Topics
Regions
Industries
Back to Content

Vendors Mentioned


Key Topics Discussed

SAP Security: Dealing with cross-division access in Saint-Gobain

Reading time: 1 mins

Key Takeaways

⇨ Consistency in role methodologies is critical for large groups, especially when using outsourced providers.

⇨ Access risk solutions are a necessary foundation for effective access control, but education and ownership among process owners are also essential.

⇨ Governance, risk, and compliance is a continuous journey that requires ongoing efforts to manage access control and mitigate risks.

Saint-Gobain South Africa faced unique cross-division access control issues due to having multiple companies within a shared SAP ecosystem. With a mix of role methodologies and outsourced providers, they consistently failed access control audits. Through implementing a GRC solution and a role redesign, they established a solid foundation for access control and mitigated risks. Continual efforts such as user access reviews and identity management will ensure that their access control is effectively managed.

What is GRC as a managed service?
GRC as a managed service is a relationship between the service provider and client that contributes expertise along technical activities – it is a partnership where the service provider looks after the client as if they are part of the organization. For SAP GRC, a managed service extends beyond standard SAP authorizations to include risk, controls and audit support. As Saint-Gobain SA matures on their GRC journey, their internal expertise has allowed them to bring some of the activities in-house. This means that they no longer need to rely fully on
the outsourced support to perform authorizations functions. Instead, only role content changes now need to be outsourced, while the allocation of roles is handled internally. As part of this development, Saint-Gobain SA introduced an internal controls department. This has allowed ownership to move away from IT to the business, giving process owners better insight into, and control over, the risks within their domains.

Discover the critical lessons learned from Saint-Gobain South Africa’s access control journey and how they established a solid foundation for managing risks with Soterion.

Explore related questions

what is this?


More Resources

See All Related Content

Become a Member

Unlimited access to thousands of resources for SAP-specific expertise that can only be found here.

Sign Up

Become a Partner

Access exclusive SAP insights, expert marketing strategies, and high-value services including research reports, webinars, and buyers' guides, all designed to boost your campaign ROI by up to 50% within the SAP ecosystem.

Sign Up

Upcoming Events

  1. SAPinsider Las Vegas 2025

     

    March 18 - 20, 2025

     

    Las Vegas, Nevada, NV

     
    Learn More
    View Event

Sign Up for the SAPInsider Weekly

Always have access to the latest insights with articles, Q&As, whitepapers, webinars, and podcasts. Gain the inside edge. The SAPinsider Weekly helps you stay SAP savvy. Access exclusive bonus materials, discounts, and more.

Get the Newsletter