Likelihood to Recommend Appropriate for SAP hrs hierarchy integration and can have multiple hierarchies of org structures adopted as alternative workflow support. Cons of access control are the logs of firefighter usage are still limited in depth and does not evolve to adop more cloud products which are coming at a plaster pace than the ac product as such.
Read full review Oracle EBS R12 requires a unique user skillset to understand how it handles user access and functions. Accordingly, ServiceNow has this high level of sophistication to manage this information and apply it to Sensitive Access and Segregation of Duties rules to identify exceptions. This depth of configuration is critical to accurately identify when Oracle Responsibilities (access) truly allows access and thus could be a violation. ERPs with less complexity may not require this customization of ServiceNow GRC, but you would be wise to raise these questions and examples in the demo to ensure it will work for you. In the past, we have found that risks of under-reporting exceptions or false positives become so voluminous that users don't always get to the accurate violations for timely remediation. Proper configuration up front will improve your effectiveness and ROI down the road.
Read full review Pros SAP Access Control ensures that our services are accessed by the right users since it send me alerts when an employee tries to access any application. That way, I am able to either authorize or cancel the request to safeguard of company data. With SAP Access Control, it is easy to automate and monitor how our team access services and applications. SAP Access Control has an automatic feature that notifies me when employees access applications and services and the issues they are encountering. In addition, SAP Access Control add security on employees login to ensure that their data on the applications are encrypted to never leak to cyber attackers. Read full review Finding reported by the auditor. GRC helps us identify, assign, and track the resolution of this. Exception to information security policy. These require quarterly reviews and setting up reminders to revisit these. Building out new projects and baking security and compliance into the project and tracking it in GRC to ensure we deliver a compliant product on day one Read full review Cons It still uses the webdynpro for the front end. All webdynpro applications should be migrated to Fiori for a better user experience. Some functionalities can't manage in mass way. I.E. building derive roles/multiple single roles, Interface with LDAP is not efficient. Read full review Delivering more out of the box functionality that rivals other GRC platforms. The bare bones approach may not help companies that do not have expertise or capabilities to build effective GRC processes. Easier way to implement workflow. Offering better metrics without buying add-on tools. Read full review Likelihood to Renew We are very happy with it.
Read full review Usability This is a great tool for a medium to large sized company. SAP Access Control requires a great deal of SAP knowledge to use, but it is certainly information that can be learned. Their customer support is wonderful and easy to work with. The overall usability is great. I greatly recommend this software.
Read full review I'm satisfied with our experience. The configuration was the biggest challenge, but we have moved onto the stage of user training and usability. We would appreciate having better user training documentation and possibly videos and/or computer-based training to help our international users adopt this software for their GRC needs.
Read full review Support Rating This product fulfills all our requirements. We can use this for user management, role management, risk analysis, business role management, workflow management. Initial configuration takes a lot of effort. Otherwise it's a great product for the end user. SAP Access Control tool performance needs improvement, sometimes it slows down the processing time for requests.
Read full review It's a good system, but I am awaiting key features in the new release. We hear that ServiceNow is continually adding new features and we look for improved reporting, better Oracle Integration, and user training opportunities. To the extent these materialize, we expect further improvements in our experience with ServiceNow GRC. Until that time, though, we believe we are meeting our objectives expected at the beginning of this project.
Read full review Alternatives Considered Pricing was higher for the cloud version of the BTP service - IAG. SAP Access Control pretty much facilitates everything we are looking for as an enterprise with an efficient dollar cost ROI for the services we are looking for. Also, there were many features on the cloud version which came bundled with the license and we had to pay for them even though we did not actually use these products.
Read full review We just recently started using
TrustArc for data privacy requests and I can already speak to the fact that
TrustArc is a more confusing platform once there. The positives of ServiceNow would be that a majority of our URL's drive to owned websites which our employees are very comfortable with using versus pushing them to another website that feels unsafe.
Read full review Return on Investment Reducing risk of fraud. Implementing SAP Access Control allows analysis of every role assigned to a job on the organization. Through this analysis, weakness on roles are detected, corrected and monitored. As the users feel the change, they also feel that they are being monitored, preventing any intent to use his position and privileges to take personal advantage. So a major impact to organizations is to reduce the financial lost due to frauds. Reducing cost for monitoring. Another positive impact is lowering the cost of monitoring. This is twofold: First, a rather small team can manage access management. Second, through the use of SAP Access Control the complete universe of roles and users can be monitored without increasing the cost for the continuous monitoring. During transactions. The use of SAP Access Controls allows detection of transactions that, from an information security point of view, require some redesign. When SAP GCR is implemented, you make some discoveries such as: obsolete transactions, transactions with no authorization objects and the like. The transactions with these problems can be left out of the active roles, waiting for remediation of the issues found. Luis Cruz Director de Gestión y Auditoría de TI
Read full review Effective Enterprise Risk Management Holistic Real-time Monitoring of your technology and Risk Negative - Asset Management has some issues and Ghost / Shadow IT is big issue Read full review ScreenShots