Hermosa Beach Consulting Group
Case Studies

Case Study: Bringing Business into Security

Challenge:   This Multi-National Medical Technology Manufacturer was already involved in a multi-phased implementation with its first phase including 800 users approximately two months away from going live. The implementation work was more than half way through the integration testing phase and an extensive number of security issues, such as missing roles or incomplete authorizations to perform business critical functions, were present. The client asked The Hermosa Beach Consulting Group (HBCG) to perform a review of the existing design and implementation methodology, and subsequently leverage the existing design to assist with improvements. The Company was implementing SAP Enterprise including AM, AP, AR, GL, CO-CCA, CO-PCA, MM, PS, SD modules and BW and APO systems.

HBCG performed a comprehensive review of the current design and found that the issues being encountered were primarily the result of miscommunication and incomplete understanding between the business process teams and the technical security team. The security team understood the technical aspects of building and managing security and the limitations of SAP security, while the process teams understood the business requirements; the teams were not able to communicate or fully understand each other’s requirements or limitations. Furthermore, there was a lack of security involvement to-date in integration testing which meant the issues caused by this were not being detected. HBCG assisted the client to formulate a detailed action plan, which included integrated Business Requirements Workshops between the business process and Security teams. The rounds of workshops were designed to educate business process owners on SAP security, gather business requirements from the business process owners, and review the role design to ensure security met the business’ needs. Once the roles were signed off and accepted by the business, security was integration tested by utilizing existing test scripts to be executed using security roles. HBCG ensured that security became involved with the integration test process and was represented on the testing team. Scripts were reviewed to ensure business critical processes and business process controls were included within the scripts, and that both positive and negative security testing was performed.

Result:   Subsequent phases of testing had fewer security-related issues. The Company successfully went live with their first phase with their users having access to business critical transactions, few issues with those transactions, and business processes are more tightly controlled. The second phase of the implementation saw a smooth security design process with on-time deliverables and a dramatic reduction in security issues during integration testing.
Site Map | Privacy Statement | Terms of Use