP IDM 7.0 connecting to SAP GRC 10.1

    Hi Gurus,
    I was looking into connecting SAP IDM 7.0 with SAP GRC AC 10.1 and I cannot find a suitable connector for this.
    Could any of you provide some guidance on how to make this connections.
    Thanks and Regards,
    Juan

    If i remember correctly the 7.0 version had only mx_provision, mx_deprovision and mx_modify -tasks so the integration would have be built on these tasks. As there is no validate add task to hang the GRC call GRC would have to do provisioning.
    7.0 datamodel is different than 7.2, I haven't studied in detail but would guess there is enough difference also in the tables that store tasks/jobs etc that the 7.2 GRC provisioning framework would not   even import to 7.0. You would need to set-up a 7.2 on the side to study the framework to see how to duplicate the tasks..
    VDS in the middle is another thing as it would need to be able to communicate with your custom connector in 7.0.
    If you must stick with 7.0 maybe the GRC connector of 7.1 is worth a try.. But you would probably need also older VDS.
    Depending on the level of your existing customisations and what data from 7.0 is worth keeping the upgrade to 7.2 is not necessarily big thing compared to the effort of building the interim custom interface.. The real question is how big and complex is your 7.0 implementation?
    regards, Tero

  • Benefits of implementing Central Contracts in SRM 7.

    Dear Experts,
    Picture the following:
    - Classic Scenario.
    - One ECC 6 EHP 4 Back end.
    I'm currently exploring the benefits of implementing Central Contracts against using only Purchasing Contracts in ECC and replicating them to SRM for use in the Shopping Carts.
    So my question is why would you implement central contracts in SRM instead of just replicating these contracts from ECC? What benefits would you get out of having central contracts in place against having only Purchasing Contracts in ECC?
    Thanks for your input.

    adding to Manju one point .
    - Procurement department(PURCHASER) can use web interface to create / manage contracts rather GUI interface and quick contract creation / maintenance
    - Approval mechanism simplified with less efforts.
    - Different ways to create a contract from SRM
       Copy an existing contract
    Use an existing template
    Upload an external file
    Upload a contract from the catalog
    Muthuraman
    1.You can use this business process to access SAP SRM contract features, such as contract hierarchies, discount across contract hierarchies, and grouping logic, when determining source of supply in SAP ERP.
    2.You can create a central contract in SAP SRM, and it can then be used as source of supply in both SAP SRM and SAP ERP. Relevant data is sent to SAP ERP for a source of supply determination, and a specific type of contract or scheduling agreement can be created there.
    3.While determining a source of supply, you can access central contracts directly.
    4.The price is determined in SAP SRM before the SAP ERP purchase order (PO) is sent to the supplier.
    5.You can create and change central contracts and renegotiate existing contracts directly with a supplier, or through the creation of an RFx. You can automatically assign a contract as a source of supply, or it can be listed as one of numerous potential source of supply contracts. A strategic purchaser can create a contract whenever they anticipate a long-term relationship with a supplier.
    6.Contract management enables purchasers from various parts of the company at different locations to take advantage of the terms of globally-negotiated contracts for specific product categories. You can provide users with specific levels of authorization to contracts, and you can categorize documents as confidential.
    6.You can distribute central contracts to release-authorized purchasing organizations, and these organizations can then use them as source of supply in the appropriate SAP ERP system. Hierarchies can be used to organize, structure, display, and search for contracts.
    7.If you use SAP NetWeaver Business Intelligence (SAP BI), you can view various consolidated reports of contract management. For example, you can view aggregated value released against all contracts in a contract hierarchy.

  • Alternatives to SAP GRC Tool to monitor compliance & automatic provisioning

    Hello Gurus,
    Not sure if this would be the right forum to ask this but surely there exist tools in the market which are viable alternatives to the SAP GRC Tool. We are a large semiconductor firm and currently manage role assignments, user provisioning and auditing manually.It is a huge cost overhead and is labor intensive.
    Looking at possible alternatives?
    SAP GRC Tool is a strong contender but I am trying to weigh in other options with it and their comparisons.
    To your minds, what would be the biggest advantage of implementing GRC versus any other third party tool? What is the distinctive edge it provides? This is also to help me build a strong business for pushing GRC to the management.
    Appreciate any thougts/ideas/suggestions, at the earliest!! Much appreciated.
    -Tan
    Edited by: Tania Nijhawan on Jul 21, 2011 2:19 AM

    Hi Tania,
    GRC is a convenient grouping of solutions that have been developed and acquired over time. There are pros and cons in every application and no one can say that SAP GRC is 100% best and un comparable with any other compliance product in the market.
    But, I can strongly say that GRC gels well with all the SAP flavours such as ECC and BI, and it is easy to implement, incorporate, and manage.
    With the introduction of GRC 10, SAP is looking at more features and easy to manage compliance solutions. I bet you can't get A to B product comparision anywhere. I rather suggest you to look at the top ten features and advantages in different products in terms of deployment, adaptability, user friendlyness etc., and opt for the right one.
    Regards,
    Raghu

Maybe you are looking for

  • Services not testing in SICF

    Hi All i have installed Netwever BI 7.0.All the post installtion steps are also completed.The problem is that i whenever a test any service in SICF,it fails.Bex broadcaster is also not working.I think it is related to service issue.Kindly suggest. Sh

  • Import large data

    Hello, I have 800 million entry. I have been testing import into the database (with Base API) and with 30 million entry the database size on the disk is 13GB. Which is too big and would make my entire database approx 350 GB. Is there some way to redu

  • Synching photos on to ipad 2 is creating multiple images on ipad

    we are synching imac to ipad and the process seems to eb creating multiple copies of the images, so we are getting up to 12 copies of each image landing on ipad 2

  • Need Video Effects for project (see what kind in description)

    Need background flames, inversion of colors, bluring, and the ability to put pictures on top of the current video. Sorry for being so blunt.

  • Should I install the 10.7.3 combo update?

    Hi, I've just read many reports of users experiencing problems with OS X Lion 10.7.3 when installed from the software update. I successfully updated 5 Macs using this method (hence not from the combo update). Should I install the combo update on top