Onapsis, headquartered in Boston, offers application security software to enterprises in the form of the Onapsis Security Platform for SAP and the Onapsis Security Platform for Oracle E-Business Suite.
N/A
SAP Process Control
Score 7.7 out of 10
N/A
SAP Process Control Simplifies uses continuous control monitoring, and streamlined testing, and reduces risk with real-time insight into control status and key issues. It can be deployed on premise or in the cloud.
In assess, it does a whitebox and blackbox testing of the ERP systems that have been added to the Onapsis console. It highlights relevant application issues and automates the process, also provides the solutions to implement the fix. In comply, it provides a governance on the various regulatory compliances which the firm has to follow, as well as provides a firm grip to the audit and ERP admin team. In control, it enables a workflow of 15 pre-defined parameter values within the SAP system and helps monitor, and track the changes made to those parameters. The capabilities are to either block, or request for an approval for changes made to those parameters in addition to just monitoring them. In defend, it goes through the SAP logs; and compares it with a pre-defined ruleset to alert the end-users via email or SIEM tool or both.
In my opinion, SAP Process Control is well suited for bigger companies with an already mature Internal Control System as well as for bigger companies who want to completely new/redesign the internal control system. The size of the company, as well as the budget, is quite important when thinking about the implementation of SAP Process Control. A smaller company with e.g., 150 people should think more about implementing SAP FCM.
Eliminating the manual process improves the overall accuracy of results and also frees up valuable resources to focus on other different projects.
Onapsis provides great leverage to our technical teams in order to review in a standardized way of the landscape.
Onapsis always matches vulnerabilities with useful context and finds possible solutions.
Onapsis is usually implemented to continuously monitor, and alert us on any issues on the SAP systems. Not only this but implementing Onapsis also eliminates the network on the year-end and month-end audits and helps in making the overall process faster, smooth, efficient as well as accurate.
Honestly, I havent use something like Onapsis before and currently I am not aware if there is something similiar out there. They are one of a kind and is a complete suit, so is unlikelly that someone from outside will appear with a better solution.
The connectivity with other SAP products out of the SAP GRC suite, like Access Control and so on, was key for the decision. Also we had an already mature SAP System landscape as well as having internal processes that were similar to the SAP Process Control standard processes helped us with the decision to implement SAP Process Control.
