Data protection and compliance synchronized
Reconciling the two is like synchronizing two gears of different sizes, where one is supposed to mesh with the other. To elegantly dovetail data protection and compliance, the software company Sivis from Karlsruhe, Germany, has developed modular software.
The Compliance Manager has been around for some time now. It not only checks the set authorizations in real time, but also checks them for weaknesses, risks and violations of laws and regulations similar to the DSGVO before they go live. In addition to checking critical activities and authorization combinations, system parameters are also scrutinized.
"With the Compliance Manager, you have a clear overview of your authorization concept at all times. In addition, there are solution suggestions for quickly correcting conflicts. And an audit with relevant security queries. Extensive evaluation options are also included."
describes Sivis CEO Kai Bounin the finesse of the manager solution.
And for those in a hurry, there is the Compliance Reference Manager, which already contains a best-practice set of over 500 rules and is continuously expanded and updated. The strengths of this solution also include a field-tested selection for online and offline audit runs.
350 critical combinations from 150 critical activities provide delight for both internal auditors and auditors. Of course, the Compliance Reference Manager is adaptable to individual requirements.
Since May 2018, the European Union's General Data Protection Regulation (GDPR) has governed the processing of personal data by private companies and public bodies.
This is intended to protect personal data within the EU and at the same time regulate the free movement of data within the single market. Since then, companies have also had to handle personal data in accordance with the rules - otherwise they face severe fines.
What does an entrepreneur really need to do to comply? Secure the rights of customers and their customers. These include the right to information, the right to erasure, the right to rectification and the right to object.
With the data protection cockpit, all information stored in the Sivis Suite for a user is available at the push of a button. Changes or deletions can thus be made from a central location.
"However, personal data cannot always be deleted, as a reference might be lost and thus the data model would be broken. In these special tables, the data is anonymized, so that it is no longer possible to draw conclusions about this person."
explains the programmer responsible, Daniel Heimburger. The data protection cockpit is now an integral part of the Sivis suite.
"Our solutions can of course do both: ERP and S/4 Hana. When switching software without any problems, all functionalities are of course retained"
says Vladimir Kornyushkin, head of programming.
Audit-compliant SAP documentation
The Concept Manager for audit-proof SAP documentation has been available since last October. It provides automated naming conventions, connected target systems and customized concept reports in PDF format in real time and without media breaks.
With its help, internal and external auditors can quickly gain a complete overview of a company's authorization concept. In times of the DSGVO, this audit-proof SAP documentation is a market advantage that should not be underestimated and also gladdens the auditor's heart.
With the help of the Concept Manager, you can get an overview of the authorization concept - from the administrator to the specialist department to the internal or external auditors.
If desired, tables can be shown or hidden. Of course, the solution can also be configured individually. Or when it comes to shortening the training period for new employees from support or other departments.
The Concept Manager can do much more thanks to a ready-made template with logging system configurations. This can be downloaded initially and, for example, filled with the company's own best practice content.
Sivis has a great deal of practical knowledge when it comes to synchronizing complex processes related to authorization management.